Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Windows Diagnostic - BITTE Hilfe beim entfernen (https://www.trojaner-board.de/96962-windows-diagnostic-bitte-hilfe-beim-entfernen.html)

Peter82 29.03.2011 20:41
Windows Diagnostic - BITTE Hilfe beim entfernen
 
Hallo zusammen,

auch ich wurde leider Opfer von Windows Diagnostic.

Neben den nervigen Fehlermeldungen, ist auch mein Dekstop leer bzw. "gelöscht" unddemnach alle privaten Dateien.

Ich habe mich auch informiert, wie ich diesen wieder los werde. Jedoch, bin ich nicht so IT erfahren, dass ich das ohne EURE Hilfe hinbekommen werde.

Ich habe bereits den Malware-Scan am Laufen und google mich durch das Thema, doch so richtig verstehen tue ich nichts. Und deswegen bitte auch für mich eine individuelle Anleitung.

Wenn der Scan durchgelaufen ist, werde ich diesen hier posten und anschließend den OTL-System-Scan durchzuführen.

Müssen für diese Scans andere Programme (z.B. Antivir, Mozilla) geschlossen/beendet sein?

Vielen Dank vorab!!!
Gruß Peter82

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6158

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

24.03.2011 21:26:12
mbam-log-2011-03-24 (21-26-12).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|S:\|)
Durchsuchte Objekte: 277329
Laufzeit: 58 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SSFdrVXAOXpQ (Trojan.FakeAlert) -> Value: SSFdrVXAOXpQ -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RestorPoint.exe (Trojan.SpyEyes) -> Value: RestorPoint.exe -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\restorpoint (Trojan.SpyEyes) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\programdata\ssfdrvxaoxpq.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\programdata\43310856.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\Users\InFo\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\6UJV0ZQ7\contacts[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\restorpoint\config.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.

OTL Logfile:
Code:
OTL logfile created on: 29.03.2011 21:50:09 - Run 2
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\InFo\Downloads
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 41,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 58,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137,82 Gb Total Space | 61,08 Gb Free Space | 44,32% Space Free | Partition Type: NTFS
Drive D: | 4,19 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF1.02
Drive Q: | 9,77 Gb Total Space | 3,93 Gb Free Space | 40,22% Space Free | Partition Type: NTFS
Drive S: | 1,46 Gb Total Space | 0,68 Gb Free Space | 46,35% Space Free | Partition Type: NTFS
 
Computer Name: INFO-PC | User Name: InFo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\InFo\Downloads\OTL(2).exe (OldTimer Tools)
PRC - C:\Platte\Programme\Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Platte\Programme\Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Platte\Programme\ICQ\ICQ6.5\ICQ.exe (ICQ, LLC.)
PRC - C:\ProgramData\DatacardService\DCService.exe ()
PRC - C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.)
PRC - C:\Programme\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)
PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
PRC - C:\Platte\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Platte\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe (Bytemobile, Inc.)
PRC - C:\Platte\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Platte\Programme\Neuer Ordner\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
PRC - C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo)
PRC - C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
PRC - C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
PRC - C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo)
PRC - C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo)
PRC - C:\Programme\ThinkPad\ConnectUtilities\ACGadgetWrapper.exe (Lenovo)
PRC - C:\Programme\Lenovo\Camera Center\bin\LenovoCameraCenter.exe (Lenovo)
PRC - C:\Programme\ThinkVantage Fingerprint Software\upeksvr.exe (UPEK Inc.)
PRC - C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe (Lenovo)
PRC - c:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\Programme\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\LenovoCare\LPMGR.EXE (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\LenovoCare\LPMLCHK.EXE (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe ()
PRC - c:\Programme\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Programme\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\ATK Hotkey\LFKA.exe (Lenovo)
PRC - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\LVOSDSVC.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\ATK Hotkey\LControl.exe (ATK0101)
PRC - C:\Programme\Lenovo\ATK Hotkey\LFKAS.exe ()
PRC - C:\Programme\ThinkPad\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Programme\Lenovo\ATK Hotkey\GFNEXSrv.exe ()
PRC - C:\Programme\Lenovo\ATK Hotkey\ASLDRSrv.exe ()
PRC - C:\Programme\Lexmark 3500-4500 Series\lxdiamon.exe ()
PRC - C:\Programme\Lexmark 3500-4500 Series\lxdimon.exe ()
PRC - C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation)
PRC - C:\Windows\System32\lxdicoms.exe ( )
PRC - C:\Programme\Adobe\Reader 8.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Lenovo\Drag-to-Disc\DrgToDsc.exe (Roxio)
PRC - c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\InFo\Downloads\OTL(2).exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (SessionLauncher) --  File not found
SRV - (DCService.exe) -- C:\ProgramData\DatacardService\DCService.exe ()
SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (Macromedia Licensing Service) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe ()
SRV - (AntiVirService) -- C:\Platte\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Platte\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (vpnagent) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (AcSvc) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo)
SRV - (AcPrfMgrSvc) -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo)
SRV - (Power Manager DBC Service) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo)
SRV - (ThinkVantage Registry Monitor Service) -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (TVT Backup Protection Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()
SRV - (SUService) -- c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (TVT_UpdateMonitor) -- C:\Programme\Lenovo\Rescue and Recovery\UpdateMonitor.exe (Lenovo Group Limited)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (Roxio Upnp Server 10) -- C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe (Sonic Solutions)
SRV - (Roxio UPnP Renderer 10) -- C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe (Sonic Solutions)
SRV - (RoxLiveShare10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (Sonic Solutions)
SRV - (RoxWatch10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe (Sonic Solutions)
SRV - (RoxMediaDB10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (LFKAS) -- C:\Programme\Lenovo\ATK Hotkey\LFKAS.exe ()
SRV - (btwdins) -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (ATKGFNEXSrv) -- C:\Programme\Lenovo\ATK Hotkey\GFNEXSrv.exe ()
SRV - (ASLDRService) -- C:\Programme\Lenovo\ATK Hotkey\ASLDRSrv.exe ()
SRV - (bgsvcgen) -- C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation)
SRV - (lxdi_device) -- C:\Windows\System32\lxdicoms.exe ( )
SRV - (lxdiCATSCustConnectService) -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe ()
SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (huawei_enumerator) -- C:\Windows\System32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (avgio) -- C:\Platte\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.)
DRV - (lnvomdm2) -- C:\Windows\System32\drivers\lnvomdm2.sys (MCCI Corporation)
DRV - (lnvounic) Ericsson F3507g Mobile Broadband Minicard Network Adapter (WDM) -- C:\Windows\System32\drivers\lnvounic.sys (MCCI Corporation)
DRV - (lnvomdm) -- C:\Windows\System32\drivers\lnvomdm.sys (MCCI Corporation)
DRV - (lnvond5) Ericsson F3507g Mobile Broadband Minicard Network Adapter (NDIS) -- C:\Windows\System32\drivers\lnvond5.sys (MCCI Corporation)
DRV - (lnvomdfl2) -- C:\Windows\System32\drivers\lnvomdfl2.sys (MCCI Corporation)
DRV - (lnvocard) -- C:\Windows\System32\drivers\lnvocard.sys (MCCI Corporation)
DRV - (lnvobus) Ericsson F3507g Mobile Broadband Minicard Composite Device driver (WDM) -- C:\Windows\System32\drivers\lnvobus.sys (MCCI Corporation)
DRV - (lnvomdfl) -- C:\Windows\System32\drivers\lnvomdfl.sys (MCCI Corporation)
DRV - (Sony_EricssonWWSC) -- C:\Windows\System32\drivers\lnvoscard.sys (Sony Ericsson)
DRV - (smihlp) SMI Helper Driver (smihlp) -- C:\Programme\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys (UPEK Inc.)
DRV - (TPPWRIF) -- C:\Windows\System32\drivers\TPPWR32V.SYS ()
DRV - (lnvogps) -- C:\Windows\System32\drivers\lnvogps.sys (Ericsson AB)
DRV - (IntcHdmiAddService) Intel(R) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (tvtumon) -- C:\Windows\System32\drivers\tvtumon.sys (Lenovo)
DRV - (Shockprf) -- C:\Windows\System32\DRIVERS\Apsx86.sys (Lenovo.)
DRV - (TPDIGIMN) -- C:\Windows\System32\DRIVERS\ApsHM86.sys (Lenovo.)
DRV - (lenovo.smi) -- C:\Windows\System32\drivers\smiif32.sys (Lenovo Group Limited)
DRV - (PCD5SRVC{DF187064-5DA14001-05040000}) -- C:\Programme\PCDR5\pcd5srvc.pkms (PC-Doctor, Inc.)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (DCamUSBGene) -- C:\Windows\System32\drivers\USBSTK.sys ()
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (ASMMAP) -- C:\Programme\Lenovo\ATK Hotkey\ASMMAP.sys ()
DRV - (DLADResM) -- C:\Windows\System32\DLA\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\Windows\System32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\Windows\System32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\Windows\System32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\Windows\System32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\Windows\System32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\Windows\System32\DLA\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\Windows\System32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (DLARTL_M) -- C:\Windows\System32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\Windows\System32\drivers\DLACDBHM.SYS (Roxio)
DRV - (MTsensor) -- C:\Windows\System32\drivers\A0101V32.sys (ATK0100)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Lenovo | MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Lenovo - Welcome - Country selection [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Lenovo - Welcome - Country selection [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
 
