Trojaner-Board - virtumonde.dll und mehrere Trojaner

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - virtumonde.dll und mehrere Trojaner - Pc jetzt sicher? (https://www.trojaner-board.de/88484-virtumonde-dll-mehrere-trojaner-pc-sicher.html)

virtumonde.dll und mehrere Trojaner - Pc jetzt sicher?

Habe seit etwa zwei Wochen das Problem, dass beim surfen mit Firefox plötzlich neue Seiten (Werbung) aufpoppen, ich auf google.com/webhp weitergeleitet werde und die google-suche nicht richtig funktioniert. Als Anti-Virus Programm ist AVG installiert, der ständig neue Tracking-Cookies findet, die auch nach löschen wieder auftauchen. Habe mir deshalb Spyboot Search & Destroy heruntergeladen, der heute auch einige Datein gefunden und gelöscht hat, unter anderem virtumonde.dll (ich kann mich leider nicht mehr an alle erinnern). Bei einem weiteren Durchlauf von Spyboot Search & Destroy waren allerdings immer noch einige Trojaner zu finden.

Weil Spyboot Search & Destroy anscheinend nicht bei jedem Durchlauf alles findet, habe daraufhin in eurem Forum einen Beitrag zu virtumonde.dll gefunden, und 2 mal den CCleaner und Combofox durchlaufen lassen. Die beiden Log-Dateien von Combofox waren:

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

1) Combofox erster Durchlauf

Combofix Logfile:

Code:

ComboFix 10-07-20.03 - Admin 21.07.2010  14:05:34.1.2 - x86

Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.2038.1485 [GMT 4,5:30]

ausgeführt von:: c:\dokumente und einstellungen\Admin\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.
 

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.
 

c:\dokumente und einstellungen\Admin\Anwendungsdaten\Coeq\orqif.exe
 

Infizierte Kopie von c:\winxp\system32\drivers\pciide.sys wurde gefunden und desinfiziert 

Kopie von - Kitty had a snack :p wurde wiederhergestellt 

.

(((((((((((((((((((((((   Dateien erstellt von 2010-06-21 bis 2010-07-21  ))))))))))))))))))))))))))))))

.
 

2010-07-21 07:14 . 2010-07-21 07:14        921440        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avgemc.exe

2010-07-21 07:14 . 2010-07-21 07:14        1615200        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avgssie.dll

2010-07-21 07:14 . 2010-07-21 07:14        1107296        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avgxpl.dll

2010-07-21 07:14 . 2010-07-21 07:14        4368224        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avgcorex.dll

2010-07-15 17:07 . 2010-07-15 17:07        242896        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avgtdix.sys

2010-07-15 17:07 . 2010-07-15 17:07        216200        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avgldx86.sys

2010-07-15 17:07 . 2010-07-15 17:07        12536        ----a-w-        c:\winxp\system32\avgrsstx.dll

2010-07-15 17:07 . 2010-07-15 17:07        813336        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avginet.dll

2010-07-15 17:07 . 2010-07-15 17:07        624920        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avgiproxy.exe

2010-07-15 17:07 . 2010-07-15 17:07        1690464        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avgupd.dll

2010-07-15 17:07 . 2010-07-15 17:07        1038688        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avgupd.exe

2010-07-09 12:04 . 2010-07-21 09:13        --------        d-----w-        c:\programme\CCleaner

2010-07-09 01:37 . 2010-07-09 01:37        664        ----a-w-        c:\winxp\system32\d3d9caps.dat

2010-07-09 01:35 . 2010-07-09 01:35        --------        d-----w-        c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Mozilla

2010-07-09 01:33 . 2010-07-09 01:33        --------        d-sh--w-        c:\dokumente und einstellungen\Administrator\IETldCache

2010-07-09 00:32 . 2010-07-09 00:36        --------        d-----w-        c:\dokumente und einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Adobe

2010-07-09 00:08 . 2010-07-09 00:08        --------        d-----w-        c:\programme\ESET

2010-07-08 22:02 . 2010-07-21 09:14        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy

2010-07-08 22:02 . 2010-07-08 22:02        --------        d-----w-        c:\programme\Spybot - Search & Destroy

2010-06-27 21:14 . 2008-04-13 18:45        60032        -c--a-w-        c:\winxp\system32\dllcache\usbaudio.sys

2010-06-27 21:14 . 2008-04-13 18:45        60032        ----a-w-        c:\winxp\system32\drivers\USBAUDIO.sys

2010-06-27 21:14 . 2008-04-14 02:22        54272        -c--a-w-        c:\winxp\system32\dllcache\vfwwdm32.dll

2010-06-27 21:14 . 2008-04-14 02:22        54272        ----a-w-        c:\winxp\system32\vfwwdm32.dll

2010-06-27 21:14 . 2008-04-13 18:46        121984        -c--a-w-        c:\winxp\system32\dllcache\usbvideo.sys

2010-06-27 21:14 . 2008-04-13 18:46        121984        ----a-w-        c:\winxp\system32\drivers\usbvideo.sys

2010-06-27 21:14 . 2008-04-13 18:45        32128        -c--a-w-        c:\winxp\system32\dllcache\usbccgp.sys

2010-06-27 21:14 . 2008-04-13 18:45        32128        ----a-w-        c:\winxp\system32\drivers\usbccgp.sys

2010-06-23 22:39 . 2008-04-14 09:00        221184        ----a-w-        c:\winxp\system32\wmpns.dll
 

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-21 09:42 . 2010-03-20 15:58        --------        d-----w-        c:\dokumente und einstellungen\Admin\Anwendungsdaten\Dropbox

2010-07-21 09:40 . 2010-03-17 18:48        179408        ----a-w-        c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat

2010-07-21 07:33 . 2010-05-23 17:48        --------        d-----w-        c:\dokumente und einstellungen\Admin\Anwendungsdaten\Dyiluk

2010-07-19 17:43 . 2010-03-23 03:04        --------        d-----w-        c:\programme\Mozilla Thunderbird

2010-07-17 21:47 . 2010-03-20 15:05        --------        d-----w-        c:\dokumente und einstellungen\Admin\Anwendungsdaten\Skype

2010-07-17 20:58 . 2010-03-20 15:06        --------        d-----w-        c:\dokumente und einstellungen\Admin\Anwendungsdaten\skypePM

2010-07-15 17:07 . 2010-03-17 18:43        243024        ----a-w-        c:\winxp\system32\drivers\avgtdix.sys

2010-07-15 17:07 . 2010-03-17 18:43        216400        ----a-w-        c:\winxp\system32\drivers\avgldx86.sys

2010-07-09 06:50 . 2010-03-17 18:43        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9

2010-06-11 09:52 . 2010-04-16 22:09        --------        d-----w-        c:\dokumente und einstellungen\Admin\Anwendungsdaten\vlc

2010-06-07 10:08 . 2010-04-24 23:41        --------        d-----w-        c:\dokumente und einstellungen\Admin\Anwendungsdaten\dvdcss

2010-06-03 05:01 . 2010-03-17 18:43        29584        ----a-w-        c:\winxp\system32\drivers\avgmfx86.sys

2010-06-01 07:47 . 2010-03-20 20:03        --------        d-----w-        c:\programme\MiKTeX 2.8

2010-05-27 18:28 . 2010-05-27 18:13        --------        d-----w-        c:\dokumente und einstellungen\Admin\Anwendungsdaten\JustVoip

2010-05-27 18:12 . 2010-05-27 18:12        --------        d-----w-        c:\programme\JustVoip.com

.
 

------- Sigcheck -------
 

[-] 2008-12-10 . 451D0981F4CCA5697307AF90D799BDC3 . 1571840 . . [5.1.2600.5512] . . c:\winxp\system32\sfcfiles.dll

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19        94208        ----a-w-        c:\dokumente und einstellungen\Admin\Anwendungsdaten\Dropbox\bin\DropboxExt.13.dll
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19        94208        ----a-w-        c:\dokumente und einstellungen\Admin\Anwendungsdaten\Dropbox\bin\DropboxExt.13.dll
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19        94208        ----a-w-        c:\dokumente und einstellungen\Admin\Anwendungsdaten\Dropbox\bin\DropboxExt.13.dll
 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\programme\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TrackPointSrv"="tp4mon.exe" [2008-04-14 82944]

"IgfxTray"="c:\winxp\system32\igfxtray.exe" [2009-03-09 134656]

"HotKeysCmds"="c:\winxp\system32\hkcmd.exe" [2009-03-09 166912]

"Persistence"="c:\winxp\system32\igfxpers.exe" [2009-03-09 135680]

"cssauth"="c:\programme\Lenovo\Client Security Solution\cssauth.exe" [2008-06-13 3073336]

"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-10-07 256576]

"TPHOTKEY"="c:\programme\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]

"LENOVO.TPFNF6R"="c:\programme\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]

"TPKMAPHELPER"="c:\programme\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]

"AwaySch"="c:\programme\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]

"TPFNF7"="c:\programme\Lenovo\NPDIRECT\TPFNF7SP.exe" [2009-08-02 62240]

"TpShocks"="TpShocks.exe" [2009-12-11 337256]

"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2009-07-22 185688]

"LPMailChecker"="c:\progra~1\THINKV~2\PrdCtr\LPMLCHK.exe" [2009-07-22 124248]

"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2010-01-05 513384]

"ACTray"="c:\programme\ThinkPad\ConnectUtilities\ACTray.exe" [2009-12-10 431464]

"ACWLIcon"="c:\programme\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2009-12-10 181608]

"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-15 2065760]

"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"DivXUpdate"="c:\programme\DivX\DivX Update\DivXUpdate.exe" [2010-03-05 1135912]
 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"_nltide_2"="shell32" [X]
 

c:\dokumente und einstellungen\Admin\Startmen\Programme\Autostart\

Dropbox.lnk - c:\dokumente und einstellungen\Admin\Anwendungsdaten\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
 

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\

BTTray.lnk - c:\programme\ThinkPad\Bluetooth Software\BTTray.exe [2009-8-14 607584]

Digital Line Detect.lnk - c:\programme\Digital Line Detect\DLG.exe [2010-3-17 50688]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-07-15 17:07        12536        ----a-w-        c:\winxp\system32\avgrsstx.dll
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]

2006-09-06 12:07        34344        ----a-w-        c:\programme\Lenovo\HOTKEY\notifyf2.dll
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programme\\AVG\\AVG9\\avgemc.exe"=

"c:\\Programme\\AVG\\AVG9\\avgupd.exe"=

"c:\\Programme\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Dokumente und Einstellungen\\Admin\\Anwendungsdaten\\Dropbox\\bin\\Dropbox.exe"=

"c:\\Programme\\JustVoip.com\\JustVoip\\JustVoip.exe"=

"c:\\Programme\\Skype\\Phone\\Skype.exe"=
 

R0 DozeHDD;DozeHDD;c:\winxp\system32\drivers\DOZEHDD.SYS [17.03.2010 22:59 24304]

R0 TPDIGIMN;TPDIGIMN;c:\winxp\system32\drivers\ApsHM86.sys [09.10.2009 12:10 20520]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\winxp\system32\drivers\avgldx86.sys [17.03.2010 23:13 216400]

R1 AvgTdiX;AVG Free Network Redirector;c:\winxp\system32\drivers\avgtdix.sys [17.03.2010 23:13 243024]

R1 lenovo.smi;Lenovo System Interface Driver;c:\winxp\system32\drivers\smiif32.sys [12.05.2008 18:04 13480]

R2 avg9emc;AVG Free E-mail Scanner;c:\programme\AVG\AVG9\avgemc.exe [15.07.2010 21:37 921952]

R2 avg9wd;AVG Free WatchDog;c:\programme\AVG\AVG9\avgwdsvc.exe [15.07.2010 21:37 308136]

R2 DozeSvc;Lenovo Doze Mode Service;c:\programme\ThinkPad\Utilities\DOZESVC.EXE [17.03.2010 22:59 132456]

R2 dtpd;ShrewSoft DNS Proxy Daemon;c:\programme\ShrewSoft\VPN Client\dtpd.exe -service --> c:\programme\ShrewSoft\VPN Client\dtpd.exe -service [?]

R2 iked;ShrewSoft IKE Daemon;c:\programme\ShrewSoft\VPN Client\iked.exe -service --> c:\programme\ShrewSoft\VPN Client\iked.exe -service [?]

R2 ipsecd;ShrewSoft IPSEC Daemon;c:\programme\ShrewSoft\VPN Client\ipsecd.exe -service --> c:\programme\ShrewSoft\VPN Client\ipsecd.exe -service [?]

R2 Power Manager DBC Service;Power Manager DBC Service;c:\programme\ThinkPad\Utilities\PWMDBSVC.exe [17.03.2010 22:59 53248]

R2 TPHKSVC;Anzeige am Bildschirm;c:\programme\Lenovo\HOTKEY\TPHKSVC.exe [17.03.2010 21:50 62320]

R3 pflt;Shrew Soft Miniport Filter;c:\winxp\system32\drivers\vfilter.sys [19.11.2009 04:36 23808]

R3 TVTI2C;Lenovo SM bus driver;c:\winxp\system32\drivers\tvti2c.sys [22.02.2008 15:54 37312]

S2 gupdate1cad394c96e7d84;Google Update Service (gupdate1cad394c96e7d84);c:\programme\Google\Update\GoogleUpdate.exe [04.04.2010 05:48 133104]

S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\programme\Lenovo\HOTKEY\micmute.exe [17.03.2010 21:50 45424]

S3 vnet;Shrew Soft Virtual Adapter;c:\winxp\system32\drivers\virtualnet.sys [19.11.2009 04:36 6784]

S4 sptd;sptd;c:\winxp\system32\drivers\sptd.sys [17.03.2010 23:17 717296]

.

Inhalt des "geplante Tasks" Ordners
 

2010-07-21 c:\winxp\Tasks\GoogleUpdateTaskMachineCore.job

- c:\programme\Google\Update\GoogleUpdate.exe [2010-04-04 01:18]
 

2010-07-21 c:\winxp\Tasks\GoogleUpdateTaskMachineUA.job

- c:\programme\Google\Update\GoogleUpdate.exe [2010-04-04 01:18]
 

2010-07-21 c:\winxp\Tasks\PMTask.job

- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2010-03-17 20:43]

.

.

------- Zusätzlicher Suchlauf -------

.

IE: Add to Google Photos Screensa&ver - c:\winxp\system32\GPhotos.scr/200

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Senden an &Bluetooth-Gerät... - c:\programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm

IE: Senden an Bluetooth - c:\programme\ThinkPad\Bluetooth Software\btsendto_ie.htm

TCP: {E3DC25FF-E6F3-4FB5-927D-27F496B19C13} = 134.2.200.1,134.2.200.2

FF - ProfilePath - c:\dokumente und einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\a2qabsvq.default\

FF - plugin: c:\programme\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: c:\programme\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\programme\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\programme\Veetle\Player\npvlc.dll

FF - plugin: c:\programme\Veetle\plugins\npVeetle.dll

FF - plugin: c:\programme\Veetle\VLCBroadcast\npvbp.dll
 

---- FIREFOX Richtlinien ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size",  4096);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -
 

HKCU-Run-Urijubemobel - c:\winxp\qlapiant.dll

Notify-ACNotify - ACNotify.dll
 
 
 

**************************************************************************
 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2010-07-21 14:12

Windows 5.1.2600 Service Pack 3 NTFS
 

Scanne versteckte Prozesse... 
 

Scanne versteckte Autostarteinträge... 
 