FF - HKLM\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ [2010.06.19 09:00:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\Platte\Programme\Firefox\components [2011.03.25 17:40:10 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\Platte\Programme\Firefox\plugins [2011.03.25 17:40:11 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.04.05 16:21:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010.03.26 22:29:39 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\InFo\AppData\Roaming\mozilla\Extensions
[2010.03.26 22:29:39 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\InFo\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.03.29 20:17:38 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\InFo\AppData\Roaming\mozilla\Firefox\Profiles\k6sivo2g.default\extensions
[2011.03.14 21:24:54 | 000,000,000 | -H-D | M] (Greasemonkey) -- C:\Users\InFo\AppData\Roaming\mozilla\Firefox\Profiles\k6sivo2g.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [ACWlIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
O4 - HKLM..\Run: [avgnt] C:\Platte\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BLOG] C:\Programme\ThinkPad\Utilities\BTVLOGEX.DLL ()
O4 - HKLM..\Run: [CameraApplicationLauncher] C:\Programme\Lenovo\Camera Center\bin\CameraApplicationLaunchPadLauncher.exe ()
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [LPMailChecker] C:\Programme\Lenovo\LenovoCare\LPMLCHK.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [LPManager] C:\Programme\Lenovo\LenovoCare\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [lxdiamon] C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe ()
O4 - HKLM..\Run: [lxdimon.exe] C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [PWMTRV] C:\Programme\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe (Sonic Solutions)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\LVOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Platte\Programme\Neuer Ordner\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [ICQ] C:\Platte\Programme\ICQ\ICQ6.5\ICQ.exe (ICQ, LLC.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Platte\Programme\ICQ\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Platte\Programme\ICQ\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\SWTOOLS\Wallpaper\BlackMap1680X1050.jpg
O24 - Desktop BackupWallPaper: C:\SWTOOLS\Wallpaper\BlackMap1680X1050.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.03.27 14:47:22 | 000,000,000 | R--D | M] - D:\AutoRun -- [ UDF1.02 ]
O32 - AutoRun File - [2007.10.04 00:36:21 | 001,528,743 | R--- | M] () - D:\Autorun.exe -- [ UDF1.02 ]
O32 - AutoRun File - [2007.08.01 15:00:31 | 000,000,049 | R--- | M] () - D:\Autorun.inf -- [ UDF1.02 ]
O32 - AutoRun File - [2008.06.10 14:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O32 - AutoRun File - [2008.06.02 20:46:54 | 000,000,049 | -HS- | M] () - S:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{22b23728-f9fb-11df-916a-001e101f7f74}\Shell - "" = AutoRun
O33 - MountPoints2\{22b23728-f9fb-11df-916a-001e101f7f74}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{22b23761-f9fb-11df-916a-001e101f50a4}\Shell - "" = AutoRun
O33 - MountPoints2\{22b23761-f9fb-11df-916a-001e101f50a4}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{585a513b-7b6f-11df-9ffa-028037ec0200}\Shell - "" = AutoRun
O33 - MountPoints2\{585a513b-7b6f-11df-9ffa-028037ec0200}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{585a51d8-7b6f-11df-9ffa-001e101f8aaa}\Shell - "" = AutoRun
O33 - MountPoints2\{585a51d8-7b6f-11df-9ffa-001e101f8aaa}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{80ce8457-d3a7-11dd-8155-00248c058049}\Shell - "" = AutoRun
O33 - MountPoints2\{80ce8457-d3a7-11dd-8155-00248c058049}\Shell\AutoRun\command - "" = S:\LenovoSDrive.exe -- [2008.06.06 17:59:28 | 000,163,840 | -HS- | M] ()
O33 - MountPoints2\{8cc795ae-25f9-11de-887c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8cc795ae-25f9-11de-887c-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2008.06.10 03:34:18 | 000,221,184 | -HS- | M] (Lenovo Group Limited)
O33 - MountPoints2\{8ecbbb12-d366-11dd-ab15-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8ecbbb12-d366-11dd-ab15-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2007.10.04 00:36:21 | 001,528,743 | R--- | M] ()
O33 - MountPoints2\{921501a0-9d48-11df-98c6-001e101f50a4}\Shell - "" = AutoRun
O33 - MountPoints2\{921501a0-9d48-11df-98c6-001e101f50a4}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.03.24 21:25:03 | 000,000,000 | ---D | C] -- C:\Users\InFo\AppData\Roaming\Malwarebytes
[2011.03.24 21:24:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.03.24 21:24:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.03.24 21:24:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.03.24 21:24:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.03.24 21:24:50 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.03.21 23:03:59 | 000,000,000 | -H-D | C] -- C:\Users\InFo\Desktop\Neuer Ordner (2)
[2011.03.21 22:09:40 | 000,000,000 | -H-D | C] -- C:\Users\InFo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Diagnostic
[2011.03.20 11:51:52 | 000,000,000 | -H-D | C] -- C:\Users\InFo\Desktop\USA
[2011.03.14 18:55:39 | 000,000,000 | -H-D | C] -- C:\Users\InFo\Documents\Bluetooth-Exchange-Ordner
[2011.03.14 18:55:38 | 000,000,000 | -H-D | C] -- C:\Users\InFo\Bluetooth Software
[2009.06.28 15:28:57 | 001,187,840 | ---- | C] ( ) -- C:\Windows\System32\lxdiserv.dll
[2009.06.28 15:28:57 | 000,942,080 | ---- | C] ( ) -- C:\Windows\System32\lxdiusb1.dll
[2009.06.28 15:28:57 | 000,671,744 | ---- | C] ( ) -- C:\Windows\System32\lxdihbn3.dll
[2009.06.28 15:28:57 | 000,614,400 | ---- | C] ( ) -- C:\Windows\System32\lxdipmui.dll
[2009.06.28 15:28:57 | 000,532,480 | ---- | C] ( ) -- C:\Windows\System32\lxdilmpm.dll
[2009.06.28 15:28:57 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\lxdiinpa.dll
[2009.06.28 15:28:57 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdiiesc.dll
[2009.06.28 15:28:57 | 000,320,432 | ---- | C] ( ) -- C:\Windows\System32\lxdiih.exe
[2009.06.28 15:28:57 | 000,311,296 | ---- | C] ( ) -- C:\Windows\System32\lxdihcp.dll
[2009.06.28 15:28:57 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdiprox.dll
[2009.06.28 15:28:57 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdipplc.dll
[2009.06.28 15:28:56 | 000,765,952 | ---- | C] ( ) -- C:\Windows\System32\lxdicomc.dll
[2009.06.28 15:28:56 | 000,517,040 | ---- | C] ( ) -- C:\Windows\System32\lxdicoms.exe
[2009.06.28 15:28:56 | 000,360,448 | ---- | C] ( ) -- C:\Windows\System32\lxdicomm.dll
[2009.06.28 15:28:56 | 000,340,912 | ---- | C] ( ) -- C:\Windows\System32\lxdicfg.exe
[1 C:\Users\InFo\Desktop\*.tmp files -> C:\Users\InFo\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.03.29 21:47:34 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.03.29 21:47:34 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.03.29 21:34:00 | 000,000,252 | ---- | M] () -- C:\Windows\tasks\Auf Updates für Windows Live Toolbar prüfen.job
[2011.03.29 20:10:21 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D93FDFF5-A721-4482-B7E8-ACA72C7C98A8}.job
[2011.03.29 20:06:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.03.27 17:51:44 | 2111,098,880 | -HS- | M] () -- C:\hiberfil.sys