Scanne versteckte Dateien... 
 

Scan erfolgreich abgeschlossen

versteckte Dateien: 0
 

**************************************************************************

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
 

- - - - - - - > 'winlogon.exe'(1308)

c:\programme\ThinkPad\ConnectUtilities\ACNotify.dll

c:\programme\ThinkPad\ConnectUtilities\AcSvcStub.dll

c:\programme\ThinkPad\ConnectUtilities\AcLocSettings.dll

c:\programme\ThinkPad\ConnectUtilities\ACHelper.dll
 

- - - - - - - > 'explorer.exe'(2848)

c:\dokumente und einstellungen\Admin\Anwendungsdaten\Dropbox\bin\DropboxExt.13.dll

c:\winxp\system32\btmmhook.dll

c:\winxp\system32\webcheck.dll

c:\winxp\system32\wpdshserviceobj.dll

c:\winxp\system32\btncopy.dll

c:\winxp\system32\portabledevicetypes.dll

c:\winxp\system32\portabledeviceapi.dll

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\winxp\system32\ibmpmsvc.exe

c:\programme\Intel\WiFi\bin\S24EvMon.exe

c:\programme\AVG\AVG9\avgchsvx.exe

c:\programme\AVG\AVG9\avgrsx.exe

c:\programme\AVG\AVG9\avgcsrvx.exe

c:\winxp\system32\IPSSVC.EXE

c:\programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

c:\programme\ShrewSoft\VPN Client\dtpd.exe

c:\programme\Intel\WiFi\bin\EvtEng.exe

c:\winxp\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

c:\programme\AVG\AVG9\avgnsx.exe

c:\programme\ShrewSoft\VPN Client\iked.exe

c:\programme\ShrewSoft\VPN Client\ipsecd.exe

c:\programme\Java\jre6\bin\jqs.exe

c:\programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe

c:\programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe

c:\winxp\system32\TpKmpSVC.exe

c:\programme\ThinkPad\ConnectUtilities\AcSvc.exe

c:\programme\AVG\AVG9\avgcsrvx.exe

c:\programme\ThinkPad\Bluetooth Software\bin\btwdins.exe

c:\winxp\system32\wbem\unsecapp.exe

c:\winxp\system32\wbem\wmiapsrv.exe

c:\winxp\system32\wscntfy.exe

c:\programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

c:\winxp\system32\tp4mon.exe

c:\winxp\system32\igfxsrvc.exe

c:\winxp\system32\TpShocks.exe

c:\winxp\system32\rundll32.exe

c:\programme\Lenovo\HOTKEY\TPONSCR.exe

c:\programme\Lenovo\Zoom\TpScrex.exe

c:\winxp\system32\igfxext.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2010-07-21  14:15:23 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2010-07-21 09:45
 

Vor Suchlauf: 10 Verzeichnis(se), 23.086.288.896 Bytes frei

Nach Suchlauf: 14 Verzeichnis(se), 22.993.764.352 Bytes frei
 

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINXP

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINXP="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

C:\wubildr.mbr = "Ubuntu"
 

- - End Of File - - FB14DB28D7AE645E32EB8350B9264CCD

--- --- ---
Combofix Logfile:

Code:

ComboFix 10-07-20.03 - Admin 21.07.2010  14:05:34.1.2 - x86

Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.2038.1485 [GMT 4,5:30]

ausgeführt von:: c:\dokumente und einstellungen\Admin\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.
 

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.
 

c:\dokumente und einstellungen\Admin\Anwendungsdaten\Coeq\orqif.exe
 

Infizierte Kopie von c:\winxp\system32\drivers\pciide.sys wurde gefunden und desinfiziert 

Kopie von - Kitty had a snack :p wurde wiederhergestellt 

.

(((((((((((((((((((((((   Dateien erstellt von 2010-06-21 bis 2010-07-21  ))))))))))))))))))))))))))))))

.
 

2010-07-21 07:14 . 2010-07-21 07:14        921440        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avgemc.exe

2010-07-21 07:14 . 2010-07-21 07:14        1615200        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avgssie.dll

2010-07-21 07:14 . 2010-07-21 07:14        1107296        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avgxpl.dll

2010-07-21 07:14 . 2010-07-21 07:14        4368224        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avgcorex.dll

2010-07-15 17:07 . 2010-07-15 17:07        242896        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avgtdix.sys

2010-07-15 17:07 . 2010-07-15 17:07        216200        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avgldx86.sys

2010-07-15 17:07 . 2010-07-15 17:07        12536        ----a-w-        c:\winxp\system32\avgrsstx.dll

2010-07-15 17:07 . 2010-07-15 17:07        813336        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avginet.dll

2010-07-15 17:07 . 2010-07-15 17:07        624920        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avgiproxy.exe

2010-07-15 17:07 . 2010-07-15 17:07        1690464        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avgupd.dll

2010-07-15 17:07 . 2010-07-15 17:07        1038688        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avgupd.exe

2010-07-09 12:04 . 2010-07-21 09:13        --------        d-----w-        c:\programme\CCleaner

2010-07-09 01:37 . 2010-07-09 01:37        664        ----a-w-        c:\winxp\system32\d3d9caps.dat

2010-07-09 01:35 . 2010-07-09 01:35        --------        d-----w-        c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Mozilla

2010-07-09 01:33 . 2010-07-09 01:33        --------        d-sh--w-        c:\dokumente und einstellungen\Administrator\IETldCache

2010-07-09 00:32 . 2010-07-09 00:36        --------        d-----w-        c:\dokumente und einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Adobe

2010-07-09 00:08 . 2010-07-09 00:08        --------        d-----w-        c:\programme\ESET

2010-07-08 22:02 . 2010-07-21 09:14        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy

2010-07-08 22:02 . 2010-07-08 22:02        --------        d-----w-        c:\programme\Spybot - Search & Destroy

2010-06-27 21:14 . 2008-04-13 18:45        60032        -c--a-w-        c:\winxp\system32\dllcache\usbaudio.sys

2010-06-27 21:14 . 2008-04-13 18:45        60032        ----a-w-        c:\winxp\system32\drivers\USBAUDIO.sys

2010-06-27 21:14 . 2008-04-14 02:22        54272        -c--a-w-        c:\winxp\system32\dllcache\vfwwdm32.dll

2010-06-27 21:14 . 2008-04-14 02:22        54272        ----a-w-        c:\winxp\system32\vfwwdm32.dll

2010-06-27 21:14 . 2008-04-13 18:46        121984        -c--a-w-        c:\winxp\system32\dllcache\usbvideo.sys

2010-06-27 21:14 . 2008-04-13 18:46        121984        ----a-w-        c:\winxp\system32\drivers\usbvideo.sys

2010-06-27 21:14 . 2008-04-13 18:45        32128        -c--a-w-        c:\winxp\system32\dllcache\usbccgp.sys

2010-06-27 21:14 . 2008-04-13 18:45        32128        ----a-w-        c:\winxp\system32\drivers\usbccgp.sys

2010-06-23 22:39 . 2008-04-14 09:00        221184        ----a-w-        c:\winxp\system32\wmpns.dll
 

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-21 09:42 . 2010-03-20 15:58        --------        d-----w-        c:\dokumente und einstellungen\Admin\Anwendungsdaten\Dropbox

2010-07-21 09:40 . 2010-03-17 18:48        179408        ----a-w-        c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat

2010-07-21 07:33 . 2010-05-23 17:48        --------        d-----w-        c:\dokumente und einstellungen\Admin\Anwendungsdaten\Dyiluk

2010-07-19 17:43 . 2010-03-23 03:04        --------        d-----w-        c:\programme\Mozilla Thunderbird

2010-07-17 21:47 . 2010-03-20 15:05        --------        d-----w-        c:\dokumente und einstellungen\Admin\Anwendungsdaten\Skype

2010-07-17 20:58 . 2010-03-20 15:06        --------        d-----w-        c:\dokumente und einstellungen\Admin\Anwendungsdaten\skypePM

2010-07-15 17:07 . 2010-03-17 18:43        243024        ----a-w-        c:\winxp\system32\drivers\avgtdix.sys

2010-07-15 17:07 . 2010-03-17 18:43        216400        ----a-w-        c:\winxp\system32\drivers\avgldx86.sys

2010-07-09 06:50 . 2010-03-17 18:43        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9

2010-06-11 09:52 . 2010-04-16 22:09        --------        d-----w-        c:\dokumente und einstellungen\Admin\Anwendungsdaten\vlc

2010-06-07 10:08 . 2010-04-24 23:41        --------        d-----w-        c:\dokumente und einstellungen\Admin\Anwendungsdaten\dvdcss

2010-06-03 05:01 . 2010-03-17 18:43        29584        ----a-w-        c:\winxp\system32\drivers\avgmfx86.sys

2010-06-01 07:47 . 2010-03-20 20:03        --------        d-----w-        c:\programme\MiKTeX 2.8

2010-05-27 18:28 . 2010-05-27 18:13        --------        d-----w-        c:\dokumente und einstellungen\Admin\Anwendungsdaten\JustVoip

2010-05-27 18:12 . 2010-05-27 18:12        --------        d-----w-        c:\programme\JustVoip.com

.
 

------- Sigcheck -------
 

[-] 2008-12-10 . 451D0981F4CCA5697307AF90D799BDC3 . 1571840 . . [5.1.2600.5512] . . c:\winxp\system32\sfcfiles.dll

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19        94208        ----a-w-        c:\dokumente und einstellungen\Admin\Anwendungsdaten\Dropbox\bin\DropboxExt.13.dll
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19        94208        ----a-w-        c:\dokumente und einstellungen\Admin\Anwendungsdaten\Dropbox\bin\DropboxExt.13.dll
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19        94208        ----a-w-        c:\dokumente und einstellungen\Admin\Anwendungsdaten\Dropbox\bin\DropboxExt.13.dll
 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\programme\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TrackPointSrv"="tp4mon.exe" [2008-04-14 82944]

"IgfxTray"="c:\winxp\system32\igfxtray.exe" [2009-03-09 134656]

"HotKeysCmds"="c:\winxp\system32\hkcmd.exe" [2009-03-09 166912]

"Persistence"="c:\winxp\system32\igfxpers.exe" [2009-03-09 135680]

"cssauth"="c:\programme\Lenovo\Client Security Solution\cssauth.exe" [2008-06-13 3073336]

"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-10-07 256576]

"TPHOTKEY"="c:\programme\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]

"LENOVO.TPFNF6R"="c:\programme\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]

"TPKMAPHELPER"="c:\programme\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]

"AwaySch"="c:\programme\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]

"TPFNF7"="c:\programme\Lenovo\NPDIRECT\TPFNF7SP.exe" [2009-08-02 62240]

"TpShocks"="TpShocks.exe" [2009-12-11 337256]

"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2009-07-22 185688]

"LPMailChecker"="c:\progra~1\THINKV~2\PrdCtr\LPMLCHK.exe" [2009-07-22 124248]

"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2010-01-05 513384]

"ACTray"="c:\programme\ThinkPad\ConnectUtilities\ACTray.exe" [2009-12-10 431464]

"ACWLIcon"="c:\programme\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2009-12-10 181608]

"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-15 2065760]

"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"DivXUpdate"="c:\programme\DivX\DivX Update\DivXUpdate.exe" [2010-03-05 1135912]
 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"_nltide_2"="shell32" [X]
 

c:\dokumente und einstellungen\Admin\Startmen\Programme\Autostart\

Dropbox.lnk - c:\dokumente und einstellungen\Admin\Anwendungsdaten\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
 

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\

BTTray.lnk - c:\programme\ThinkPad\Bluetooth Software\BTTray.exe [2009-8-14 607584]

Digital Line Detect.lnk - c:\programme\Digital Line Detect\DLG.exe [2010-3-17 50688]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-07-15 17:07        12536        ----a-w-        c:\winxp\system32\avgrsstx.dll
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]

2006-09-06 12:07        34344        ----a-w-        c:\programme\Lenovo\HOTKEY\notifyf2.dll
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programme\\AVG\\AVG9\\avgemc.exe"=

"c:\\Programme\\AVG\\AVG9\\avgupd.exe"=

"c:\\Programme\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Dokumente und Einstellungen\\Admin\\Anwendungsdaten\\Dropbox\\bin\\Dropbox.exe"=

"c:\\Programme\\JustVoip.com\\JustVoip\\JustVoip.exe"=

"c:\\Programme\\Skype\\Phone\\Skype.exe"=
 

R0 DozeHDD;DozeHDD;c:\winxp\system32\drivers\DOZEHDD.SYS [17.03.2010 22:59 24304]

R0 TPDIGIMN;TPDIGIMN;c:\winxp\system32\drivers\ApsHM86.sys [09.10.2009 12:10 20520]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\winxp\system32\drivers\avgldx86.sys [17.03.2010 23:13 216400]

R1 AvgTdiX;AVG Free Network Redirector;c:\winxp\system32\drivers\avgtdix.sys [17.03.2010 23:13 243024]

R1 lenovo.smi;Lenovo System Interface Driver;c:\winxp\system32\drivers\smiif32.sys [12.05.2008 18:04 13480]

R2 avg9emc;AVG Free E-mail Scanner;c:\programme\AVG\AVG9\avgemc.exe [15.07.2010 21:37 921952]

R2 avg9wd;AVG Free WatchDog;c:\programme\AVG\AVG9\avgwdsvc.exe [15.07.2010 21:37 308136]

R2 DozeSvc;Lenovo Doze Mode Service;c:\programme\ThinkPad\Utilities\DOZESVC.EXE [17.03.2010 22:59 132456]

R2 dtpd;ShrewSoft DNS Proxy Daemon;c:\programme\ShrewSoft\VPN Client\dtpd.exe -service --> c:\programme\ShrewSoft\VPN Client\dtpd.exe -service [?]

R2 iked;ShrewSoft IKE Daemon;c:\programme\ShrewSoft\VPN Client\iked.exe -service --> c:\programme\ShrewSoft\VPN Client\iked.exe -service [?]

R2 ipsecd;ShrewSoft IPSEC Daemon;c:\programme\ShrewSoft\VPN Client\ipsecd.exe -service --> c:\programme\ShrewSoft\VPN Client\ipsecd.exe -service [?]

R2 Power Manager DBC Service;Power Manager DBC Service;c:\programme\ThinkPad\Utilities\PWMDBSVC.exe [17.03.2010 22:59 53248]

R2 TPHKSVC;Anzeige am Bildschirm;c:\programme\Lenovo\HOTKEY\TPHKSVC.exe [17.03.2010 21:50 62320]

R3 pflt;Shrew Soft Miniport Filter;c:\winxp\system32\drivers\vfilter.sys [19.11.2009 04:36 23808]

R3 TVTI2C;Lenovo SM bus driver;c:\winxp\system32\drivers\tvti2c.sys [22.02.2008 15:54 37312]

S2 gupdate1cad394c96e7d84;Google Update Service (gupdate1cad394c96e7d84);c:\programme\Google\Update\GoogleUpdate.exe [04.04.2010 05:48 133104]

S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\programme\Lenovo\HOTKEY\micmute.exe [17.03.2010 21:50 45424]

S3 vnet;Shrew Soft Virtual Adapter;c:\winxp\system32\drivers\virtualnet.sys [19.11.2009 04:36 6784]

S4 sptd;sptd;c:\winxp\system32\drivers\sptd.sys [17.03.2010 23:17 717296]

.

Inhalt des "geplante Tasks" Ordners
 

2010-07-21 c:\winxp\Tasks\GoogleUpdateTaskMachineCore.job

- c:\programme\Google\Update\GoogleUpdate.exe [2010-04-04 01:18]
 

2010-07-21 c:\winxp\Tasks\GoogleUpdateTaskMachineUA.job

- c:\programme\Google\Update\GoogleUpdate.exe [2010-04-04 01:18]
 

2010-07-21 c:\winxp\Tasks\PMTask.job

- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2010-03-17 20:43]

.

.

------- Zusätzlicher Suchlauf -------

.

IE: Add to Google Photos Screensa&ver - c:\winxp\system32\GPhotos.scr/200

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Senden an &Bluetooth-Gerät... - c:\programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm

IE: Senden an Bluetooth - c:\programme\ThinkPad\Bluetooth Software\btsendto_ie.htm

TCP: {E3DC25FF-E6F3-4FB5-927D-27F496B19C13} = 134.2.200.1,134.2.200.2

FF - ProfilePath - c:\dokumente und einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\a2qabsvq.default\

FF - plugin: c:\programme\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: c:\programme\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\programme\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\programme\Veetle\Player\npvlc.dll

FF - plugin: c:\programme\Veetle\plugins\npVeetle.dll

FF - plugin: c:\programme\Veetle\VLCBroadcast\npvbp.dll
 

---- FIREFOX Richtlinien ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size",  4096);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -
 

HKCU-Run-Urijubemobel - c:\winxp\qlapiant.dll

Notify-ACNotify - ACNotify.dll
 
 
 

**************************************************************************
 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2010-07-21 14:12

Windows 5.1.2600 Service Pack 3 NTFS
 

Scanne versteckte Prozesse... 
 

Scanne versteckte Autostarteinträge... 
 

Scanne versteckte Dateien... 
 

Scan erfolgreich abgeschlossen

versteckte Dateien: 0
 

**************************************************************************

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
 

- - - - - - - > 'winlogon.exe'(1308)

c:\programme\ThinkPad\ConnectUtilities\ACNotify.dll

c:\programme\ThinkPad\ConnectUtilities\AcSvcStub.dll

c:\programme\ThinkPad\ConnectUtilities\AcLocSettings.dll

c:\programme\ThinkPad\ConnectUtilities\ACHelper.dll
 

- - - - - - - > 'explorer.exe'(2848)

c:\dokumente und einstellungen\Admin\Anwendungsdaten\Dropbox\bin\DropboxExt.13.dll

c:\winxp\system32\btmmhook.dll

c:\winxp\system32\webcheck.dll

c:\winxp\system32\wpdshserviceobj.dll

c:\winxp\system32\btncopy.dll

c:\winxp\system32\portabledevicetypes.dll

c:\winxp\system32\portabledeviceapi.dll

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\winxp\system32\ibmpmsvc.exe

c:\programme\Intel\WiFi\bin\S24EvMon.exe

c:\programme\AVG\AVG9\avgchsvx.exe

c:\programme\AVG\AVG9\avgrsx.exe

c:\programme\AVG\AVG9\avgcsrvx.exe

c:\winxp\system32\IPSSVC.EXE

c:\programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

c:\programme\ShrewSoft\VPN Client\dtpd.exe

c:\programme\Intel\WiFi\bin\EvtEng.exe

c:\winxp\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

c:\programme\AVG\AVG9\avgnsx.exe

c:\programme\ShrewSoft\VPN Client\iked.exe

c:\programme\ShrewSoft\VPN Client\ipsecd.exe

c:\programme\Java\jre6\bin\jqs.exe

c:\programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe

c:\programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe

c:\winxp\system32\TpKmpSVC.exe

c:\programme\ThinkPad\ConnectUtilities\AcSvc.exe

c:\programme\AVG\AVG9\avgcsrvx.exe

c:\programme\ThinkPad\Bluetooth Software\bin\btwdins.exe

c:\winxp\system32\wbem\unsecapp.exe

c:\winxp\system32\wbem\wmiapsrv.exe

c:\winxp\system32\wscntfy.exe

c:\programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

c:\winxp\system32\tp4mon.exe

c:\winxp\system32\igfxsrvc.exe

c:\winxp\system32\TpShocks.exe

c:\winxp\system32\rundll32.exe

c:\programme\Lenovo\HOTKEY\TPONSCR.exe

c:\programme\Lenovo\Zoom\TpScrex.exe

c:\winxp\system32\igfxext.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2010-07-21  14:15:23 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2010-07-21 09:45
 

Vor Suchlauf: 10 Verzeichnis(se), 23.086.288.896 Bytes frei

Nach Suchlauf: 14 Verzeichnis(se), 22.993.764.352 Bytes frei
 

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINXP

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINXP="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

C:\wubildr.mbr = "Ubuntu"
 

- - End Of File - - FB14DB28D7AE645E32EB8350B9264CCD

--- --- ---

2) Combofox zweiter Durchlauf

Combofix Logfile:

Code:

ComboFix 10-07-20.03 - Admin 21.07.2010  14:32:57.2.2 - x86

Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.2038.1352 [GMT 4,5:30]

ausgeführt von:: c:\dokumente und einstellungen\Admin\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.
 

(((((((((((((((((((((((   Dateien erstellt von 2010-06-21 bis 2010-07-21  ))))))))))))))))))))))))))))))

.
 

2010-07-21 07:14 . 2010-07-21 07:14        921440        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avgemc.exe

2010-07-21 07:14 . 2010-07-21 07:14        1615200        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avgssie.dll

2010-07-21 07:14 . 2010-07-21 07:14        1107296        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avgxpl.dll

2010-07-21 07:14 . 2010-07-21 07:14        4368224        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avgcorex.dll

2010-07-15 17:07 . 2010-07-15 17:07        242896        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avgtdix.sys

2010-07-15 17:07 . 2010-07-15 17:07        216200        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avgldx86.sys

2010-07-15 17:07 . 2010-07-15 17:07        12536        ----a-w-        c:\winxp\system32\avgrsstx.dll

2010-07-15 17:07 . 2010-07-15 17:07        813336        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avginet.dll

2010-07-15 17:07 . 2010-07-15 17:07        624920        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avgiproxy.exe

2010-07-15 17:07 . 2010-07-15 17:07        1690464        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avgupd.dll

2010-07-15 17:07 . 2010-07-15 17:07        1038688        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avgupd.exe

2010-07-09 12:04 . 2010-07-21 09:48        --------        d-----w-        c:\programme\CCleaner

2010-07-09 01:37 . 2010-07-09 01:37        664        ----a-w-        c:\winxp\system32\d3d9caps.dat

2010-07-09 01:35 . 2010-07-09 01:35        --------        d-----w-        c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Mozilla

2010-07-09 01:33 . 2010-07-09 01:33        --------        d-sh--w-        c:\dokumente und einstellungen\Administrator\IETldCache

2010-07-09 00:32 . 2010-07-09 00:36        --------        d-----w-        c:\dokumente und einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Adobe

2010-07-09 00:08 . 2010-07-09 00:08        --------        d-----w-        c:\programme\ESET

2010-07-08 22:02 . 2010-07-21 09:50        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy

2010-07-08 22:02 . 2010-07-08 22:02        --------        d-----w-        c:\programme\Spybot - Search & Destroy

2010-06-27 21:14 . 2008-04-13 18:45        60032        -c--a-w-        c:\winxp\system32\dllcache\usbaudio.sys

2010-06-27 21:14 . 2008-04-13 18:45        60032        ----a-w-        c:\winxp\system32\drivers\USBAUDIO.sys

2010-06-27 21:14 . 2008-04-14 02:22        54272        -c--a-w-        c:\winxp\system32\dllcache\vfwwdm32.dll

2010-06-27 21:14 . 2008-04-14 02:22        54272        ----a-w-        c:\winxp\system32\vfwwdm32.dll

2010-06-27 21:14 . 2008-04-13 18:46        121984        -c--a-w-        c:\winxp\system32\dllcache\usbvideo.sys

2010-06-27 21:14 . 2008-04-13 18:46        121984        ----a-w-        c:\winxp\system32\drivers\usbvideo.sys

2010-06-27 21:14 . 2008-04-13 18:45        32128        -c--a-w-        c:\winxp\system32\dllcache\usbccgp.sys

2010-06-27 21:14 . 2008-04-13 18:45        32128        ----a-w-        c:\winxp\system32\drivers\usbccgp.sys

2010-06-23 22:39 . 2008-04-14 09:00        221184        ----a-w-        c:\winxp\system32\wmpns.dll
 

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-21 09:42 . 2010-03-20 15:58        --------        d-----w-        c:\dokumente und einstellungen\Admin\Anwendungsdaten\Dropbox

2010-07-21 09:40 . 2010-03-17 18:48        179408        ----a-w-        c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat

2010-07-21 07:33 . 2010-05-23 17:48        --------        d-----w-        c:\dokumente und einstellungen\Admin\Anwendungsdaten\Dyiluk

2010-07-19 17:43 . 2010-03-23 03:04        --------        d-----w-        c:\programme\Mozilla Thunderbird

2010-07-17 21:47 . 2010-03-20 15:05        --------        d-----w-        c:\dokumente und einstellungen\Admin\Anwendungsdaten\Skype

2010-07-17 20:58 . 2010-03-20 15:06        --------        d-----w-        c:\dokumente und einstellungen\Admin\Anwendungsdaten\skypePM

2010-07-15 17:07 . 2010-03-17 18:43        243024        ----a-w-        c:\winxp\system32\drivers\avgtdix.sys

2010-07-15 17:07 . 2010-03-17 18:43        216400        ----a-w-        c:\winxp\system32\drivers\avgldx86.sys

2010-07-09 06:50 . 2010-03-17 18:43        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9

2010-06-11 09:52 . 2010-04-16 22:09        --------        d-----w-        c:\dokumente und einstellungen\Admin\Anwendungsdaten\vlc

2010-06-07 10:08 . 2010-04-24 23:41        --------        d-----w-        c:\dokumente und einstellungen\Admin\Anwendungsdaten\dvdcss

2010-06-03 05:01 . 2010-03-17 18:43        29584        ----a-w-        c:\winxp\system32\drivers\avgmfx86.sys

2010-06-01 07:47 . 2010-03-20 20:03        --------        d-----w-        c:\programme\MiKTeX 2.8

2010-05-27 18:28 . 2010-05-27 18:13        --------        d-----w-        c:\dokumente und einstellungen\Admin\Anwendungsdaten\JustVoip

2010-05-27 18:12 . 2010-05-27 18:12        --------        d-----w-        c:\programme\JustVoip.com

.
 

------- Sigcheck -------
 

[-] 2008-12-10 . 451D0981F4CCA5697307AF90D799BDC3 . 1571840 . . [5.1.2600.5512] . . c:\winxp\system32\sfcfiles.dll

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19        94208        ----a-w-        c:\dokumente und einstellungen\Admin\Anwendungsdaten\Dropbox\bin\DropboxExt.13.dll
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19        94208        ----a-w-        c:\dokumente und einstellungen\Admin\Anwendungsdaten\Dropbox\bin\DropboxExt.13.dll
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19        94208        ----a-w-        c:\dokumente und einstellungen\Admin\Anwendungsdaten\Dropbox\bin\DropboxExt.13.dll
 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\programme\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TrackPointSrv"="tp4mon.exe" [2008-04-14 82944]

"IgfxTray"="c:\winxp\system32\igfxtray.exe" [2009-03-09 134656]

"HotKeysCmds"="c:\winxp\system32\hkcmd.exe" [2009-03-09 166912]

"Persistence"="c:\winxp\system32\igfxpers.exe" [2009-03-09 135680]

"cssauth"="c:\programme\Lenovo\Client Security Solution\cssauth.exe" [2008-06-13 3073336]

"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-10-07 256576]

"TPHOTKEY"="c:\programme\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]

"LENOVO.TPFNF6R"="c:\programme\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]

"TPKMAPHELPER"="c:\programme\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]

"AwaySch"="c:\programme\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]

"TPFNF7"="c:\programme\Lenovo\NPDIRECT\TPFNF7SP.exe" [2009-08-02 62240]

"TpShocks"="TpShocks.exe" [2009-12-11 337256]

"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2009-07-22 185688]

"LPMailChecker"="c:\progra~1\THINKV~2\PrdCtr\LPMLCHK.exe" [2009-07-22 124248]

"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2010-01-05 513384]

"ACTray"="c:\programme\ThinkPad\ConnectUtilities\ACTray.exe" [2009-12-10 431464]

"ACWLIcon"="c:\programme\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2009-12-10 181608]

"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-15 2065760]

"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"DivXUpdate"="c:\programme\DivX\DivX Update\DivXUpdate.exe" [2010-03-05 1135912]
 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"_nltide_2"="shell32" [X]
 

c:\dokumente und einstellungen\Admin\Startmen\Programme\Autostart\

Dropbox.lnk - c:\dokumente und einstellungen\Admin\Anwendungsdaten\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
 

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\

BTTray.lnk - c:\programme\ThinkPad\Bluetooth Software\BTTray.exe [2009-8-14 607584]

Digital Line Detect.lnk - c:\programme\Digital Line Detect\DLG.exe [2010-3-17 50688]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-07-15 17:07        12536        ----a-w-        c:\winxp\system32\avgrsstx.dll
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]

2006-09-06 12:07        34344        ----a-w-        c:\programme\Lenovo\HOTKEY\notifyf2.dll
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programme\\AVG\\AVG9\\avgemc.exe"=

"c:\\Programme\\AVG\\AVG9\\avgupd.exe"=

"c:\\Programme\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Dokumente und Einstellungen\\Admin\\Anwendungsdaten\\Dropbox\\bin\\Dropbox.exe"=

"c:\\Programme\\JustVoip.com\\JustVoip\\JustVoip.exe"=

"c:\\Programme\\Skype\\Phone\\Skype.exe"=
 

R0 DozeHDD;DozeHDD;c:\winxp\system32\drivers\DOZEHDD.SYS [17.03.2010 22:59 24304]

R0 TPDIGIMN;TPDIGIMN;c:\winxp\system32\drivers\ApsHM86.sys [09.10.2009 12:10 20520]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\winxp\system32\drivers\avgldx86.sys [17.03.2010 23:13 216400]

R1 AvgTdiX;AVG Free Network Redirector;c:\winxp\system32\drivers\avgtdix.sys [17.03.2010 23:13 243024]

R1 lenovo.smi;Lenovo System Interface Driver;c:\winxp\system32\drivers\smiif32.sys [12.05.2008 18:04 13480]

R2 avg9emc;AVG Free E-mail Scanner;c:\programme\AVG\AVG9\avgemc.exe [15.07.2010 21:37 921952]

R2 avg9wd;AVG Free WatchDog;c:\programme\AVG\AVG9\avgwdsvc.exe [15.07.2010 21:37 308136]

R2 DozeSvc;Lenovo Doze Mode Service;c:\programme\ThinkPad\Utilities\DOZESVC.EXE [17.03.2010 22:59 132456]

R2 Power Manager DBC Service;Power Manager DBC Service;c:\programme\ThinkPad\Utilities\PWMDBSVC.exe [17.03.2010 22:59 53248]

R2 TPHKSVC;Anzeige am Bildschirm;c:\programme\Lenovo\HOTKEY\TPHKSVC.exe [17.03.2010 21:50 62320]

R3 pflt;Shrew Soft Miniport Filter;c:\winxp\system32\drivers\vfilter.sys [19.11.2009 04:36 23808]

R3 TVTI2C;Lenovo SM bus driver;c:\winxp\system32\drivers\tvti2c.sys [22.02.2008 15:54 37312]

S0 sptd;sptd;c:\winxp\system32\drivers\sptd.sys [17.03.2010 23:17 717296]

S2 dtpd;ShrewSoft DNS Proxy Daemon;c:\programme\ShrewSoft\VPN Client\dtpd.exe -service --> c:\programme\ShrewSoft\VPN Client\dtpd.exe -service [?]