[2011.03.27 14:50:20 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.03.27 10:58:13 | 000,685,868 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.03.27 10:58:13 | 000,642,654 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.03.27 10:58:13 | 000,151,132 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.03.27 10:58:13 | 000,122,798 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.03.24 21:24:55 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.21 22:09:43 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~43310856r
[2011.03.21 22:09:43 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~43310856
[2011.03.21 22:09:40 | 000,000,597 | -H-- | M] () -- C:\Users\InFo\Desktop\Windows Diagnostic.lnk
[2011.03.21 22:09:38 | 000,000,344 | -H-- | M] () -- C:\ProgramData\43310856
[2011.03.20 13:47:09 | 000,093,329 | -H-- | M] () -- C:\Users\InFo\Desktop\ESTA-Antrag_Jasmin.pdf
[2011.03.20 13:30:13 | 000,093,184 | -H-- | M] () -- C:\Users\InFo\Desktop\ESTA-Antrag_Bernard.pdf
[2011.03.14 19:07:11 | 000,000,194 | -H-- | M] () -- C:\Users\Public\Documents\BluetoothLog.html
[1 C:\Users\InFo\Desktop\*.tmp files -> C:\Users\InFo\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.03.24 21:24:55 | 000,000,916 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.21 23:02:11 | 2111,098,880 | -HS- | C] () -- C:\hiberfil.sys
[2011.03.21 22:09:43 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~43310856r
[2011.03.21 22:09:43 | 000,000,104 | -H-- | C] () -- C:\ProgramData\~43310856
[2011.03.21 22:09:40 | 000,000,597 | -H-- | C] () -- C:\Users\InFo\Desktop\Windows Diagnostic.lnk
[2011.03.21 22:09:38 | 000,000,344 | -H-- | C] () -- C:\ProgramData\43310856
[2011.03.20 13:47:08 | 000,093,329 | -H-- | C] () -- C:\Users\InFo\Desktop\ESTA-Antrag_Jasmin.pdf
[2011.03.20 13:30:12 | 000,093,184 | -H-- | C] () -- C:\Users\InFo\Desktop\ESTA-Antrag_Bernard.pdf
[2010.08.06 18:18:58 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010.08.06 18:18:58 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010.08.06 18:18:57 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010.08.06 18:18:57 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010.08.06 18:18:57 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010.08.06 18:18:57 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010.08.06 18:18:57 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010.08.06 18:18:57 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010.08.06 18:18:57 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010.08.06 18:18:57 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010.08.06 18:18:57 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2010.08.06 18:18:57 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010.08.06 18:18:57 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010.08.06 18:18:57 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010.08.06 18:18:57 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2010.08.06 18:18:57 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010.08.06 18:18:57 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2010.08.06 18:18:57 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2010.08.06 18:18:57 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2009.08.28 20:04:53 | 000,000,680 | -H-- | C] () -- C:\Users\InFo\AppData\Local\d3d9caps.dat
[2009.06.28 15:57:57 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2009.06.28 15:57:57 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2009.06.28 15:28:57 | 000,294,912 | ---- | C] () -- C:\Windows\System32\lxdiinst.dll
[2009.06.28 15:28:57 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdigrd.dll
[2009.06.16 13:25:02 | 000,121,512 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2009.05.09 20:01:56 | 000,006,144 | -H-- | C] () -- C:\Users\InFo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.15 15:47:11 | 000,000,092 | -H-- | C] () -- C:\Users\InFo\AppData\Local\fusioncache.dat
[2008.12.27 02:36:25 | 000,016,896 | ---- | C] () -- C:\Windows\Eventclr.exe
[2008.12.26 18:20:14 | 000,012,080 | ---- | C] () -- C:\Windows\System32\drivers\TPPWR32V.SYS
[2008.12.26 18:19:25 | 000,061,440 | R--- | C] () -- C:\Windows\System32\AABATT.dll
[2008.12.26 18:15:15 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008.12.26 18:15:15 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008.12.26 18:15:15 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008.12.26 18:15:15 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008.12.26 18:15:15 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008.12.26 18:15:15 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008.12.26 18:12:49 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2008.12.26 18:12:49 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2008.12.26 18:00:44 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008.12.26 18:00:44 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008.12.26 18:00:43 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2008.12.26 18:00:43 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008.12.26 18:00:42 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2008.12.26 17:57:19 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.12.26 17:55:10 | 000,522,256 | ---- | C] () -- C:\Windows\System32\drivers\USBSTK1.sys
[2008.12.26 17:55:10 | 000,278,288 | ---- | C] () -- C:\Windows\System32\drivers\USBSTK0.sys
[2008.12.26 17:55:10 | 000,176,528 | ---- | C] () -- C:\Windows\System32\drivers\USBSTK.sys
[2008.12.26 17:55:10 | 000,145,424 | ---- | C] () -- C:\Windows\System32\drivers\USBSTK2.sys
[2008.12.26 17:55:10 | 000,017,424 | ---- | C] () -- C:\Windows\System32\drivers\USBSTK3.sys
[2008.12.26 17:55:09 | 000,055,824 | ---- | C] () -- C:\Windows\CamUnist.exe
[2008.12.26 17:49:19 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008.04.16 19:59:47 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.04.16 19:59:46 | 000,685,868 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.04.16 19:59:46 | 000,151,132 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.04.16 19:59:46 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.01.21 04:25:51 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2008.01.21 04:24:41 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2007.04.16 04:24:16 | 000,023,752 | ---- | C] () -- C:\Windows\System32\providers.bin
[2007.03.30 10:13:24 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxdicoin.dll
[2007.03.23 15:44:46 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxdidrs.dll
[2007.02.09 14:07:06 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdicnv4.dll
[2007.01.23 19:40:16 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxdicaps.dll
[2006.11.02 14:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:43 | 000,413,864 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 12:33:01 | 000,642,654 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,122,798 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.11.02 09:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006.08.01 01:53:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdivs.dll
[2001.11.14 14:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
 