S2 gupdate1cad394c96e7d84;Google Update Service (gupdate1cad394c96e7d84);c:\programme\Google\Update\GoogleUpdate.exe [04.04.2010 05:48 133104]

S2 iked;ShrewSoft IKE Daemon;c:\programme\ShrewSoft\VPN Client\iked.exe -service --> c:\programme\ShrewSoft\VPN Client\iked.exe -service [?]

S2 ipsecd;ShrewSoft IPSEC Daemon;c:\programme\ShrewSoft\VPN Client\ipsecd.exe -service --> c:\programme\ShrewSoft\VPN Client\ipsecd.exe -service [?]

S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\programme\Lenovo\HOTKEY\micmute.exe [17.03.2010 21:50 45424]

S3 vnet;Shrew Soft Virtual Adapter;c:\winxp\system32\drivers\virtualnet.sys [19.11.2009 04:36 6784]

.

Inhalt des "geplante Tasks" Ordners
 

2010-07-21 c:\winxp\Tasks\GoogleUpdateTaskMachineCore.job

- c:\programme\Google\Update\GoogleUpdate.exe [2010-04-04 01:18]
 

2010-07-21 c:\winxp\Tasks\GoogleUpdateTaskMachineUA.job

- c:\programme\Google\Update\GoogleUpdate.exe [2010-04-04 01:18]
 

2010-07-21 c:\winxp\Tasks\PMTask.job

- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2010-03-17 20:43]

.

.

------- Zusätzlicher Suchlauf -------

.

IE: Add to Google Photos Screensa&ver - c:\winxp\system32\GPhotos.scr/200

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Senden an &Bluetooth-Gerät... - c:\programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm

IE: Senden an Bluetooth - c:\programme\ThinkPad\Bluetooth Software\btsendto_ie.htm

TCP: {E3DC25FF-E6F3-4FB5-927D-27F496B19C13} = 134.2.200.1,134.2.200.2

FF - ProfilePath - c:\dokumente und einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\a2qabsvq.default\

FF - plugin: c:\programme\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: c:\programme\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\programme\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\programme\Veetle\Player\npvlc.dll

FF - plugin: c:\programme\Veetle\plugins\npVeetle.dll

FF - plugin: c:\programme\Veetle\VLCBroadcast\npvbp.dll
 

---- FIREFOX Richtlinien ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size",  4096);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.
 

**************************************************************************

Scanne versteckte Prozesse... 
 

Scanne versteckte Autostarteinträge... 
 

Scanne versteckte Dateien... 
 

Scan erfolgreich abgeschlossen

versteckte Dateien: 
 

**************************************************************************

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
 

- - - - - - - > 'winlogon.exe'(1308)

c:\programme\ThinkPad\ConnectUtilities\ACNotify.dll

c:\programme\ThinkPad\ConnectUtilities\AcSvcStub.dll

c:\programme\ThinkPad\ConnectUtilities\AcLocSettings.dll

c:\programme\ThinkPad\ConnectUtilities\ACHelper.dll
 

- - - - - - - > 'explorer.exe'(5192)

c:\dokumente und einstellungen\Admin\Anwendungsdaten\Dropbox\bin\DropboxExt.13.dll

c:\winxp\system32\btmmhook.dll

c:\winxp\system32\webcheck.dll

c:\winxp\system32\wpdshserviceobj.dll

c:\winxp\system32\portabledevicetypes.dll

c:\winxp\system32\portabledeviceapi.dll

.

Zeit der Fertigstellung: 2010-07-21  14:36:53

ComboFix-quarantined-files.txt  2010-07-21 10:06

ComboFix2.txt  2010-07-21 09:45
 

Vor Suchlauf: 13 Verzeichnis(se), 22.997.696.512 Bytes frei

Nach Suchlauf: 14 Verzeichnis(se), 22.988.816.384 Bytes frei
 

- - End Of File - - 709E3DA2193B7DB044ED65EBF134A140

--- --- ---

********************************************************

Daraufhin habe ich mit Malwarebyte's Anti-Malware eine komplette Suche durchgeführt:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

21.07.2010 15:24:39
mbam-log-2010-07-21 (15-24-39).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 204562
Laufzeit: 31 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

*******************************************************

Der Hijackthis-Log sieht bei mir wie folgt aus:

HiJackthis Logfile:

Code:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 15:25:41, on 21.07.2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal
 

Running processes:

C:\WINXP\System32\smss.exe

C:\WINXP\system32\winlogon.exe

C:\WINXP\system32\services.exe

C:\WINXP\system32\lsass.exe

C:\WINXP\system32\ibmpmsvc.exe

C:\WINXP\system32\svchost.exe

C:\WINXP\System32\svchost.exe

C:\Programme\Intel\WiFi\bin\S24EvMon.exe

C:\Programme\AVG\AVG9\avgchsvx.exe

C:\Programme\AVG\AVG9\avgrsx.exe

C:\Programme\AVG\AVG9\avgcsrvx.exe

C:\WINXP\system32\spoolsv.exe

C:\Programme\LENOVO\HOTKEY\TPHKSVC.exe

C:\WINXP\system32\IPSSVC.EXE

C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

C:\Programme\AVG\AVG9\avgwdsvc.exe

C:\Programme\ThinkPad\Utilities\DOZESVC.EXE

C:\Programme\Intel\WiFi\bin\EvtEng.exe

C:\Programme\AVG\AVG9\avgnsx.exe

C:\Programme\Java\jre6\bin\jqs.exe

C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe

C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe

C:\WINXP\system32\svchost.exe

C:\Programme\AVG\AVG9\avgemc.exe

C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe

C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe

C:\Programme\AVG\AVG9\avgcsrvx.exe

C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe

C:\WINXP\system32\wbem\wmiapsrv.exe

C:\WINXP\system32\wscntfy.exe

C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

C:\WINXP\system32\tp4mon.exe

C:\WINXP\system32\igfxtray.exe

C:\WINXP\system32\hkcmd.exe

C:\WINXP\system32\igfxpers.exe

C:\Programme\Lenovo\Client Security Solution\cssauth.exe

C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe

C:\Programme\Lenovo\HOTKEY\TPFNF6R.exe

C:\WINXP\system32\igfxsrvc.exe

C:\Programme\Lenovo\AwayTask\AwaySch.EXE

C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe

C:\WINXP\system32\TpShocks.exe

C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe

C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe

C:\WINXP\system32\rundll32.exe

C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe

C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe

C:\Programme\Lenovo\HOTKEY\TPONSCR.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\Programme\Lenovo\Zoom\TpScrex.exe

C:\Programme\DivX\DivX Update\DivXUpdate.exe

C:\WINXP\system32\igfxext.exe

C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe

C:\Programme\Digital Line Detect\DLG.exe

C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Dropbox\bin\Dropbox.exe

C:\WINXP\system32\notepad.exe

C:\WINXP\explorer.exe

C:\WINXP\system32\notepad.exe

C:\Programme\Mozilla Firefox\firefox.exe

C:\WINXP\system32\NOTEPAD.EXE

C:\Programme\Mozilla Firefox\plugin-container.exe

C:\WINXP\system32\NOTEPAD.EXE

C:\WINXP\system32\NOTEPAD.EXE

D:\Eigene Dateien\Downloads\HiJackThis204.exe
 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe

O4 - HKLM\..\Run: [IgfxTray] C:\WINXP\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINXP\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINXP\system32\igfxpers.exe

O4 - HKLM\..\Run: [cssauth] "C:\Programme\Lenovo\Client Security Solution\cssauth.exe" silent

O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

O4 - HKLM\..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe

O4 - HKLM\..\Run: [LENOVO.TPFNF6R] C:\Programme\Lenovo\HOTKEY\TPFNF6R.exe

O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Programme\ThinkPad\Utilities\TpKmapAp.exe -helper

O4 - HKLM\..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE

O4 - HKLM\..\Run: [TPFNF7] C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe /r

O4 - HKLM\..\Run: [TpShocks] TpShocks.exe

O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe

O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe

O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor

O4 - HKLM\..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe

O4 - HKLM\..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [DivXUpdate] "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\WINXP\is-8ADDU.exe" /REG

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O4 - Startup: Dropbox.lnk = C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Dropbox\bin\Dropbox.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: Digital Line Detect.lnk = C:\Programme\Digital Line Detect\DLG.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINXP\system32\GPhotos.scr/200

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1268847754661

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{E3DC25FF-E6F3-4FB5-927D-27F496B19C13}: Domain = uni-tuebingen.de

O17 - HKLM\System\CCS\Services\Tcpip\..\{E3DC25FF-E6F3-4FB5-927D-27F496B19C13}: NameServer = 134.2.200.1,134.2.200.2

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINXP\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINXP\system32\browseui.dll

O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo  - C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

O23 - Service: Access Connections Main Service (AcSvc) - Lenovo  - C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe

O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Programme\AVG\AVG9\avgemc.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Programme\AVG\AVG9\avgwdsvc.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe

O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Programme\ThinkPad\Utilities\DOZESVC.EXE

O23 - Service: ShrewSoft DNS Proxy Daemon (dtpd) - Unknown owner - C:\Programme\ShrewSoft\VPN Client\dtpd.exe

O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Programme\Intel\WiFi\bin\EvtEng.exe

O23 - Service: Google Update Service (gupdate1cad394c96e7d84) (gupdate1cad394c96e7d84) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo. - C:\WINXP\system32\ibmpmsvc.exe

O23 - Service: ShrewSoft IKE Daemon (iked) - Unknown owner - C:\Programme\ShrewSoft\VPN Client\iked.exe

O23 - Service: ShrewSoft IPSEC Daemon (ipsecd) - Unknown owner - C:\Programme\ShrewSoft\VPN Client\ipsecd.exe

O23 - Service: IPS-Basisservice (IPSSVC) - Lenovo Group Limited - C:\WINXP\system32\IPSSVC.EXE

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe

O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Programme\LENOVO\HOTKEY\MICMUTE.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: Power Manager DBC Service - Unknown owner - C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe

O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe

O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Programme\Intel\WiFi\bin\S24EvMon.exe

O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe

O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINXP\System32\TPHDEXLG.exe

O23 - Service: Anzeige am Bildschirm (TPHKSVC) - Lenovo Group Limited - C:\Programme\LENOVO\HOTKEY\TPHKSVC.exe

O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINXP\system32\TpKmpSVC.exe
 

--

End of file - 12329 bytes

--- --- ---

****************************************************

Mir bleiben folgende Zweifel:

1) Ist mein Computer jetzt sicher?

2) Ich habe meine Emailaccounts bei gmx.de und googlemail benutzt, allerdings ohne die Passwörter zu speichern. Könnten die geklaut worden sein und muss ich sie ändern?

3) Ich habe für Bewerbungen meine Kompletten Daten in unterschiedlichen Online-Bewerbungsplattformen eingetragen. Sind diese eventuell geklaut worden?

Ganz vielen Dank für eure Hilfe!!

Zitat:

Datenbank Version: 4052

Du hast Malwarebytes vorher nicht aktualisiert. Bitte updaten und einen Vollscan machen.

Zitat:

1) Ist mein Computer jetzt sicher?

Nein, ganz sicher entfernt werden Schdälinge nur durch format c: und Neuinstallation des OS

Zitat:

2) Ich habe meine Emailaccounts bei gmx.de und googlemail benutzt, allerdings ohne die Passwörter zu speichern. Könnten die geklaut worden sein und muss ich sie ändern?

Das Risiko besteht immer, von daher wär es nicht verkehrt sämtliche Passwörter von einem sauberes System aus zu ändern.

Zitat:

3) Ich habe für Bewerbungen meine Kompletten Daten in unterschiedlichen Online-Bewerbungsplattformen eingetragen. Sind diese eventuell geklaut worden?

Was hat das genau mit der Infektion zu tun? :confused:

Hi Arne,

super, vielen Dank für deinen Hinweis! Das mit der Aktualisierung hätte ich sonst nicht gemerkt. Hier die aktuelle Log file von Malwarebytes:

*******************************************

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4340

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

23.07.2010 13:12:59
mbam-log-2010-07-23 (13-12-59).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 218073
Laufzeit: 40 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

*************************************************

Scheint ja ok zu sein, aber Spybot Search & Destroy gibt immer folgende Meldung, die auch nach erfolgreichem löschen beim nächsten Scan sofort kommt:

1 Eintrag:

Virtumonde.prx Art: TrojanC-02

und darunter

(SBI $B6BF2145) Autorun Einstellungen (Urijubemobel)

HKEY_USERS\S-1-5-21-1801674531-1592454029-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Run\Urijubemobel

Art: Registrierungsdatenbank-Wert

Wenn ich die Registrierungsdatenbank öffne, erhalte ich folgende Angaben:

Name:Urijubemobel, Typ: REG_SZ, Wert: rundll32.exe "C:\WINXP\qlapiant.dll", Startup

Das Modul qlapiant.dll habe ich vor einiger Zeit mit AVG enfernen lassen, weil es angeblich infiziert war, seitdem beschwert sich Windows, wenn der Desktop geladen wird, dass qlapiant fehlen würde. Eigentlich stört mich das nicht, bin nur sehr besorgt wegen der Viren, vielleicht hängt das ja alles zusammen, aber ich kenne mich nicht genug aus.