========== LOP Check ==========
 
[2010.06.19 09:01:20 | 000,000,000 | -H-D | M] -- C:\Users\InFo\AppData\Roaming\Bytemobile
[2009.08.19 15:49:30 | 000,000,000 | -H-D | M] -- C:\Users\InFo\AppData\Roaming\Cisco
[2009.04.18 20:25:38 | 000,000,000 | -H-D | M] -- C:\Users\InFo\AppData\Roaming\DAEMON Tools
[2009.04.18 20:26:02 | 000,000,000 | -H-D | M] -- C:\Users\InFo\AppData\Roaming\DAEMON Tools Lite
[2009.04.18 20:25:38 | 000,000,000 | -H-D | M] -- C:\Users\InFo\AppData\Roaming\DAEMON Tools Pro
[2010.11.28 11:50:21 | 000,000,000 | -H-D | M] -- C:\Users\InFo\AppData\Roaming\ICQ
[2009.04.10 15:04:52 | 000,000,000 | -H-D | M] -- C:\Users\InFo\AppData\Roaming\Leadertech
[2009.04.10 14:20:43 | 000,000,000 | -H-D | M] -- C:\Users\InFo\AppData\Roaming\Lenovo
[2009.06.28 15:35:58 | 000,000,000 | -H-D | M] -- C:\Users\InFo\AppData\Roaming\Lexmark Productivity Studio
[2009.04.15 15:43:53 | 000,000,000 | -H-D | M] -- C:\Users\InFo\AppData\Roaming\T-Online
[2011.03.25 17:47:30 | 000,000,000 | -H-D | M] -- C:\Users\InFo\AppData\Roaming\temp
[2010.03.26 22:29:38 | 000,000,000 | -H-D | M] -- C:\Users\InFo\AppData\Roaming\Thunderbird
[2010.06.19 09:01:34 | 000,000,000 | -H-D | M] -- C:\Users\InFo\AppData\Roaming\Vodafone
[2010.06.19 09:15:50 | 000,000,000 | -H-D | M] -- C:\Users\InFo\AppData\Roaming\Vodafone Mobile Connect
[2011.03.29 21:34:00 | 000,000,252 | ---- | M] () -- C:\Windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job
[2011.03.27 14:50:21 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.03.29 20:10:21 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{D93FDFF5-A721-4482-B7E8-ACA72C7C98A8}.job
 
========== Purity Check ==========
 
 
 
< End of report >
--- --- ---


OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 29.03.2011 21:50:09 - Run 2
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\InFo\Downloads
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 41,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 58,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137,82 Gb Total Space | 61,08 Gb Free Space | 44,32% Space Free | Partition Type: NTFS
Drive D: | 4,19 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF1.02
Drive Q: | 9,77 Gb Total Space | 3,93 Gb Free Space | 40,22% Space Free | Partition Type: NTFS
Drive S: | 1,46 Gb Total Space | 0,68 Gb Free Space | 46,35% Space Free | Partition Type: NTFS
 
Computer Name: INFO-PC | User Name: InFo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Platte\Programme\Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Platte\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Platte\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3DF2F71D-24A1-45B8-AD4F-812A936D11B2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{46F6892A-A410-4216-9176-64265B6B91D0}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{667867AB-0960-4824-934C-AC68E303EFA1}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A19FA8CC-B0C6-4D2E-9FA2-8A08215A8CF3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B053695E-E148-447E-8F08-26DFE0B5D9D2}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B1D476F0-7DB7-4238-A7CB-2D495134143A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D8C49683-F7D9-4A95-BF6D-BB0386FAA32F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DC40B384-7632-42FF-B0E5-0F522DE9123F}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E2550FE6-283A-47F4-9483-909C9F39EA24}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AD9BF03-D668-42F3-9EB9-8D12F04953E4}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxditime.exe |
"{23BD4D33-2E06-490C-AF91-F750EA635199}" = protocol=6 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdimon.exe |
"{2FEA0712-1E25-408A-B24B-35B4ABB5BAD1}" = protocol=17 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdiamon.exe |
"{3D0510DD-9100-4089-915B-A87D7265A0D4}" = protocol=6 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdiamon.exe |
"{52ACADBF-3B48-4D12-8A3C-DB97FADF1F99}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{530E5EF2-EF0D-4A30-8C4F-DA767CC72FD5}" = protocol=6 | dir=in | app=c:\windows\system32\lxdicoms.exe |
"{5B6D1134-A66C-4E70-B35C-BBA10AE7327C}" = protocol=17 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdimon.exe |
"{6EC36D40-907F-47E3-9766-3D247BB6BC50}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdipswx.exe |
"{6FB6C32D-A8FD-4D96-837E-D4F3C85A4838}" = protocol=17 | dir=in | app=c:\program files\lexmark 3500-4500 series\app4r.exe |
"{80AC7ABE-A826-4F31-8702-BCC648F6A259}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9D6C3D93-B673-43E7-9426-0D5B41009452}" = protocol=6 | dir=in | app=c:\program files\lexmark 3500-4500 series\app4r.exe |
"{D5270E69-35DD-4A3E-9B82-0BC4034FF6A1}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxditime.exe |
"{E7815F57-19CD-4FC8-86B7-A33F72B33406}" = protocol=17 | dir=in | app=c:\windows\system32\lxdicoms.exe |
"{EC338C79-6532-45CE-A207-0EBC425BE8DB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F69DDB9E-64C9-470E-87FB-EC30C72BD061}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdipswx.exe |
"TCP Query User{19BB69A5-86EE-49F2-AB58-B72DF3EC9F32}C:\program files\lexmark 3500-4500 series\lxdimon.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdimon.exe |
"TCP Query User{29D34CE9-D8BA-4482-A293-BB2AF0FAD921}C:\platte\spiele\gp3\gp3.exe" = protocol=6 | dir=in | app=c:\platte\spiele\gp3\gp3.exe |
"TCP Query User{8C6E7E55-203E-415B-B979-0D188B9C7AF5}C:\platte\spiele\kart\game\moorhuhn_kart3.exe" = protocol=6 | dir=in | app=c:\platte\spiele\kart\game\moorhuhn_kart3.exe |
"TCP Query User{996E71A8-F27C-4FDE-A1B0-94F7679F8108}C:\program files\lexmark 3500-4500 series\lxdiamon.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdiamon.exe |
"TCP Query User{AB456425-18B0-4733-9893-1E1E29F7581E}C:\platte\programme\icq\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\platte\programme\icq\icq6.5\icq.exe |
"TCP Query User{B8813E54-259C-442F-9F52-254A6E2C8C2E}C:\platte\programme\icq\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\platte\programme\icq\icq6.5\icq.exe |
"TCP Query User{D424A494-6BE4-4305-986C-ADAC1D74C3F7}D:\d-link.exe" = protocol=6 | dir=in | app=d:\d-link.exe |
"UDP Query User{25CD73FB-24BA-4ABA-AD99-BF7F08B38C0B}C:\platte\programme\icq\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\platte\programme\icq\icq6.5\icq.exe |
"UDP Query User{29718E64-F280-458E-A944-4888AF101CC0}C:\platte\spiele\gp3\gp3.exe" = protocol=17 | dir=in | app=c:\platte\spiele\gp3\gp3.exe |
"UDP Query User{9050DB3B-E36E-48BF-AC92-A4A4AC2AE44F}C:\platte\programme\icq\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\platte\programme\icq\icq6.5\icq.exe |
"UDP Query User{91BE120C-25B2-45C4-A0C3-8DF25E33F340}C:\program files\lexmark 3500-4500 series\lxdiamon.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdiamon.exe |
"UDP Query User{BB1223E7-88CE-404A-BA75-3FE5F4528E22}D:\d-link.exe" = protocol=17 | dir=in | app=d:\d-link.exe |
"UDP Query User{D0B0F59D-DC63-4A22-93EE-8D272F51648D}C:\program files\lexmark 3500-4500 series\lxdimon.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdimon.exe |
"UDP Query User{DB8D5685-9A58-4B95-9C95-392FB1A9AAEE}C:\platte\spiele\kart\game\moorhuhn_kart3.exe" = protocol=17 | dir=in | app=c:\platte\spiele\kart\game\moorhuhn_kart3.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = ThinkPad Bluetooth with Enhanced Data Rate Software 6.1.0.4500
"{055B9AD2-48E1-462E-9992-814123063C46}" = Lenovo_ATK_Package
"{05860BD6-2B3C-4B16-A300-964403ACF13C}" = ThinkVantage GPS
"{061A431C-86E7-4DB4-92B8-36DE783865CF}" = Integrated Camera
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{08163A7B-A683-4201-9166-BA4E65D263ED}" = Mobile Broadband Connect
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{10DDCDDD-9A59-4496-9371-C17F1668D433}" = Windows Live Toolbar
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP540_series" = Canon MP540 series MP Drivers
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad-Dienstprogramm 'EasyEject'
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1D1D8ADC-BF08-4E61-9393-5FA305B16864}" = Microsoft SQL Server Native Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Drag-to-Disc
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3F963A06-7C18-4039-9789-9644B3266AE7}" = Verizon Wireless BroadbandAccess Self Activation
"{42B49E02-8422-4B41-BABA-2B282E997462}" = Moorhuhn Kart 3 Demo
"{44E9D4C2-946C-4378-9354-558803C47A68}" = Client Security - Password Manager
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{4AB5764A-3894-49A2-BAA8-C4665F74CD4C}" = Registry patch to improve USB device detection on resume from sleep for Windows Vista
"{4BD295B9-0190-4C54-B08E-33A6ECA922DF}" = ThinkVantage Access Connections
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP1
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Small Business Edition
"{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}" = Adobe Flash Player 9 ActiveX
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01
"{5C759B74-34F4-43C6-A5D9-039CB754C5E9}" = Microsoft SQL Server VSS Writer
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6280149E-EFF3-4F1B-BD43-5B7EDD6F620A}" = Ergänzung zu Lenovo Care
"{64211D43-D195-413C-A7E7-666C10B53E1F}" = Ericsson Wireless Module Core
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Präsentationsdirektor
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{668ACF05-E455-4932-A2D2-5822A8206FEB}" = Camera Center
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}" = Vodafone Mobile Connect Lite
"{7A36FE6E-66C2-11D4-BE67-0000B4A81FCD}" = Grand Prix 3-Demo
"{7E4C16B8-8F76-4940-8505-98E93C00BF19}" = Rescue and Recovery
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{852AFD2D-07CC-46FD-A159-671102782771}" = Intel(R) PROSet/Wireless WiFi-Software
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{90FABD40-E741-446F-839D-CEAE905D63BE}" = ThinkPad Mobility Center Customization
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{939740B5-0064-4779-854A-8C1086181C05}" = Macromedia FreeHand MXa
"{959282E3-55A9-49D8-B885-D27CF8A2FD82}" = PHOTOfunSTUDIO 5.1 HD Edition
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CECB23C-F4BC-4FDA-A306-E544A216176A}" = ThinkVantage Status Gadget
"{9F98C9F8-9B49-411C-AFB9-AF633249FA7C}" = ThinkVantage Fingerprint Software 5.8
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AB7B2324-1C73-4FC0-B766-4EEB0A3753AF}" = Airfix Dogfighter DEMO
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CF52099A-3BEA-4C41-AEA8-1E190F04D737}" = Lenovo Care
"{D9F50DFC-5894-460A-9B14-44889BF42DFB}" = Cisco AnyConnect VPN Client
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Energie-Manager
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{E8A54984-9776-4283-ACE2-782BA850A1C0}" = Roxio Creator Small Business Edition
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{FA62B4C2-6CFD-462F-9B59-68A730001AB3}" = Product Recovery Disc Burning Utility
"414DA9DB2E84AAFAD2D2715FD9BABFAB2D209FFD" = Windows Driver Package - Lenovo 1.44 (05/14/2008 1.44)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP1
"CheckerBoard_is1" = CheckerBoard 1.65
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Dipmon" = Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista
"ElsterFormular 11.5.1.4843" = ElsterFormular
"FPIRPOn" = Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista
"FreePDF_XP" = FreePDF XP (Remove only)
"FUSSBALL MANAGER 08" = FUSSBALL MANAGER 08
"GPL Ghostscript 8.64" = GPL Ghostscript 8.64
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Lenovo Registration" = Lenovo Registration
"Lenovo Welcome_is1" = Lenovo Welcome v1.0.23.3
"LENOVO.SMIIF" = Lenovo System Interface Driver
"Lexmark 3500-4500 Series" = Lexmark 3500-4500 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (3.0.8)" = Mozilla Firefox (3.0.8)
"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)
"OnScreenDisplay" = Anzeige am Bildschirm
"PC-Doctor 5 for Windows" = PC-Doctor 5 für Windows
"PDF Blender" = PDF Blender
"Power Management Driver" = ThinkPad Power Management Driver for SL Series
"PROHYBRIDR" = 2007 Microsoft Office system
"ProInst" = Intel PROSet Wireless
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"USBPMon" = Registry patch for Windows Vista USB S3 PM Enablement
"VLC media player" = VLC media player 0.9.9
"Windows Live Toolbar" = Windows Live Toolbar
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
--- --- ---