Vielen Dank und viele Grüße,

reinhard

ps.:Meine Frage 3) war eigentlich ähnlich gemeint wie Frage 2), ich wollte im Grunde genommen nur wissen, ob es (allgemein) möglich ist, dass jemand während der Infektionszeit Daten von mir abgelesen hat (ich kenne mich nämlich mit Viren und was diese genau machen nicht gut aus). Die Antwort ist wohl leider ja =(

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

Hi Arne, habe OTL heruntergeladen und laufen lassen. Hier die Logfiles:

1) Extras.txt

OTL Logfile:

Code:

OTL Extras logfile created on: 24.07.2010 15:10:28 - Run 1

OTL by OldTimer - Version 3.2.9.1     Folder = C:\Dokumente und Einstellungen\Admin\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 61,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 80,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINXP | %ProgramFiles% = C:\Programme

Drive C: | 40,00 Gb Total Space | 20,99 Gb Free Space | 52,46% Space Free | Partition Type: NTFS

Drive D: | 65,08 Gb Total Space | 3,51 Gb Free Space | 5,40% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: BIE

Current User Name: Admin

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.exe [@ = exefile] -- Reg Error: Key error. File not found

.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

"DisableUnicastResponsesToMulticastBroadcast" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

"DisableUnicastResponsesToMulticastBroadcast" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Programme\AVG\AVG9\avgemc.exe" = C:\Programme\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Programme\AVG\AVG9\avgupd.exe" = C:\Programme\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Programme\AVG\AVG9\avgnsx.exe" = C:\Programme\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)

"C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- ()

"C:\Programme\JustVoip.com\JustVoip\JustVoip.exe" = C:\Programme\JustVoip.com\JustVoip\JustVoip.exe:*:Enabled:JustVoip -- (JustVoip)

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator

"{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero BurningROM

"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad-Dienstprogramm 'EasyEject'

"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = Dienstprogramm 'ThinkPad-Tastaturanpassung'

"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help

"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3D289CAC-AD9F-45d9-9D36-524EB7B6C958}" = Lenovo Hard Drive Quick Test

"{43507E5B-94A0-4E56-9C7B-FAAAFBDB5904}" = Intel(R) PROSet/Wireless WiFi-Software

"{44E9D4C2-946C-4378-9354-558803C47A68}" = Client Security - Password Manager

"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{65706020-7B6F-41F2-8047-FC69579E386A}" = Präsentationsdirektor

"{702e274a-505b-4946-9228-e450349689c2}" = Nero 9

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart

"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections

"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{84814E6B-2581-46EC-926A-823BD1C670F6}" = ThinkPad Bluetooth with Enhanced Data Rate Software

"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer

"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007

"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center

"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Energie-Manager

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch

"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles

"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit

"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center

"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2

"{D728E945-256D-4477-B377-6BBA693714AC}" = Ergänzung zu Productivity Center für ThinkPad

"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit

"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer

"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"AVG9Uninstall" = AVG Free 9.0

"AwayTask" = Maintenance Manager

"CCleaner" = CCleaner

"CNXT_HDAUDIO" = Conexant HD Audio

"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_17AA20DA" = HDAUDIO Soft Data Fax Modem with SmartCP

"DivX Setup.divx.com" = DivX-Setup

"ENTERPRISE" = Microsoft Office Enterprise 2007

"ESET Online Scanner" = ESET Online Scanner v3

"Google Chrome" = Google Chrome

"HDMI" = Intel(R) Graphics Media Accelerator Driver

"ie8" = Windows Internet Explorer 8

"JustVoip_is1" = JustVoip

"KLiteCodecPack_is1" = K-Lite Codec Pack 3.7.0 Full

"LENOVO.SMIIF" = Lenovo System Interface Driver

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"MiKTeX 2.8" = MiKTeX 2.8

"Mozilla Firefox (3.6.7)" = Mozilla Firefox (3.6.7)

"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)

"OnScreenDisplay" = Anzeige am Bildschirm

"pdfsam" = pdfsam

"Picasa 3" = Picasa 3

"Power Management Driver" = ThinkPad Power Management Driver

"ProInst" = Intel PROSet Wireless

"Shrew Soft VPN Client" = Shrew Soft VPN Client

"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1

"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier

"Veetle TV" = Veetle TV 0.9.17

"VLC media player" = VLC media player 1.0.5

"WinEdt 6_is1" = WinEdt 6

"WinRAR archiver" = WinRAR

"Wubi" = Ubuntu

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 21.07.2010 17:32:15 | Computer Name = BIE | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung SZServer.exe, Version 5.0.69.0, fehlgeschlagenes

 Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000000.

 

Error - 22.07.2010 03:35:07 | Computer Name = BIE | Source = Google Update | ID = 20

Description = 

 

Error - 22.07.2010 09:04:31 | Computer Name = BIE | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung notepad.exe, Version 5.1.2600.5512, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 22.07.2010 09:06:11 | Computer Name = BIE | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung notepad.exe, Version 5.1.2600.5512, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 22.07.2010 09:07:01 | Computer Name = BIE | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung notepad.exe, Version 5.1.2600.5512, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 22.07.2010 09:10:16 | Computer Name = BIE | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung wordpad.exe, Version 5.1.2600.5584, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 22.07.2010 09:35:05 | Computer Name = BIE | Source = Google Update | ID = 20

Description = 

 

Error - 22.07.2010 10:35:05 | Computer Name = BIE | Source = Google Update | ID = 20

Description = 

 

Error - 22.07.2010 11:35:05 | Computer Name = BIE | Source = Google Update | ID = 20

Description = 

 

Error - 23.07.2010 09:03:32 | Computer Name = BIE | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung rundll32.exe, Version 5.1.2600.5512, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

[ OSession Events ]

Error - 14.05.2010 06:48:13 | Computer Name = BIE | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 90

 seconds with 60 seconds of active time.  This session ended with a crash.

 

Error - 14.05.2010 06:49:32 | Computer Name = BIE | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 9

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 14.05.2010 07:21:43 | Computer Name = BIE | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 9

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 15.05.2010 09:29:58 | Computer Name = BIE | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 5954

 seconds with 1860 seconds of active time.  This session ended with a crash.

 

Error - 15.05.2010 10:03:16 | Computer Name = BIE | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 896

 seconds with 780 seconds of active time.  This session ended with a crash.

 

Error - 16.05.2010 15:03:05 | Computer Name = BIE | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 14

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 27.05.2010 08:44:41 | Computer Name = BIE | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 503

 seconds with 420 seconds of active time.  This session ended with a crash.

 

Error - 27.05.2010 09:11:04 | Computer Name = BIE | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 339

 seconds with 300 seconds of active time.  This session ended with a crash.

 

Error - 19.07.2010 13:51:00 | Computer Name = BIE | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 20

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 19.07.2010 13:51:10 | Computer Name = BIE | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1

 seconds with 0 seconds of active time.  This session ended with a crash.

 

[ System Events ]

Error - 22.07.2010 06:17:42 | Computer Name = BIE | Source = DCOM | ID = 10010

Description = Der Server "{E60687F7-01A1-40AA-86AC-DB1CBF673334}" konnte innerhalb

 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

 

Error - 22.07.2010 13:02:28 | Computer Name = BIE | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Automatische Updates" wurde mit folgendem Fehler beendet:

   %%126

 

Error - 22.07.2010 21:55:43 | Computer Name = BIE | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Automatische Updates" wurde mit folgendem Fehler beendet:

   %%126

 

Error - 23.07.2010 02:39:31 | Computer Name = BIE | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Automatische Updates" wurde mit folgendem Fehler beendet:

   %%126

 

Error - 23.07.2010 02:40:00 | Computer Name = BIE | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Automatische Updates" wurde mit folgendem Fehler beendet:

   %%126

 

Error - 23.07.2010 13:01:34 | Computer Name = BIE | Source = ialm | ID = 262252

Description = Treiber igxprd32 für display-Gerät \Device\Video0 befindet sich in

 einer unendlichen  Schleife. Wahrscheinlich funktioniert das Gerät fehlerhaft, oder

 die  Hardware wurde vom Gerätetreiber nicht ordnungsgemäß programmiert.  Wenden Sie

 sich an den Hardwarehersteller, um Treiberupdates zu beziehen.

 

Error - 23.07.2010 14:04:59 | Computer Name = BIE | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Automatische Updates" wurde mit folgendem Fehler beendet:

   %%126

 

Error - 23.07.2010 14:13:41 | Computer Name = BIE | Source = System Error | ID = 1003

Description = Fehlercode 000000ea, 1. Parameter 87f11020, 2. Parameter 89ae3768,

 3. Parameter 89c3c330, 4. Parameter 00000001.

 

Error - 23.07.2010 22:32:12 | Computer Name = BIE | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Automatische Updates" wurde mit folgendem Fehler beendet:

   %%126

 

Error - 24.07.2010 06:18:18 | Computer Name = BIE | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Automatische Updates" wurde mit folgendem Fehler beendet:

   %%126

 

 

< End of report >

--- --- ---

******************************************************

2)OTL.txt

OTL Logfile:

Code:

OTL logfile created on: 24.07.2010 15:10:28 - Run 1

OTL by OldTimer - Version 3.2.9.1     Folder = C:\Dokumente und Einstellungen\Admin\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 61,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 80,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINXP | %ProgramFiles% = C:\Programme

Drive C: | 40,00 Gb Total Space | 20,99 Gb Free Space | 52,46% Space Free | Partition Type: NTFS

Drive D: | 65,08 Gb Total Space | 3,51 Gb Free Space | 5,40% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: BIE

Current User Name: Admin

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Programme\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Programme\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Programme\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Programme\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Programme\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Programme\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()

PRC - C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Dropbox\bin\Dropbox.exe ()

PRC - C:\Programme\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.)

PRC - C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe ()

PRC - C:\WINXP\system32\TpShocks.exe (Lenovo.)

PRC - C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )

PRC - C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )

PRC - C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )

PRC - C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )

PRC - C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo )

PRC - C:\WINXP\system32\ibmpmsvc.exe (Lenovo.)

PRC - C:\Programme\ShrewSoft\VPN Client\dtpd.exe ()

PRC - C:\Programme\ShrewSoft\VPN Client\iked.exe ()

PRC - C:\Programme\ShrewSoft\VPN Client\ipsecd.exe ()

PRC - C:\Programme\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)

PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)

PRC - C:\Programme\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)

PRC - C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)

PRC - C:\Programme\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)

PRC - C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

PRC - C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)

PRC - C:\Programme\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)

PRC - C:\Programme\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)

PRC - C:\Programme\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)

PRC - C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)

PRC - C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)

PRC - C:\WINXP\system32\igfxext.exe (Intel Corporation)

PRC - C:\Programme\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)

PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

PRC - C:\Programme\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)

PRC - C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe (Nero AG)

PRC - C:\Programme\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)

PRC - C:\WINXP\explorer.exe (Microsoft Corporation)

PRC - C:\WINXP\system32\tp4mon.exe (IBM Corporation)

PRC - C:\WINXP\system32\IPSSVC.EXE (Lenovo Group Limited)

PRC - C:\Programme\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)

PRC - C:\Programme\Digital Line Detect\DLG.exe (Avanquest Software )

PRC - C:\WINXP\system32\TpKmpSvc.exe ()

 

 
 ========== Modules (SafeList) ==========

 

MOD - C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINXP\system32\BtMmHook.dll (Broadcom Corporation.)

MOD - C:\WINXP\system32\msscript.ocx (Microsoft Corporation)

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (wuauserv) -- C:\WINDOWS\system32\wuauserv.dll File not found

SRV - (HidServ) -- C:\WINXP\System32\hidserv.dll File not found

SRV - (avg9emc) -- C:\Programme\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)

SRV - (avg9wd) -- C:\Programme\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (DozeSvc) -- C:\Programme\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.)

SRV - (Power Manager DBC Service) -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe ()

SRV - (AcSvc) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )

SRV - (AcPrfMgrSvc) -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )

SRV - (IBMPMSVC) -- C:\WINXP\system32\ibmpmsvc.exe (Lenovo.)

SRV - (dtpd) -- C:\Programme\ShrewSoft\VPN Client\dtpd.exe ()

SRV - (iked) -- C:\Programme\ShrewSoft\VPN Client\iked.exe ()

SRV - (ipsecd) -- C:\Programme\ShrewSoft\VPN Client\ipsecd.exe ()

SRV - (TPHDEXLGSVC) -- C:\WINXP\system32\TPHDEXLG.exe (Lenovo.)

SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)

SRV - (S24EventMonitor) Intel(R) -- C:\Programme\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)

SRV - (RegSrvc) Intel(R) -- C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)

SRV - (btwdins) -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)

SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)

SRV - (LENOVO.MICMUTE) -- C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)

SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe (Nero AG)

SRV - (ThinkVantage Registry Monitor Service) -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)

SRV - (IPSSVC) -- C:\WINXP\system32\IPSSVC.EXE (Lenovo Group Limited)

SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)

SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (TpKmpSVC) -- C:\WINXP\system32\TpKmpSvc.exe ()

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (AvgTdiX) -- C:\WINXP\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgLdx86) -- C:\WINXP\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgMfx86) -- C:\WINXP\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (sptd) -- C:\WINXP\System32\Drivers\sptd.sys ()

DRV - (psadd) -- C:\WINXP\system32\drivers\psadd.sys (Lenovo (United States) Inc.)

DRV - (DozeHDD) -- C:\WINXP\System32\DRIVERS\DozeHDD.sys (Lenovo.)

DRV - (TPPWRIF) -- C:\WINXP\system32\drivers\TPPWRIF.SYS ()

DRV - (pflt) -- C:\WINXP\system32\drivers\vfilter.sys (Shrew Soft Inc)

DRV - (vnet) -- C:\WINXP\system32\drivers\virtualnet.sys (Shrew Soft Inc)

DRV - (IBMPMDRV) -- C:\WINXP\system32\drivers\ibmpmdrv.sys (Lenovo.)

DRV - (IBMTPCHK) -- C:\WINXP\system32\drivers\IBMBLDID.sys ()

DRV - (ANC) -- C:\WINXP\system32\drivers\ANC.sys (IBM Corp.)

DRV - (Shockprf) -- C:\WINXP\System32\DRIVERS\Apsx86.sys (Lenovo.)

DRV - (TPDIGIMN) -- C:\WINXP\System32\DRIVERS\ApsHM86.sys (Lenovo.)

DRV - (NETw5x32) Intel(R) -- C:\WINXP\system32\drivers\NETw5x32.sys (Intel Corporation)

DRV - (s24trans) -- C:\WINXP\system32\drivers\s24trans.sys (Intel Corporation)

DRV - (TSMAPIP) -- C:\WINXP\system32\drivers\TSMAPIP.SYS ()

DRV - (BTKRNL) -- C:\WINXP\system32\drivers\btkrnl.sys (Broadcom Corporation.)

DRV - (BTWUSB) -- C:\WINXP\system32\drivers\btwusb.sys (Broadcom Corporation.)

DRV - (ialm) -- C:\WINXP\system32\drivers\igxpmp32.sys (Intel Corporation)

DRV - (TPHKDRV) -- C:\WINXP\system32\drivers\TPHKDRV.sys (Lenovo Group Limited)

DRV - (lenovo.smi) -- C:\WINXP\system32\drivers\smiif32.sys (Lenovo Group Limited)

DRV - (HDAudBus) -- C:\WINXP\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)

DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINXP\system32\drivers\USBAUDIO.sys (Microsoft Corporation)

DRV - (TVTI2C) -- C:\WINXP\system32\drivers\tvti2c.sys (Lenovo (United States) Inc.)

DRV - (b57w2k) -- C:\WINXP\system32\drivers\b57xp32.sys (Broadcom Corporation)

DRV - (HdAudAddService) -- C:\WINXP\system32\drivers\CHDAudN.sys (Conexant Systems Inc.)

DRV - (HSF_DPV) -- C:\WINXP\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)

DRV - (HSFHWAZL) -- C:\WINXP\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINXP\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (PROCDD) -- C:\WINXP\system32\drivers\PROCDD.SYS (Lenovo Group Limited)

DRV - (atmeltpm) -- C:\WINXP\system32\drivers\atmeltpm.sys (Atmel, Inc.)

DRV - (TwoTrack) -- C:\WINXP\system32\drivers\TwoTrack.sys (IBM Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EE 63 EC 27 0C 2A CB 01  [binary data]

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

 

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.07.21 03:41:36 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.07.21 21:51:50 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.04.27 17:35:03 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2010.07.09 11:39:28 | 000,000,000 | ---D | M]

 

[2010.03.23 07:35:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Extensions

[2010.03.23 07:35:42 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2010.07.24 15:00:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\a2qabsvq.default\extensions

[2010.07.11 03:26:09 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\a2qabsvq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010.07.24 15:00:10 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions

[2010.07.21 21:51:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010.07.21 21:51:38 | 000,423,656 | ---- | M] (Oracle) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll

[2010.01.16 05:45:29 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2010.01.16 05:45:29 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml

[2010.01.16 05:45:29 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2010.01.16 05:45:29 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2010.01.16 05:45:29 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2010.07.21 14:11:51 | 000,000,027 | ---- | M]) - C:\WINXP\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)

O4 - HKLM..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )

O4 - HKLM..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )

O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AVG9_TRAY] C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)

O4 - HKLM..\Run: [cssauth] C:\Programme\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [EZEJMNAP] C:\Programme\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)

O4 - HKLM..\Run: [LENOVO.TPFNF6R] C:\Programme\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [LPMailChecker] C:\Programme\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)

O4 - HKLM..\Run: [LPManager] C:\Programme\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)

O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)

O4 - HKLM..\Run: [TPFNF7] C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [TPKMAPHELPER] C:\Programme\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)

O4 - HKLM..\Run: [TpShocks] C:\WINXP\System32\TpShocks.exe (Lenovo.)