cosinus 30.03.2011 20:23
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.

Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern)


Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

Peter82 31.03.2011 08:54
Danke erst einmal für die schnelle Antwort.

Wenn ich heute Nachmittag zu Hause bin werde ich das Tool sofort ausführen und noch einmal den Malwarebyte scan ausführen und posten! Ich habe aber noch nichts gemacht, außer den Scan mit Malwarebytes und OTL! Muss ich nicht noch etwas unternehmen um den Trojaner zu entfernen? Im Forum steht auch was von dem Programm "rkill.exe" muss man das nicht ausführen?

Nicht dass der Trojaner noch irgendwo im System schlummert. Ich trau mich momentan nicht, irgendwo im Inet mein Passwort einzugeben. Hoffe, ich bekomme das mit Eurer Hilfe wieder hin. DANKE!

cosinus 31.03.2011 13:31
Zitat:
Ich habe aber noch nichts gemacht, außer den Scan mit Malwarebytes und OTL! Muss ich nicht noch etwas unternehmen um den Trojaner zu entfernen? Im Forum steht auch was von dem Programm "rkill.exe" muss man das nicht ausführen?
Bitte geduldig bleiben!! Ich hab nirgendwo geschrieben, dass wir nach unhide fertig sind!
Außerdem hab ich gefrgat ob du noch andere Logs von Malwarebytes hast.

Peter82 31.03.2011 13:51
Dann entschuldige bitte meine Ungeduld! Ich bin mitten in der Diplomarbeit und nun dieser Ärger ;o)

Nein, keine weitern Logs aus Malewarebyte!
Bin gleich zu Hause und werde dann sofort das Tool ausführen.

Peter82 31.03.2011 16:35
Hi,
habe unhide erfolgreich ausgeführt und mein Desktop und Benutzer sind wieder sichtbar. Klasse!!!

Bisher habe ich nur einen Log von Malwarbyte und den hatte ich gepostet. Ich führe jetzt noch einmal Malwarbyte aus und kann dann anschließend den neuen Log posten.
Ansonsten warte ich auf weitere Anweisungen!

Vielen Dank vorab. :applaus:

cosinus 31.03.2011 17:41
Ja, mach bitte einen Vollscan aber vorher Malwarebytes updaten!!

Peter82 31.03.2011 18:58
Malwarebyte erledigt.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6228

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

31.03.2011 19:53:26
mbam-log-2011-03-31 (19-53-26).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|S:\|)
Durchsuchte Objekte: 278080
Laufzeit: 1 Stunde(n), 0 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus 31.03.2011 19:17
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.03.27 14:47:22 | 000,000,000 | R--D | M] - D:\AutoRun -- [ UDF1.02 ]
O32 - AutoRun File - [2007.10.04 00:36:21 | 001,528,743 | R--- | M] () - D:\Autorun.exe -- [ UDF1.02 ]
O32 - AutoRun File - [2007.08.01 15:00:31 | 000,000,049 | R--- | M] () - D:\Autorun.inf -- [ UDF1.02 ]
O32 - AutoRun File - [2008.06.10 14:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O32 - AutoRun File - [2008.06.02 20:46:54 | 000,000,049 | -HS- | M] () - S:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{22b23728-f9fb-11df-916a-001e101f7f74}\Shell - "" = AutoRun
O33 - MountPoints2\{22b23728-f9fb-11df-916a-001e101f7f74}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{22b23761-f9fb-11df-916a-001e101f50a4}\Shell - "" = AutoRun
O33 - MountPoints2\{22b23761-f9fb-11df-916a-001e101f50a4}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{585a513b-7b6f-11df-9ffa-028037ec0200}\Shell - "" = AutoRun
O33 - MountPoints2\{585a513b-7b6f-11df-9ffa-028037ec0200}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{585a51d8-7b6f-11df-9ffa-001e101f8aaa}\Shell - "" = AutoRun
O33 - MountPoints2\{585a51d8-7b6f-11df-9ffa-001e101f8aaa}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{80ce8457-d3a7-11dd-8155-00248c058049}\Shell - "" = AutoRun
O33 - MountPoints2\{80ce8457-d3a7-11dd-8155-00248c058049}\Shell\AutoRun\command - "" = S:\LenovoSDrive.exe -- [2008.06.06 17:59:28 | 000,163,840 | -HS- | M] ()
O33 - MountPoints2\{8cc795ae-25f9-11de-887c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8cc795ae-25f9-11de-887c-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2008.06.10 03:34:18 | 000,221,184 | -HS- | M] (Lenovo Group Limited)
O33 - MountPoints2\{8ecbbb12-d366-11dd-ab15-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8ecbbb12-d366-11dd-ab15-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2007.10.04 00:36:21 | 001,528,743 | R--- | M] ()
O33 - MountPoints2\{921501a0-9d48-11df-98c6-001e101f50a4}\Shell - "" = AutoRun
O33 - MountPoints2\{921501a0-9d48-11df-98c6-001e101f50a4}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
[2011.03.21 22:09:43 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~43310856r
[2011.03.21 22:09:43 | 000,000,104 | -H-- | C] () -- C:\ProgramData\~43310856
[2011.03.21 22:09:40 | 000,000,597 | -H-- | C] () -- C:\Users\InFo\Desktop\Windows Diagnostic.lnk
[2011.03.21 22:09:38 | 000,000,344 | -H-- | C] () -- C:\ProgramData\43310856
O4 - HKLM..\Run: []  File not found
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Peter82 31.03.2011 20:24
auch der OTL-Fix wurde ausgeführt.