O4 - HKLM..\Run: [TrackPointSrv] C:\WINXP\System32\tp4mon.exe (IBM Corporation)

O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

O4 - HKCU..\Run: [Urijubemobel] C:\WINXP\qlapiant.DLL File not found

O4 - Startup: C:\Dokumente und Einstellungen\Admin\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Dropbox\bin\Dropbox.exe ()

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Digital Line Detect.lnk = C:\Programme\Digital Line Detect\DLG.exe (Avanquest Software )

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1268847754661 (WUWebControl Class)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINXP\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINXP\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINXP\System32\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\tpfnf2: DllName - C:\Programme\Lenovo\HOTKEY\notifyf2.dll - C:\Programme\Lenovo\HOTKEY\notifyf2.dll ()

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010.03.17 21:07:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{567b3718-53b9-11df-be87-001c259079ed}\Shell - "" = AutoRun

O33 - MountPoints2\{567b3718-53b9-11df-be87-001c259079ed}\Shell\Auto\command - "" = serivces.exe

O33 - MountPoints2\{567b3718-53b9-11df-be87-001c259079ed}\Shell\AutoRun - "" = Auto&Play

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2010.07.24 15:06:42 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe

[2010.07.22 12:12:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Eigene Dateien

[2010.07.22 12:12:25 | 000,000,000 | ---D | C] -- D:\Access Connections

[2010.07.22 03:07:36 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINXP\System32\drivers\mbamswissarmy.sys

[2010.07.22 03:07:35 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINXP\System32\drivers\mbam.sys

[2010.07.22 03:07:35 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2010.07.22 02:27:09 | 000,000,000 | R--D | C] -- D:\Eigene Musik

[2010.07.22 02:27:09 | 000,000,000 | R--D | C] -- D:\Eigene Bilder

[2010.07.22 02:27:09 | 000,000,000 | ---D | C] -- D:\Simply Super Software

[2010.07.22 02:27:09 | 000,000,000 | ---D | C] -- D:\Shrew Soft VPN

[2010.07.22 02:27:09 | 000,000,000 | ---D | C] -- D:\Downloads

[2010.07.22 02:10:06 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2010.07.22 01:52:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SITEguard

[2010.07.22 01:51:53 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\iS3

[2010.07.22 01:51:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\STOPzilla!

[2010.07.22 01:04:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP

[2010.07.22 00:51:19 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\ztvcabinet.dll

[2010.07.22 00:51:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Simply Super Software

[2010.07.22 00:37:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Desktop\remove-vundo-virtumonde-Dateien

[2010.07.22 00:34:29 | 006,153,648 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\Admin\Desktop\mbam-setup.exe

[2010.07.21 21:52:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun

[2010.07.21 21:52:07 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java

[2010.07.21 21:51:50 | 000,423,656 | ---- | C] (Oracle) -- C:\WINXP\System32\deployJava1.dll

[2010.07.21 21:51:50 | 000,153,376 | ---- | C] (Oracle) -- C:\WINXP\System32\javaws.exe

[2010.07.21 21:51:50 | 000,145,184 | ---- | C] (Oracle) -- C:\WINXP\System32\javaw.exe

[2010.07.21 21:51:50 | 000,145,184 | ---- | C] (Oracle) -- C:\WINXP\System32\java.exe

[2010.07.21 21:51:50 | 000,073,728 | ---- | C] (Oracle) -- C:\WINXP\System32\javacpl.cpl

[2010.07.21 21:51:33 | 000,000,000 | ---D | C] -- C:\Programme\Java

[2010.07.21 20:23:52 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2010.07.21 18:51:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Desktop\index-Dateien

[2010.07.21 17:48:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Desktop\topic330703-Dateien

[2010.07.21 14:49:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Malwarebytes

[2010.07.21 14:49:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2010.07.21 14:26:55 | 000,000,000 | ---D | C] -- C:\ComboFix

[2010.07.21 14:19:26 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Admin\Recent

[2010.07.21 14:01:00 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2010.07.21 13:56:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINXP\SWXCACLS.exe

[2010.07.21 13:56:27 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINXP\SWREG.exe

[2010.07.21 13:56:27 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINXP\SWSC.exe

[2010.07.21 13:56:27 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINXP\NIRCMD.exe

[2010.07.21 13:55:49 | 000,000,000 | ---D | C] -- C:\WINXP\ERDNT

[2010.07.21 13:47:57 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010.07.21 13:44:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Desktop\51943-virtumonde-dll-Dateien

[2010.07.21 13:44:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Desktop\vundofixx-Dateien

[2010.07.18 01:40:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Desktop\m

[2010.07.15 21:37:45 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINXP\System32\avgrsstx.dll

[2010.07.15 02:20:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Desktop\Delo

[2010.07.12 12:21:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Desktop\greenjobs

[2010.07.09 16:34:23 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner

[2010.07.09 11:33:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia

[2010.07.09 05:02:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Adobe

[2010.07.09 05:02:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Sun

[2010.07.09 04:38:30 | 000,000,000 | ---D | C] -- C:\Programme\ESET

[2010.07.09 02:32:44 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy

[2010.07.09 02:32:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy

[2010.07.08 18:38:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe

[2010.07.06 18:45:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Desktop\reweb2.ReWEB-Dateien

[2010.06.29 01:04:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Desktop\Bewerbungsmappe

[2010.06.28 01:45:18 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\mstee.sys

[2010.06.28 01:45:14 | 000,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\ndisip.sys

[2010.06.28 01:45:11 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\ipsink.ax

[2010.06.28 01:45:11 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\ipsink.ax

[2010.06.28 01:45:11 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\streamip.sys

[2010.06.28 01:45:09 | 000,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\slip.sys

[2010.06.28 01:45:07 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\wstcodec.sys

[2010.06.28 01:45:04 | 000,085,248 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\nabtsfec.sys

[2010.06.28 01:45:02 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\ccdecode.sys

[2010.06.28 01:44:55 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\drivers\USBAUDIO.sys

[2010.06.28 01:44:55 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\usbaudio.sys

[2010.06.28 01:44:47 | 000,121,984 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\usbvideo.sys

[2010.06.28 01:44:47 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\kswdmcap.ax

[2010.06.28 01:44:47 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\kswdmcap.ax

[2010.06.28 01:44:47 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\kstvtune.ax

[2010.06.28 01:44:47 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\kstvtune.ax

[2010.06.28 01:44:47 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\vfwwdm32.dll

[2010.06.28 01:44:47 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\vfwwdm32.dll

[2010.06.28 01:44:47 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\ksxbar.ax

[2010.06.28 01:44:47 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\ksxbar.ax

[2010.06.28 01:44:47 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\vidcap.ax

[2010.06.28 01:44:47 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\vidcap.ax

[2010.06.28 01:44:46 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\dshowext.ax

[2010.06.28 01:44:46 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\dshowext.ax

[2010.06.28 01:44:42 | 000,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\usbccgp.sys

[7 C:\WINXP\*.tmp files -> C:\WINXP\*.tmp -> ]

[1 C:\WINXP\System32\*.tmp files -> C:\WINXP\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2010.07.24 15:05:49 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe

[2010.07.24 15:05:01 | 000,001,088 | ---- | M] () -- C:\WINXP\tasks\GoogleUpdateTaskMachineUA.job

[2010.07.24 14:54:07 | 062,436,221 | ---- | M] () -- C:\WINXP\System32\drivers\Avg\incavi.avm

[2010.07.24 14:50:26 | 000,000,300 | ---- | M] () -- C:\WINXP\tasks\PMTask.job

[2010.07.24 14:48:25 | 000,002,206 | ---- | M] () -- C:\WINXP\System32\wpa.dbl

[2010.07.24 14:48:23 | 000,001,084 | ---- | M] () -- C:\WINXP\tasks\GoogleUpdateTaskMachineCore.job

[2010.07.24 14:48:19 | 000,025,169 | ---- | M] () -- C:\WINXP\System32\PROCDB.INI

[2010.07.24 14:48:11 | 000,000,380 | ---- | M] () -- C:\WINXP\System32\IPSCtrl.INI

[2010.07.24 14:47:59 | 000,000,006 | -H-- | M] () -- C:\WINXP\tasks\SA.DAT

[2010.07.24 14:47:57 | 000,002,048 | --S- | M] () -- C:\WINXP\bootstat.dat

[2010.07.24 14:47:55 | 2137,436,160 | -HS- | M] () -- C:\hiberfil.sys

[2010.07.24 07:33:38 | 004,718,592 | -H-- | M] () -- C:\Dokumente und Einstellungen\Admin\NTUSER.DAT

[2010.07.24 07:33:38 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Admin\ntuser.ini

[2010.07.24 07:33:31 | 004,312,686 | -H-- | M] () -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\IconCache.db

[2010.07.24 01:13:55 | 000,000,200 | ---- | M] () -- C:\WINXP\vwr.INI

[2010.07.23 16:04:31 | 004,563,109 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\folien_markov_switching.pdf

[2010.07.23 15:17:50 | 000,291,835 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\art3.pdf

[2010.07.23 13:26:00 | 000,060,020 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Spybot_screenshot.JPG

[2010.07.22 03:37:33 | 000,023,076 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Spybot - Search & Destroy scan report.pdf

[2010.07.22 03:07:38 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.07.22 02:37:34 | 065,890,018 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\reg.reg

[2010.07.22 01:55:30 | 000,016,384 | -H-- | M] () -- D:\SZKGFS.dat

[2010.07.22 01:55:30 | 000,016,384 | -H-- | M] () -- C:\SZKGFS.dat

[2010.07.22 01:46:46 | 078,708,793 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Bewerbungen.rar

[2010.07.22 00:37:04 | 000,043,172 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\remove-vundo-virtumonde.htm

[2010.07.21 21:51:38 | 000,423,656 | ---- | M] (Oracle) -- C:\WINXP\System32\deployJava1.dll

[2010.07.21 21:51:38 | 000,153,376 | ---- | M] (Oracle) -- C:\WINXP\System32\javaws.exe

[2010.07.21 21:51:38 | 000,145,184 | ---- | M] (Oracle) -- C:\WINXP\System32\javaw.exe

[2010.07.21 21:51:38 | 000,145,184 | ---- | M] (Oracle) -- C:\WINXP\System32\java.exe

[2010.07.21 21:51:38 | 000,073,728 | ---- | M] (Oracle) -- C:\WINXP\System32\javacpl.cpl

[2010.07.21 18:51:06 | 000,095,933 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\index.htm

[2010.07.21 17:48:32 | 000,141,049 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\topic330703.html

[2010.07.21 14:49:11 | 006,153,648 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\Admin\Desktop\mbam-setup.exe

[2010.07.21 14:36:03 | 000,000,227 | ---- | M] () -- C:\WINXP\system.ini

[2010.07.21 14:11:51 | 000,000,027 | ---- | M] () -- C:\WINXP\System32\drivers\etc\hosts

[2010.07.21 14:01:08 | 000,000,304 | RHS- | M] () -- C:\boot.ini

[2010.07.21 13:46:13 | 003,739,613 | R--- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\ComboFix.exe

[2010.07.21 13:44:24 | 000,017,393 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\vundofixx.html

[2010.07.21 13:44:06 | 000,057,623 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\51943-virtumonde-dll.html

[2010.07.21 03:44:58 | 000,011,773 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Lia.docx

[2010.07.19 14:24:11 | 000,036,864 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Kopie von 28-Kw-10 Berufsanfänger u. Praktikanten.xls

[2010.07.18 16:31:24 | 000,098,600 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\kreditrisiko.pdf

[2010.07.18 01:28:11 | 000,002,237 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk

[2010.07.17 16:01:53 | 000,054,474 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\photo.JPG

[2010.07.17 15:58:37 | 000,126,171 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\bfoto.JPG

[2010.07.15 21:37:47 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINXP\System32\drivers\avgtdix.sys

[2010.07.15 21:37:45 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINXP\System32\avgrsstx.dll

[2010.07.15 21:37:39 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINXP\System32\drivers\avgldx86.sys

[2010.07.09 11:39:28 | 000,001,705 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk

[2010.07.09 06:07:45 | 000,000,664 | ---- | M] () -- C:\WINXP\System32\d3d9caps.dat

[2010.07.09 02:32:53 | 000,000,905 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Spybot - Search & Destroy.lnk

[2010.07.06 18:45:52 | 000,028,296 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\reweb2.ReWEB.htm

[2010.07.05 21:28:07 | 000,134,928 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\jobsearch.ftl

[2010.07.05 18:57:44 | 000,011,089 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\anschreiben.docx

[2010.06.28 22:20:33 | 000,009,216 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.06.28 02:29:42 | 000,010,185 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\003902205721333.docx

[2010.06.28 01:57:52 | 001,263,523 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\dog.docx

[7 C:\WINXP\*.tmp files -> C:\WINXP\*.tmp -> ]

[1 C:\WINXP\System32\*.tmp files -> C:\WINXP\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2010.07.23 16:04:31 | 004,563,109 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\folien_markov_switching.pdf

[2010.07.23 15:17:50 | 000,291,835 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\art3.pdf

[2010.07.23 13:26:00 | 000,060,020 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Spybot_screenshot.JPG

[2010.07.22 03:37:32 | 000,023,076 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Spybot - Search & Destroy scan report.pdf

[2010.07.22 03:07:38 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.07.22 02:37:29 | 065,890,018 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\reg.reg

[2010.07.22 01:55:30 | 000,016,384 | -H-- | C] () -- D:\SZKGFS.dat

[2010.07.22 01:55:30 | 000,016,384 | -H-- | C] () -- C:\SZKGFS.dat

[2010.07.22 01:45:40 | 078,708,793 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Bewerbungen.rar

[2010.07.22 00:51:19 | 000,162,304 | ---- | C] () -- C:\WINXP\System32\ztvunrar36.dll

[2010.07.22 00:51:19 | 000,153,088 | ---- | C] () -- C:\WINXP\System32\UNRAR3.dll

[2010.07.22 00:51:19 | 000,075,264 | ---- | C] () -- C:\WINXP\System32\unacev2.dll

[2010.07.22 00:37:03 | 000,043,172 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\remove-vundo-virtumonde.htm

[2010.07.21 21:49:12 | 2137,436,160 | -HS- | C] () -- C:\hiberfil.sys

[2010.07.21 18:51:04 | 000,095,933 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\index.htm

[2010.07.21 17:48:29 | 000,141,049 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\topic330703.html

[2010.07.21 14:01:08 | 000,000,234 | ---- | C] () -- C:\Boot.bak

[2010.07.21 14:01:03 | 000,262,448 | ---- | C] () -- C:\cmldr

[2010.07.21 13:56:27 | 000,256,512 | ---- | C] () -- C:\WINXP\PEV.exe

[2010.07.21 13:56:27 | 000,098,816 | ---- | C] () -- C:\WINXP\sed.exe

[2010.07.21 13:56:27 | 000,080,412 | ---- | C] () -- C:\WINXP\grep.exe

[2010.07.21 13:56:27 | 000,077,312 | ---- | C] () -- C:\WINXP\MBR.exe

[2010.07.21 13:56:27 | 000,068,096 | ---- | C] () -- C:\WINXP\zip.exe

[2010.07.21 13:45:49 | 003,739,613 | R--- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\ComboFix.exe