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\ not found.
File C:\Programme\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ not found.
File C:\Programme\Softonic_Deutsch\tbSoft.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}\ not found.
File C:\Programme\Softonic_Deutsch\tbSoft.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File move failed. D:\Autorun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d7380fa-3268-11df-9e7f-001f1607309d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d7380fa-3268-11df-9e7f-001f1607309d}\ not found.
File G:\Menu.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e8511a56-3caa-11df-9317-001f1607309d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e8511a56-3caa-11df-9317-001f1607309d}\ not found.
File F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\usb323.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e8511a56-3caa-11df-9317-001f1607309d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e8511a56-3caa-11df-9317-001f1607309d}\ not found.
File F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\usb323.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\CollaborationHost not found.
File move failed. C:\Windows\System32\p2phost.exe scheduled to be moved on reboot.
File C:\ProgramData\~43835144r not found.
File C:\ProgramData\~43835144 not found.
File C:\Users\martina\Desktop\Windows Diagnostic.lnk not found.
File C:\ProgramData\43835144 not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: InFo
->Temp folder emptied: 167860031 bytes
->Temporary Internet Files folder emptied: 142745310 bytes
->FireFox cache emptied: 75473274 bytes
->Flash cache emptied: 48014 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 20374635 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 388,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 03312011_211423

Files\Folders moved on Reboot...
File move failed. D:\Autorun.exe scheduled to be moved on reboot.
File move failed. C:\Windows\System32\p2phost.exe scheduled to be moved on reboot.

Registry entries deleted on Reboot...

cosinus 01.04.2011 11:29
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Peter82 01.04.2011 14:20
hier der Log des ComboFix:

Combofix Logfile:
Code:
ComboFix 11-03-31.04 - InFo 01.04.2011  14:52:54.1.2 - x86
Microsoft® Windows Vista™ Business  6.0.6001.1.1252.49.1031.18.2013.1060 [GMT 2:00]
ausgeführt von:: c:\users\InFo\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\InFo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Diagnostic
c:\users\InFo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Diagnostic\Uninstall Windows Diagnostic.lnk
c:\users\InFo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Diagnostic\Windows Diagnostic.lnk
c:\users\InFo\Desktop\Windows Diagnostic.lnk
c:\windows\system32\Thumbs.db
Q:\AUTORUN.INF
S:\Autorun.inf
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-03-01 bis 2011-04-01  ))))))))))))))))))))))))))))))
.
.
2011-04-01 12:42 . 2011-04-01 12:43        --------        d-----w-        c:\program files\CCleaner
2011-03-31 19:14 . 2011-03-31 19:14        --------        d-----w-        C:\_OTL
2011-03-24 19:25 . 2011-03-24 19:25        --------        d-----w-        c:\users\InFo\AppData\Roaming\Malwarebytes
2011-03-24 19:24 . 2010-12-20 17:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-24 19:24 . 2011-03-24 19:24        --------        d-----w-        c:\programdata\Malwarebytes
2011-03-24 19:24 . 2011-03-24 19:24        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2011-03-24 19:24 . 2010-12-20 17:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-03-14 16:55 . 2011-03-14 16:55        --------        d-----w-        c:\users\InFo\Bluetooth Software
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"DAEMON Tools Lite"="c:\platte\Programme\Neuer Ordner\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"ICQ"="c:\platte\Programme\ICQ\ICQ6.5\ICQ.exe" [2010-11-16 172856]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 2356088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-06-08 60192]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-10 1045800]
"TpShocks"="TpShocks.exe" [2008-06-06 181536]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\LVOSDSVC.exe" [2008-03-24 64368]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-04 242976]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-17 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-17 145944]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-24 487424]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2008-04-25 244208]
"RoxioDragToDisc"="c:\program files\Lenovo\Drag-to-Disc\DrgToDsc.exe" [2007-03-13 1116920]
"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 419376]
"LPManager"="c:\progra~1\Lenovo\LENOVO~2\LPMGR.exe" [2008-06-08 165208]
"LPMailChecker"="c:\progra~1\Lenovo\LENOVO~2\LPMLCHK.exe" [2008-06-08 124248]
"CameraApplicationLauncher"="c:\program files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe" [2008-07-10 16384]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2008-06-15 595232]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BTVLogEx.DLL" [2008-06-15 214576]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2008-07-14 431392]
"ACWlIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWlIcon.exe" [2008-07-14 148768]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2008-06-25 3077432]
"avgnt"="c:\platte\Programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"lxdimon.exe"="c:\program files\Lexmark 3500-4500 Series\lxdimon.exe" [2007-07-16 434864]
"lxdiamon"="c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-07-16 25264]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2008-07-22 357376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2008-3-17 752168]
PHOTOfunSTUDIO 5.1 HD Edition.lnk - c:\program files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe [2010-8-6 172544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2008-06-24 16:31        95496        ------w-        c:\windows\System32\psqlpwd.dll
.
R1 tvtumon;tvtumon;c:\windows\system32\DRIVERS\tvtumon.sys [2008-05-24 48192]
R2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe [2007-06-11 99248]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [2008-04-25 362992]
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2008-04-25 309744]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2008-04-25 166384]
R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [2008-05-24 253952]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2010-03-20 116736]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
R3 PCD5SRVC{DF187064-5DA14001-05040000};PCD5SRVC{DF187064-5DA14001-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PCDR5\PCD5SRVC.pkms [2008-05-07 21280]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2008-04-25 313840]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-25 1120752]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-04-18 717296]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2008-05-14 19496]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\platte\Programme\Avira\AntiVir Desktop\sched.exe [2009-06-13 108289]
S2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [2010-05-08 229376]
S2 LFKAS;Service of LFKA;c:\program files\Lenovo\ATK Hotkey\LFKAS.exe [2008-03-19 208896]
S2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe [2007-06-11 517040]
S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2008-06-15 66848]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2008-06-24 12560]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2008-03-27 58736]
S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2008-05-24 520192]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-09-11 9216]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2008-08-21 370872]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-01-29 29736]
S3 DCamUSBGene;Integrated Camera;c:\windows\system32\DRIVERS\usbstk.sys [2008-03-17 176528]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2010-04-09 63616]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-04 113664]
S3 lnvobus;Ericsson F3507g Mobile Broadband Minicard Composite Device driver (WDM);c:\windows\system32\DRIVERS\lnvobus.sys [2008-06-26 302464]
S3 lnvocard;Ericsson F3507g Mobile Broadband Minicard Device Management;c:\windows\system32\DRIVERS\lnvocard.sys [2008-06-26 377088]
S3 lnvogps;Ericsson F3507g Mobile Broadband Minicard GPS Port;c:\windows\system32\DRIVERS\lnvogps.sys [2008-06-12 71720]
S3 lnvomdfl;Ericsson F3507g Mobile Broadband Minicard Modem Filter;c:\windows\system32\DRIVERS\lnvomdfl.sys [2008-06-26 15104]
S3 lnvomdfl2;Ericsson F3507g Mobile Broadband Minicard Data Modem Filter;c:\windows\system32\DRIVERS\lnvomdfl2.sys [2008-06-26 15104]
S3 lnvomdm;Ericsson F3507g Mobile Broadband Minicard Modem Driver;c:\windows\system32\DRIVERS\lnvomdm.sys [2008-06-26 385536]
S3 lnvomdm2;Ericsson F3507g Mobile Broadband Minicard Data Modem;c:\windows\system32\DRIVERS\lnvomdm2.sys [2008-06-26 430080]
S3 lnvond5;Ericsson F3507g Mobile Broadband Minicard Network Adapter (NDIS);c:\windows\system32\DRIVERS\lnvond5.sys [2008-06-26 25984]
S3 lnvounic;Ericsson F3507g Mobile Broadband Minicard Network Adapter (WDM);c:\windows\system32\DRIVERS\lnvounic.sys [2008-06-26 402944]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-05-01 3660800]
S3 Sony_EricssonWWSC;Ericsson F3507g Mobile Broadband Minicard PC SC Port;c:\windows\system32\DRIVERS\lnvoscard.sys [2008-06-26 24232]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - BMLoad
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork        REG_MULTI_SZ          PLA DPS BFE mpssvc
bthsvcs        REG_MULTI_SZ          BthServ
WindowsMobile        REG_MULTI_SZ          wcescomm rapimgr
LocalServiceRestricted        REG_MULTI_SZ          WcesComm RapiMgr
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-01 c:\windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 13:54]
.
2011-03-31 c:\windows\Tasks\User_Feed_Synchronization-{D93FDFF5-A721-4482-B7E8-ACA72C7C98A8}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:25]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://
uSearchURL,(Default) = hxxp://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
LSP: bmnet.dll
FF - ProfilePath - c:\users\InFo\AppData\Roaming\Mozilla\Firefox\Profiles\k6sivo2g.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\platte\Programme\Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-MobileConnect - %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-04-01 15:08
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
.
c:\windows\TEMP\TMP00000053A5A589FFD8BE10ED 524288 bytes executable
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{DF187064-5DA14001-05040000}]
"ImagePath"="\??\c:\progra~1\PCDR5\PCD5SRVC.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(800)
c:\windows\system32\bmnet.dll
.
- - - - - - - > 'Explorer.exe'(3880)
c:\windows\system32\btmmhook.dll
c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\GR\PWMRT32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\PWMIF32V.DLL
c:\windows\system32\Sensor.dll
c:\windows\system32\igfxdev.dll
c:\windows\system32\btncopy.dll
c:\program files\Lenovo\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Lenovo\Drag-to-Disc\ShellRes.dll
c:\program files\Lenovo\ATK Hotkey\AGFNEX.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\ThinkVantage Fingerprint Software\upeksvr.exe
c:\program files\Lenovo\ATK Hotkey\ASLDRSrv.exe
c:\program files\Lenovo\ATK Hotkey\GFNEXSrv.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\platte\Programme\Avira\AntiVir Desktop\avguard.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\windows\System32\bgsvcgen.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conime.exe
c:\program files\Lenovo\ATK Hotkey\LCONTROL.exe
c:\program files\Lenovo\ATK Hotkey\LFKA.exe
c:\windows\System32\TpShocks.exe
c:\program files\ThinkPad\Utilities\EZEJMNAP.EXE
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\LenovoCare\LPMGR.EXE
c:\program files\Lenovo\LenovoCare\LPMLCHK.EXE
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\System32\rundll32.exe
c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\ThinkPad\Bluetooth Software\BtStackServer.exe
c:\program files\ThinkPad\ConnectUtilities\ACGadgetWrapper.exe
c:\program files\ThinkPad\ConnectUtilities\AcFnF5.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-04-01  15:12:31 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-04-01 13:12
.
Vor Suchlauf: 17 Verzeichnis(se), 63.283.060.736 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 62.717.857.792 Bytes frei
.
- - End Of File - - 54E3F3077D5CF7938375566E99948728
--- --- ---