[2010.07.21 13:44:24 | 000,017,393 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\vundofixx.html

[2010.07.21 13:44:05 | 000,057,623 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\51943-virtumonde-dll.html

[2010.07.21 12:00:46 | 000,011,995 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\hs_err_pid5316.log

[2010.07.20 19:54:57 | 000,011,773 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Lia.docx

[2010.07.19 14:24:10 | 000,036,864 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Kopie von 28-Kw-10 Berufsanfänger u. Praktikanten.xls

[2010.07.18 16:31:24 | 000,098,600 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\kreditrisiko.pdf

[2010.07.17 15:59:42 | 000,054,474 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\photo.JPG

[2010.07.17 15:58:37 | 000,126,171 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\bfoto.JPG

[2010.07.09 11:39:28 | 000,001,705 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk

[2010.07.09 06:07:45 | 000,000,664 | ---- | C] () -- C:\WINXP\System32\d3d9caps.dat

[2010.07.09 02:32:53 | 000,000,905 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Spybot - Search & Destroy.lnk

[2010.07.06 18:45:52 | 000,028,296 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\reweb2.ReWEB.htm

[2010.07.05 21:28:06 | 000,134,928 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\jobsearch.ftl

[2010.06.28 01:45:47 | 001,263,523 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\dog.docx

[2010.05.29 16:16:20 | 000,000,200 | ---- | C] () -- C:\WINXP\vwr.INI

[2010.03.20 19:58:07 | 000,116,224 | ---- | C] () -- C:\WINXP\System32\pdfcmnnt.dll

[2010.03.17 23:17:55 | 000,717,296 | ---- | C] () -- C:\WINXP\System32\drivers\sptd.sys

[2010.03.17 23:17:05 | 000,164,352 | ---- | C] () -- C:\WINXP\System32\unrar.dll

[2010.03.17 23:17:02 | 003,596,288 | ---- | C] () -- C:\WINXP\System32\qt-dx331.dll

[2010.03.17 23:17:02 | 001,559,040 | ---- | C] () -- C:\WINXP\System32\xvidcore.dll

[2010.03.17 23:17:02 | 000,282,624 | ---- | C] () -- C:\WINXP\System32\xvidvfw.dll

[2010.03.17 23:17:01 | 000,007,680 | ---- | C] () -- C:\WINXP\System32\ff_vfw.dll

[2010.03.17 23:17:01 | 000,000,547 | ---- | C] () -- C:\WINXP\System32\ff_vfw.dll.manifest

[2010.03.17 23:00:24 | 000,004,224 | ---- | C] () -- C:\WINXP\System32\drivers\IBMBLDID.sys

[2010.03.17 22:59:03 | 000,004,442 | ---- | C] () -- C:\WINXP\System32\drivers\TPPWRIF.SYS

[2010.03.17 22:01:25 | 000,004,608 | ---- | C] () -- C:\WINXP\System32\drivers\TSMAPIP.SYS

[2009.08.14 11:47:34 | 002,854,976 | ---- | C] () -- C:\WINXP\System32\btwicons.dll

[2007.06.19 14:13:40 | 000,000,380 | ---- | C] () -- C:\WINXP\System32\IPSCtrl.INI

[2007.01.29 11:36:32 | 000,025,169 | ---- | C] () -- C:\WINXP\System32\PROCDB.INI

[2005.02.17 12:41:32 | 000,000,603 | ---- | C] () -- C:\WINXP\System32\BTNeighborhood.dll.manifest

[2005.02.17 12:41:30 | 000,000,593 | ---- | C] () -- C:\WINXP\System32\btcss.dll.manifest

[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINXP\System32\lcppn21.dll

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 102 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:CB0AACC9

< End of report >

--- --- ---

Bin gespannt auf deine Antwort!
Liebe Grüße, Reinhard

Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

O4 - HKCU..\Run: [Urijubemobel] C:\WINXP\qlapiant.DLL File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O33 - MountPoints2\{567b3718-53b9-11df-be87-001c259079ed}\Shell - "" = AutoRun

O33 - MountPoints2\{567b3718-53b9-11df-be87-001c259079ed}\Shell\Auto\command - "" = serivces.exe

O33 - MountPoints2\{567b3718-53b9-11df-be87-001c259079ed}\Shell\AutoRun - "" = Auto&Play

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

[2010.07.22 01:55:30 | 000,016,384 | -H-- | M] () -- D:\SZKGFS.dat

[2010.07.22 01:55:30 | 000,016,384 | -H-- | M] () -- C:\SZKGFS.dat

@Alternate Data Stream - 102 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:CB0AACC9

:Commands

[purity]

[resethosts]

[emptytemp]

Klick dann auf den Button Run Fixes!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Hi Arne, habe deinen Code durch OTL laufen lassen, der Pc hat in der Tat neu gestartet:

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Urijubemobel deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\control panel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\restrictions\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{567b3718-53b9-11df-be87-001c259079ed}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{567b3718-53b9-11df-be87-001c259079ed}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{567b3718-53b9-11df-be87-001c259079ed}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{567b3718-53b9-11df-be87-001c259079ed}\ not found.
File serivces.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{567b3718-53b9-11df-be87-001c259079ed}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{567b3718-53b9-11df-be87-001c259079ed}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
D:\SZKGFS.dat moved successfully.
C:\SZKGFS.dat moved successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:CB0AACC9 deleted successfully.
========== COMMANDS ==========
C:\WINXP\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 32352497 bytes
->Temporary Internet Files folder emptied: 45742554 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 92578128 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 3823 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 3401209 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 26 bytes
->Flash cache emptied: 3608 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 6267922 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
RecycleBin emptied: 14477831 bytes

Total Files Cleaned = 186,00 mb

OTL by OldTimer - Version 3.2.9.1 log created on 07262010_214503

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.

Hallo Arne,

habe alle 3 Programme heruntergeladen und ausgeführt. Da sich GMER 2x beim scannen der Partition D (auf meinem PC befinden sich dort die Eigene Dateien Ordner) aufgehängt hat, habe ich beim 3. Scan nur Partition C (auf meinem PC befindet sich dort Windows, Programme und Desktop) scannen lassen.
Hier die GMER Logfile:

GMER Logfile:

Code:

GMER 1.0.15.15281 - hxxp://www.gmer.net

Rootkit scan 2010-07-29 23:59:33

Windows 5.1.2600 Service Pack 3

Running: pov8l29m.exe; Driver: C:\DOKUME~1\Admin\LOKALE~1\Temp\pxtdqpow.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT            spvg.sys                                                                                                             ZwCreateKey [0xB9EA80E0]

SSDT            spvg.sys                                                                                                             ZwEnumerateKey [0xB9EC6CA2]

SSDT            spvg.sys                                                                                                             ZwEnumerateValueKey [0xB9EC7030]

SSDT            spvg.sys                                                                                                             ZwOpenKey [0xB9EA80C0]

SSDT            spvg.sys                                                                                                             ZwQueryKey [0xB9EC7108]

SSDT            spvg.sys                                                                                                             ZwQueryValueKey [0xB9EC6F88]

SSDT            spvg.sys                                                                                                             ZwSetValueKey [0xB9EC719A]
 

INT 0x62        ?                                                                                                                    89E42BF8

INT 0x63        ?                                                                                                                    89C30F00

INT 0x73        ?                                                                                                                    89C30F00

INT 0x82        ?                                                                                                                    89E42BF8

INT 0x83        ?                                                                                                                    89C30F00

INT 0x84        ?                                                                                                                    89C30F00

INT 0x84        ?                                                                                                                    89C30F00

INT 0x94        ?                                                                                                                    89C30F00

INT 0xA4        ?                                                                                                                    89C30F00

INT 0xB4        ?                                                                                                                    89C30F00
 

---- Kernel code sections - GMER 1.0.15 ----
 

?               spvg.sys                                                                                                             Das System kann die angegebene Datei nicht finden. !

.text           USBPORT.SYS!DllUnload                                                                                                B96098AC 5 Bytes  JMP 89C304E0 

.text           a2d1gova.SYS                                                                                                         B8F90386 35 Bytes  [00, 00, 00, 00, 00, 00, 20, ...]

.text           a2d1gova.SYS                                                                                                         B8F903AA 24 Bytes  [00, 00, 00, 00, 00, 00, 00, ...]

.text           a2d1gova.SYS                                                                                                         B8F903C4 3 Bytes  [00, 70, 02] {ADD [EAX+0x2], DH}

.text           a2d1gova.SYS                                                                                                         B8F903C9 1 Byte  [2E]

.text           a2d1gova.SYS                                                                                                         B8F903C9 11 Bytes  [2E, 00, 00, 00, 5A, 02, 00, ...]

.text           ...                                                                                                                  
 

---- Kernel IAT/EAT - GMER 1.0.15 ----
 

IAT             atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                                   [B9EA9040] spvg.sys

IAT             atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                           [B9EA913C] spvg.sys

IAT             atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                                  [B9EA90BE] spvg.sys

IAT             atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                          [B9EA97FC] spvg.sys

IAT             atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                                  [B9EA96D2] spvg.sys

IAT             \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                   [B9EB9048] spvg.sys

IAT             \SystemRoot\System32\Drivers\a2d1gova.SYS[HAL.dll!KfAcquireSpinLock]                                                 C0840CEC

IAT             \SystemRoot\System32\Drivers\a2d1gova.SYS[HAL.dll!READ_PORT_UCHAR]                                                   053C0D74

IAT             \SystemRoot\System32\Drivers\a2d1gova.SYS[HAL.dll!KeGetCurrentIrql]                                                  57B80974

IAT             \SystemRoot\System32\Drivers\a2d1gova.SYS[HAL.dll!KfRaiseIrql]                                                       8B000000

IAT             \SystemRoot\System32\Drivers\a2d1gova.SYS[HAL.dll!KfLowerIrql]                                                       56C35DE5

IAT             \SystemRoot\System32\Drivers\a2d1gova.SYS[HAL.dll!HalGetInterruptVector]                                             8D08758B

IAT             \SystemRoot\System32\Drivers\a2d1gova.SYS[HAL.dll!HalTranslateBusAddress]                                            8D51FC4D

IAT             \SystemRoot\System32\Drivers\a2d1gova.SYS[HAL.dll!KeStallExecutionProcessor]                                         8D52FD55

IAT             \SystemRoot\System32\Drivers\a2d1gova.SYS[HAL.dll!KfReleaseSpinLock]                                                 8D51FE4D

IAT             \SystemRoot\System32\Drivers\a2d1gova.SYS[HAL.dll!READ_PORT_BUFFER_USHORT]                                           8D52FF55

IAT             \SystemRoot\System32\Drivers\a2d1gova.SYS[HAL.dll!READ_PORT_USHORT]                                                  8D51F84D

IAT             \SystemRoot\System32\Drivers\a2d1gova.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                          5052F455

IAT             \SystemRoot\System32\Drivers\a2d1gova.SYS[HAL.dll!WRITE_PORT_UCHAR]                                                  EACAE856

IAT             \SystemRoot\System32\Drivers\a2d1gova.SYS[WMILIB.SYS!WmiSystemControl]                                               0FC08520

IAT             \SystemRoot\System32\Drivers\a2d1gova.SYS[WMILIB.SYS!WmiCompleteRequest]                                             0001B185
 

---- User IAT/EAT - GMER 1.0.15 ----
 

IAT             C:\WINXP\Explorer.EXE[2184] @ C:\WINXP\Explorer.EXE [KERNEL32.dll!GetProcAddress]                                    [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

IAT             C:\WINXP\Explorer.EXE[2184] @ C:\WINXP\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]                           [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

IAT             C:\WINXP\Explorer.EXE[2184] @ C:\WINXP\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress]                             [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

IAT             C:\WINXP\Explorer.EXE[2184] @ C:\WINXP\system32\Secur32.dll [KERNEL32.dll!GetProcAddress]                            [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

IAT             C:\WINXP\Explorer.EXE[2184] @ C:\WINXP\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]                              [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

IAT             C:\WINXP\Explorer.EXE[2184] @ C:\WINXP\system32\USER32.dll [KERNEL32.dll!GetProcAddress]                             [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

IAT             C:\WINXP\Explorer.EXE[2184] @ C:\WINXP\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress]                             [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

IAT             C:\WINXP\Explorer.EXE[2184] @ C:\WINXP\system32\ole32.dll [KERNEL32.dll!GetProcAddress]                              [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

IAT             C:\WINXP\Explorer.EXE[2184] @ C:\WINXP\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]                            [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

IAT             C:\WINXP\Explorer.EXE[2184] @ C:\WINXP\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]                            [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

IAT             C:\WINXP\Explorer.EXE[2184] @ C:\WINXP\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress]                           [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

IAT             C:\WINXP\Explorer.EXE[2184] @ C:\WINXP\system32\WININET.dll [KERNEL32.dll!GetProcAddress]                            [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

IAT             C:\WINXP\Explorer.EXE[2184] @ C:\WINXP\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress]                            [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

IAT             C:\WINXP\Explorer.EXE[2184] @ C:\WINXP\system32\USERENV.dll [KERNEL32.dll!GetProcAddress]                            [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

IAT             C:\WINXP\Explorer.EXE[2184] @ C:\WINXP\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress]                           [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

IAT             C:\WINXP\Explorer.EXE[2184] @ C:\WINXP\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress]                             [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

IAT             C:\WINXP\Explorer.EXE[2184] @ C:\WINXP\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress]                            [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
 

---- Devices - GMER 1.0.15 ----
 

Device          \FileSystem\Ntfs \Ntfs                                                                                               89E411F8

Device          \FileSystem\Fastfat \FatCdrom                                                                                        880BF1F8
 

AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                             avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
 

Device          \Driver\usbuhci \Device\USBPDO-0                                                                                     89C2E1F8

Device          \Driver\usbehci \Device\USBPDO-1                                                                                     89C4C1F8

Device          \Driver\usbuhci \Device\USBPDO-2                                                                                     89C2E1F8

Device          \Driver\usbuhci \Device\USBPDO-3                                                                                     89C2E1F8

Device          \Driver\PCI_PNP7400 \Device\00000054                                                                                 spvg.sys

Device          \Driver\sptd \Device\1659117400                                                                                      spvg.sys

Device          \Driver\usbehci \Device\USBPDO-4                                                                                     89C4C1F8
 

AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                            avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
 

Device          \Driver\usbuhci \Device\USBPDO-5                                                                                     89C2E1F8

Device          \Driver\usbuhci \Device\USBPDO-6                                                                                     89C2E1F8

Device          \Driver\Ftdisk \Device\HarddiskVolume1                                                                               89DD31F8

Device          \Driver\Cdrom \Device\CdRom0                                                                                         89BA31F8

Device          \Driver\Ftdisk \Device\HarddiskVolume2                                                                               89DD31F8

Device          \Driver\Ftdisk \Device\HarddiskVolume3                                                                               89DD31F8

Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3                                                                          [B9E03B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device          \Driver\atapi \Device\Ide\IdePort0                                                                                   [B9E03B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device          \Driver\atapi \Device\Ide\IdePort1                                                                                   [B9E03B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e                                                                          [B9E03B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                              888651F8

Device          \Driver\NetBT \Device\NetBT_Tcpip_{66D1AFFF-113C-4719-987F-685CECC62069}                                             888651F8

Device          \Driver\NetBT \Device\NetbiosSmb                                                                                     888651F8
 

AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                            avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
 

Device          \Driver\NetBT \Device\NetBT_Tcpip_{5C6D172F-8E5A-4CE9-8D3B-6B3A85C69EE5}                                             888651F8
 

AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                          avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
 

Device          \Driver\usbuhci \Device\USBFDO-0                                                                                     89C2E1F8

Device          \Driver\usbuhci \Device\USBFDO-1                                                                                     89C2E1F8

Device          \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                    888571F8

Device          \Driver\usbehci \Device\USBFDO-2                                                                                     89C4C1F8

Device          \FileSystem\MRxSmb \Device\LanmanRedirector                                                                          888571F8

Device          \Driver\usbuhci \Device\USBFDO-3                                                                                     89C2E1F8

Device          \Driver\usbuhci \Device\USBFDO-4                                                                                     89C2E1F8

Device          \Driver\Ftdisk \Device\FtControl                                                                                     89DD31F8

Device          \Driver\usbuhci \Device\USBFDO-5                                                                                     89C2E1F8

Device          \Driver\usbehci \Device\USBFDO-6                                                                                     89C4C1F8

Device          \Driver\a2d1gova \Device\Scsi\a2d1gova1                                                                              89B60498

Device          \FileSystem\Fastfat \Fat                                                                                             880BF1F8
 

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                             fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
 

Device          \FileSystem\Cdfs \Cdfs                                                                                               89A9E1F8
 

---- Registry - GMER 1.0.15 ----
 

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                   771343423

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                   285507792

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                   1

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                     

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                  C:\Programme\DAEMON Tools Lite\

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                  0

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                               0x76 0x1D 0x7D 0x49 ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                            

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                         0x20 0x01 0x00 0x00 ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                      0xFE 0x20 0x3E 0x12 ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                      

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                0x54 0x0E 0xCB 0xE1 ...

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                 

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      C:\Programme\DAEMON Tools Lite\

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                   0x76 0x1D 0x7D 0x49 ...

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)        

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                             0x20 0x01 0x00 0x00 ...

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0xFE 0x20 0x3E 0x12 ...

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)  

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0x54 0x0E 0xCB 0xE1 ...
 

---- EOF - GMER 1.0.15 ----

--- --- ---

**************************

Hier die OSAM Logfile:

OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 01:18:19 on 30.07.2010
 

OS: Windows XP Professional Service Pack 3 (Build 2600)

Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Common]

-----( %SystemRoot%\Tasks )-----

"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

"PMTask.job" - ? - C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE  (File found, but it contains no detailed information)
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"btcpl.cpl" - "Broadcom Corporation." - C:\WINXP\system32\btcpl.cpl

"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\WINXP\system32\DivXControlPanelApplet.cpl

"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINXP\system32\infocardcpl.cpl

"javacpl.cpl" - "Oracle" - C:\WINXP\system32\javacpl.cpl

"PWMCPl.cpl" - "Lenovo Group Limited" - C:\WINXP\system32\PWMCPl.cpl

"TpShCPL.cpl" - "Lenovo." - C:\WINXP\system32\TpShCPL.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"a48i7dur" (a48i7dur) - "Microsoft Corporation" - C:\WINXP\system32\drivers\a48i7dur.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"ANC" (ANC) - "IBM Corp." - C:\WINXP\System32\drivers\ANC.SYS

"APS Digitizer Activity Monitor" (TPDIGIMN) - "Lenovo." - C:\WINXP\System32\DRIVERS\ApsHM86.sys

"AVG Free AVI Loader Driver x86" (AvgLdx86) - "AVG Technologies CZ, s.r.o." - C:\WINXP\System32\Drivers\avgldx86.sys

"AVG Free Network Redirector" (AvgTdiX) - "AVG Technologies CZ, s.r.o." - C:\WINXP\System32\Drivers\avgtdix.sys

"AVG Free On-access Scanner Minifilter Driver x86" (AvgMfx86) - "AVG Technologies CZ, s.r.o." - C:\WINXP\System32\Drivers\avgmfx86.sys

"Changer" (Changer) - ? - C:\WINXP\system32\drivers\Changer.sys  (File not found)

"DozeHDD" (DozeHDD) - "Lenovo." - C:\WINXP\System32\DRIVERS\DozeHDD.sys

"i2omgmt" (i2omgmt) - ? - C:\WINXP\system32\drivers\i2omgmt.sys  (File not found)

"IBMTPCHK" (IBMTPCHK) - ? - C:\WINXP\system32\Drivers\IBMBLDID.sys  (File found, but it contains no detailed information)

"lbrtfdc" (lbrtfdc) - ? - C:\WINXP\system32\drivers\lbrtfdc.sys  (File not found)

"PCIDump" (PCIDump) - ? - C:\WINXP\system32\drivers\PCIDump.sys  (File not found)

"PDCOMP" (PDCOMP) - ? - C:\WINXP\system32\drivers\PDCOMP.sys  (File not found)

"PDFRAME" (PDFRAME) - ? - C:\WINXP\system32\drivers\PDFRAME.sys  (File not found)

"PDRELI" (PDRELI) - ? - C:\WINXP\system32\drivers\PDRELI.sys  (File not found)

"PDRFRAME" (PDRFRAME) - ? - C:\WINXP\system32\drivers\PDRFRAME.sys  (File not found)

"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINXP\System32\Drivers\PxHelp20.sys

"Shockprf" (Shockprf) - "Lenovo." - C:\WINXP\System32\DRIVERS\Apsx86.sys

"Shrew Soft Miniport Filter" (pflt) - "Shrew Soft Inc" - C:\WINXP\System32\DRIVERS\vfilter.sys

"Shrew Soft Virtual Adapter" (vnet) - "Shrew Soft Inc" - C:\WINXP\System32\DRIVERS\virtualnet.sys

"sptd" (sptd) - "Duplex Secure Ltd." - C:\WINXP\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)

"TPPWRIF" (TPPWRIF) - ? - C:\WINXP\System32\drivers\Tppwrif.sys  (File found, but it contains no detailed information)

"TSMAPIP" (TSMAPIP) - ? - C:\WINXP\System32\drivers\TSMAPIP.SYS  (File found, but it contains no detailed information)

"WDICA" (WDICA) - ? - C:\WINXP\system32\drivers\WDICA.sys  (File not found)
 

[Explorer]

-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----

{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINXP\system32\Rundll32.exe C:\WINXP\system32\mscories.dll,Install

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINXP\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINXP\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINXP\system32\mscoree.dll

{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll

{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL

{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} "XPLPPFilter Class" - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG9\avgpp.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----

{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} "AVG Find Extension" - ? -   (File not found | COM-object registry key not found)

{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} "AVG Shell Extension Class" - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG9\avgse.dll

{6af09ec9-b429-11d4-a1fb-0090960218cb} "Bluetooth-Umgebung" - "Broadcom Corporation." - C:\WINXP\system32\BTNEIG~1.DLL

{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)

{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\msohevi.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll

{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll

{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\WINXP\system32\btncopy.dll

{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL

{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINXP\system32\dfshim.dll

{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)

{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINXP\system32\dfshim.dll

{52B87208-9CCF-42C9-B88E-069281105805} "Trojan Remover Shell Extension" - ? -   (File not found | COM-object registry key not found)

{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll
 

[Internet Explorer]

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINXP\system32\Macromed\Flash\Flash10e.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

"@btrez.dll,-4015" - ? - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm

{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\Programme\Spybot - Search & Destroy\SDHelper.dll

{F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} "ClsidExtension" - "Lenovo Group Limited" - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} "AVG Safe Search" - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG9\avgssie.dll

{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} "IePasswordManagerHelper Class" - "Lenovo Group Limited" - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle" - C:\Programme\Java\jre6\bin\jp2ssv.dll

{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
 

[Logon]

-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini

"Digital Line Detect.lnk" - "Avanquest Software " - C:\Programme\Digital Line Detect\DLG.exe  (Shortcut exists | File exists)

"BTTray.lnk" - "Broadcom Corporation." - C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe  (Shortcut exists | File exists)

-----( %UserProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\Admin\Startmenü\Programme\Autostart\desktop.ini

"Dropbox.lnk" - ? - C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Dropbox\bin\Dropbox.exe  (Shortcut exists | File exists)

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"SpybotSD TeaTimer" - "Safer Networking Limited" - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"ACTray" - "Lenovo " - C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe

"ACWLIcon" - "Lenovo " - C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe

"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"

"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"AVG9_TRAY" - "AVG Technologies CZ, s.r.o." - C:\PROGRA~1\AVG\AVG9\avgtray.exe

"AwaySch" - "Lenovo Group Limited" - C:\Programme\Lenovo\AwayTask\AwaySch.EXE

"cssauth" - "Lenovo Group Limited" - "C:\Programme\Lenovo\Client Security Solution\cssauth.exe" silent

"DivXUpdate" - ? - "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

"EZEJMNAP" - "Lenovo Group Ltd." - C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

"LENOVO.TPFNF6R" - "Lenovo Group Limited" - C:\Programme\Lenovo\HOTKEY\TPFNF6R.exe

"LPMailChecker" - "Lenovo Group Limited" - C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe

"LPManager" - "Lenovo Group Limited" - C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe

"PWRMGRTR" - "Lenovo Group Limited" - rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor

"TPFNF7" - "Lenovo Group Limited" - C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe /r

"TPHOTKEY" - "Lenovo Group Limited" - C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe

"TPKMAPHELPER" - "Lenovo" - C:\Programme\ThinkPad\Utilities\TpKmapAp.exe -helper

"TpShocks" - "Lenovo." - TpShocks.exe
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"Bluetooth-Druckeranschluss" - "Broadcom Corporation." - C:\WINXP\system32\bthcrp.dll

"PDFCreator" - ? - C:\WINXP\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINXP\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

"Ac Profile Manager Service" (AcPrfMgrSvc) - "Lenovo " - C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

"Access Connections Main Service" (AcSvc) - "Lenovo " - C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe

"Anzeige am Bildschirm" (TPHKSVC) - "Lenovo Group Limited" - C:\Programme\LENOVO\HOTKEY\TPHKSVC.exe

"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINXP\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

"Automatische Updates" (wuauserv) - ? - C:\WINDOWS\system32\wuauserv.dll  (File not found)

"AVG Free E-mail Scanner" (avg9emc) - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG9\avgemc.exe

"AVG Free WatchDog" (avg9wd) - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG9\avgwdsvc.exe

"Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe

"getPlus(R) Helper" (getPlusHelper) - "NOS Microsystems Ltd." - C:\Programme\NOS\bin\getPlus_Helper.dll

"Google Update Service (gupdate1cad394c96e7d84)" (gupdate1cad394c96e7d84) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

"Google Updater Service" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe

"IBM KCU Service" (TpKmpSVC) - ? - C:\WINXP\system32\TpKmpSVC.exe  (File found, but it contains no detailed information)

"Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Programme\Intel\WiFi\bin\EvtEng.exe

"Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe

"Intel(R) PROSet/Wireless WiFi Service" (S24EventMonitor) - "Intel(R) Corporation" - C:\Programme\Intel\WiFi\bin\S24EvMon.exe

"IPS-Basisservice" (IPSSVC) - "Lenovo Group Limited" - C:\WINXP\system32\IPSSVC.EXE

"Java Quick Starter" (JavaQuickStarterService) - "Oracle" - C:\Programme\Java\jre6\bin\jqs.exe

"Lenovo Doze Mode Service" (DozeSvc) - "Lenovo." - C:\Programme\ThinkPad\Utilities\DOZESVC.EXE

"Lenovo Microphone Mute" (LENOVO.MICMUTE) - "Lenovo Group Limited" - C:\Programme\LENOVO\HOTKEY\MICMUTE.exe

"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE

"Nero BackItUp Scheduler 4.0" (Nero BackItUp Scheduler 4.0) - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe

"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE

"Power Manager DBC Service" (Power Manager DBC Service) - ? - C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe

"ShrewSoft DNS Proxy Daemon" (dtpd) - ? - C:\Programme\ShrewSoft\VPN Client\dtpd.exe  (File found, but it contains no detailed information)

"ShrewSoft IKE Daemon" (iked) - ? - C:\Programme\ShrewSoft\VPN Client\iked.exe  (File found, but it contains no detailed information)

"ShrewSoft IPSEC Daemon" (ipsecd) - ? - C:\Programme\ShrewSoft\VPN Client\ipsecd.exe  (File found, but it contains no detailed information)

"ThinkPad HDD APS Logging Service" (TPHDEXLGSVC) - "Lenovo." - C:\WINXP\System32\TPHDEXLG.exe

"ThinkVantage Registry Monitor Service" (ThinkVantage Registry Monitor Service) - "Lenovo Group Limited" - C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe

"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINXP\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINXP\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
 

[Winlogon]

-----( HKCU\Control Panel\IOProcs )-----

"MVB" - ? - mvfs32.dll  (File not found)

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----

"avgrsstarter" - "AVG Technologies CZ, s.r.o." - C:\WINXP\system32\avgrsstx.dll

"tpfnf2" - ? - C:\Programme\Lenovo\HOTKEY\notifyf2.dll  (File found, but it contains no detailed information)

"WgaLogon" - "Microsoft Corporation" - C:\WINXP\system32\WgaLogon.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

**********************************

Hier noch der komplette bootkit-remover Output:

Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.1.0.0
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000'00007e00
Boot sector MD5 is: 5ddc20efcc4d1dab37c348c7db7289cf

Size Device Name MBR Status
------------------------------------------------
111 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>

Done;

Liebe Grüße,

Reinhard

Zuerst mal bitte - falls noch nicht getan - die Datei remover.exe (vom BootkitRemover) vom Desktop nach c:\windows\system32 kopieren!
Danach die Konsole starten über Start, Ausführen, cmd eintippen, ok.

Den Text im folgenden Codefeld eintippen und mit Enter/Return ausführen:

Code:

remover.exe fix \\.\PhysicalDrive0

Hallo Arne,

habe die Datei kopiert und ausgeführt, allerdings habe ich nur den Ordner C:\WINXP\system32 (nicht C:\windows\system32) gefunden.

Hier der Output:

Bootkit Remover
.
.
.
Os Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

Restoring boot code at \\.\PhysicalDrive0...
OK

Done;
Press any key to quit...

Liebe Grüße,

Reinhard

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Hi Arne, sorry, dass ich mich so lange nicht gemeldet habe! Bin diese Woche umgezogen, aber habe es nun endlich geschaft, die software runterzuladen und auszuführen, es sieht allerdings nicht so gut aus. Malwarebytes hat irgendwas gefunden:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4402

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

07.08.2010 16:08:32
Malwarebytes_Log_2010_08_07

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 243531
Laufzeit: 39 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\usernt.dat (Malware.Trace) -> No action taken.

Ich habe die malware.trace infektion dann von malwarebytes beheben lassen.
Danach habe ich noch SuperAntispyware ausgeführt, welcher noch 2 Tracking-Cookies identifiziert hat (es gab allerdings keine Log-file, oder ich habe sie übersehen). Muss ich jetzt alles wiederholen??

Liebe Grüße,

Reinhard

Das sind nur Überreste gewesen und die Tracking Cookies sind eh harmlos.
Noch Probleme oder weitere Funde in der Zwischenzeit?