cosinus 01.04.2011 14:46
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Peter82 01.04.2011 16:31
2011/04/01 17:26:13.0765 5036 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/01 17:26:14.0529 5036 ================================================================================
2011/04/01 17:26:14.0529 5036 SystemInfo:
2011/04/01 17:26:14.0529 5036
2011/04/01 17:26:14.0529 5036 OS Version: 6.0.6001 ServicePack: 1.0
2011/04/01 17:26:14.0529 5036 Product type: Workstation
2011/04/01 17:26:14.0529 5036 ComputerName: INFO-PC
2011/04/01 17:26:14.0529 5036 UserName: InFo
2011/04/01 17:26:14.0529 5036 Windows directory: C:\Windows
2011/04/01 17:26:14.0529 5036 System windows directory: C:\Windows
2011/04/01 17:26:14.0529 5036 Processor architecture: Intel x86
2011/04/01 17:26:14.0529 5036 Number of processors: 2
2011/04/01 17:26:14.0529 5036 Page size: 0x1000
2011/04/01 17:26:14.0529 5036 Boot type: Normal boot
2011/04/01 17:26:14.0529 5036 ================================================================================
2011/04/01 17:26:21.0456 5036 Initialize success
2011/04/01 17:27:03.0182 5716 ================================================================================
2011/04/01 17:27:03.0183 5716 Scan started
2011/04/01 17:27:03.0183 5716 Mode: Manual;
2011/04/01 17:27:03.0183 5716 ================================================================================
2011/04/01 17:27:04.0528 5716 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2011/04/01 17:27:04.0746 5716 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/04/01 17:27:04.0824 5716 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/04/01 17:27:05.0058 5716 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/04/01 17:27:05.0261 5716 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/04/01 17:27:05.0464 5716 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2011/04/01 17:27:05.0588 5716 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/04/01 17:27:05.0635 5716 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/01 17:27:05.0682 5716 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/04/01 17:27:05.0869 5716 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/04/01 17:27:05.0947 5716 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/04/01 17:27:06.0056 5716 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/04/01 17:27:06.0290 5716 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/04/01 17:27:06.0524 5716 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/04/01 17:27:06.0712 5716 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/04/01 17:27:06.0821 5716 ASMMAP (7b4d08d2017ac06689d422e06c43f0aa) C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys
2011/04/01 17:27:07.0024 5716 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/01 17:27:07.0117 5716 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2011/04/01 17:27:07.0258 5716 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Platte\Programme\Avira\AntiVir Desktop\avgio.sys
2011/04/01 17:27:07.0523 5716 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/04/01 17:27:07.0679 5716 avipbb (6d52060b59e7d79cd2a044b6add1f1ef) C:\Windows\system32\DRIVERS\avipbb.sys
2011/04/01 17:27:07.0882 5716 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/04/01 17:27:08.0100 5716 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/04/01 17:27:08.0303 5716 BMLoad (d002033c1a37f6af51b5f0ba6d0211bc) C:\Windows\system32\drivers\BMLoad.sys
2011/04/01 17:27:08.0365 5716 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/01 17:27:08.0537 5716 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/01 17:27:08.0584 5716 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/04/01 17:27:08.0708 5716 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/04/01 17:27:08.0771 5716 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/04/01 17:27:08.0802 5716 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/01 17:27:08.0958 5716 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/04/01 17:27:09.0098 5716 BthEnum (cce53afc28347cc18ea139972e5b5e5a) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/04/01 17:27:09.0176 5716 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/04/01 17:27:09.0286 5716 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/04/01 17:27:09.0364 5716 BTHPORT (ac8a1689d5efc4d214201155a78d8f4b) C:\Windows\system32\Drivers\BTHport.sys
2011/04/01 17:27:09.0504 5716 BTHUSB (288c1f74e3e2eed6c7b54eb3aac70856) C:\Windows\system32\Drivers\BTHUSB.sys
2011/04/01 17:27:09.0582 5716 btwaudio (f2f7342742180d5060285499dee50f99) C:\Windows\system32\drivers\btwaudio.sys
2011/04/01 17:27:09.0691 5716 btwavdt (32f59f26a30cfc508da11db3ea0f8b77) C:\Windows\system32\drivers\btwavdt.sys
2011/04/01 17:27:09.0769 5716 btwl2cap (ecb98391c756a7b9cfbae89d9d1235e1) C:\Windows\system32\DRIVERS\btwl2cap.sys
2011/04/01 17:27:10.0019 5716 btwrchid (03658734ef7d0f3b3f4636d3e8a38964) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/04/01 17:27:10.0393 5716 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/01 17:27:10.0643 5716 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/01 17:27:11.0126 5716 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/04/01 17:27:11.0828 5716 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2011/04/01 17:27:12.0796 5716 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/01 17:27:13.0778 5716 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/04/01 17:27:14.0340 5716 CnxtHdAudService (9ee20b227083b6e8a0d1c61b2a122b0b) C:\Windows\system32\drivers\CHDRT32.sys
2011/04/01 17:27:14.0480 5716 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/01 17:27:14.0527 5716 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/04/01 17:27:14.0574 5716 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/04/01 17:27:14.0714 5716 CSC (9a5434125c3dfe42393de4bbb791bd19) C:\Windows\system32\drivers\csc.sys
2011/04/01 17:27:14.0855 5716 DCamUSBGene (ca4ebaaf5ecb8764af561959006a090c) C:\Windows\system32\DRIVERS\usbstk.sys
2011/04/01 17:27:14.0948 5716 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2011/04/01 17:27:15.0448 5716 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/04/01 17:27:15.0916 5716 DLABMFSM (5b149ccfe275f4de0b4b8ec6b9f6821e) C:\Windows\system32\DLA\DLABMFSM.SYS
2011/04/01 17:27:16.0462 5716 DLABOIOM (ad4cb3d783634c90a9d0ce360933a63c) C:\Windows\system32\DLA\DLABOIOM.SYS
2011/04/01 17:27:17.0008 5716 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\Windows\system32\Drivers\DLACDBHM.SYS
2011/04/01 17:27:17.0429 5716 DLADResM (dae193b1ddc6914f56b767a4f1406351) C:\Windows\system32\DLA\DLADResM.SYS
2011/04/01 17:27:17.0600 5716 DLAIFS_M (6a82f77c4a6f5235bf352f0028e2ef52) C:\Windows\system32\DLA\DLAIFS_M.SYS
2011/04/01 17:27:17.0819 5716 DLAOPIOM (0e6052c0ada37504896a847231a3907d) C:\Windows\system32\DLA\DLAOPIOM.SYS
2011/04/01 17:27:18.0006 5716 DLAPoolM (29670bb4e2b973c5b55a76107d4910b2) C:\Windows\system32\DLA\DLAPoolM.SYS
2011/04/01 17:27:18.0256 5716 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\Windows\system32\Drivers\DLARTL_M.SYS
2011/04/01 17:27:18.0427 5716 DLAUDFAM (6b087732b86c1d866d69dbbe463ea90a) C:\Windows\system32\DLA\DLAUDFAM.SYS
2011/04/01 17:27:18.0568 5716 DLAUDF_M (bbeecb95f2841ae4a3e3690d46d7153d) C:\Windows\system32\DLA\DLAUDF_M.SYS
2011/04/01 17:27:18.0708 5716 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/04/01 17:27:18.0817 5716 DRVMCDB (83106585494d5eb96f59187200c144bd) C:\Windows\system32\Drivers\DRVMCDB.SYS
2011/04/01 17:27:18.0942 5716 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\Windows\system32\Drivers\DRVNDDM.SYS
2011/04/01 17:27:19.0020 5716 DXGKrnl (f8bf50a8d862f8cc089080bec509bca6) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/01 17:27:19.0192 5716 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/04/01 17:27:19.0379 5716 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/01 17:27:19.0675 5716 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/04/01 17:27:19.0862 5716 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/04/01 17:27:20.0065 5716 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/04/01 17:27:20.0455 5716 ewusbnet (921878114f48949cfae9abe6fc4c4cc3) C:\Windows\system32\DRIVERS\ewusbnet.sys
2011/04/01 17:27:20.0658 5716 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/04/01 17:27:20.0705 5716 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/04/01 17:27:21.0048 5716 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/01 17:27:21.0329 5716 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/04/01 17:27:21.0532 5716 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/04/01 17:27:21.0719 5716 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/01 17:27:21.0937 5716 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/04/01 17:27:22.0140 5716 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/01 17:27:22.0234 5716 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/01 17:27:22.0327 5716 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/04/01 17:27:22.0514 5716 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/01 17:27:22.0655 5716 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/04/01 17:27:22.0811 5716 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/04/01 17:27:22.0936 5716 HidUsb (e2b5bd48afcc0f0974fb44641b223250) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/01 17:27:22.0998 5716 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/04/01 17:27:23.0216 5716 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/04/01 17:27:23.0310 5716 HSF_DPV (fadd7095163cb3cb4073793ebb50fe75) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/04/01 17:27:23.0622 5716 HSXHWAZL (058783bedd17615d1fece09f77960436) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/04/01 17:27:23.0778 5716 HTTP (406c027c18e98a396faa1963dad5ff70) C:\Windows\system32\drivers\HTTP.sys
2011/04/01 17:27:23.0965 5716 huawei_enumerator (22a4b14530194fc57c1c849fb5afee17) C:\Windows\system32\DRIVERS\ew_jubusenum.sys
2011/04/01 17:27:24.0043 5716 hwdatacard (0b3957226ec94b1ecb7b9348bb535a23) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2011/04/01 17:27:24.0340 5716 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/04/01 17:27:24.0464 5716 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/01 17:27:24.0558 5716 iaStor (9f1220113a3a7f4f08042c699324d073) C:\Windows\system32\DRIVERS\iaStor.sys
2011/04/01 17:27:24.0808 5716 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/04/01 17:27:25.0010 5716 IBMPMDRV (4a8ab38fdf3649c1fe3e9d16bf79927d) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
2011/04/01 17:27:25.0447 5716 igfx (6fb1858d1f0923d122b0331865695041) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/04/01 17:27:25.0728 5716 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/04/01 17:27:26.0024 5716 IntcHdmiAddService (ab8b0206bcdff0ed03cec500fa03a32a) C:\Windows\system32\drivers\IntcHdmi.sys
2011/04/01 17:27:26.0212 5716 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/04/01 17:27:26.0430 5716 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/01 17:27:26.0524 5716 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/01 17:27:26.0898 5716 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/01 17:27:27.0085 5716 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/01 17:27:27.0132 5716 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/04/01 17:27:27.0288 5716 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/04/01 17:27:27.0382 5716 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/01 17:27:27.0740 5716 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/04/01 17:27:27.0990 5716 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/04/01 17:27:28.0349 5716 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/01 17:27:28.0692 5716 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
2011/04/01 17:27:29.0066 5716 KSecDD (5367dc846cae9639b899bfd13b97a8c9) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/01 17:27:29.0285 5716 lenovo.smi (3c3f7f424e324c6971632c5de5ff458f) C:\Windows\system32\DRIVERS\smiif32.sys
2011/04/01 17:27:29.0503 5716 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/01 17:27:29.0815 5716 lnvobus (7538b32e116a45af94c387020d6dcd67) C:\Windows\system32\DRIVERS\lnvobus.sys
2011/04/01 17:27:30.0034 5716 lnvocard (adcc841f2497dd0d867105d290581761) C:\Windows\system32\DRIVERS\lnvocard.sys
2011/04/01 17:27:30.0330 5716 lnvogps (751926cba81f6401e0f1dfb8dbdafba7) C:\Windows\system32\DRIVERS\lnvogps.sys
2011/04/01 17:27:30.0580 5716 lnvomdfl (eb16fa976446409c91c02a85a64dd2e6) C:\Windows\system32\DRIVERS\lnvomdfl.sys
2011/04/01 17:27:30.0720 5716 lnvomdfl2 (aef21f86930ddbea32565bac615a013f) C:\Windows\system32\DRIVERS\lnvomdfl2.sys
2011/04/01 17:27:30.0923 5716 lnvomdm (beb35ff781267423bbe0f08ed4eb4461) C:\Windows\system32\DRIVERS\lnvomdm.sys
2011/04/01 17:27:31.0110 5716 lnvomdm2 (9009a38391b069c3ca1f89f9e8816ff8) C:\Windows\system32\DRIVERS\lnvomdm2.sys
2011/04/01 17:27:31.0219 5716 lnvond5 (26cb19470899c44b49b4024babfc3bf8) C:\Windows\system32\DRIVERS\lnvond5.sys
2011/04/01 17:27:31.0469 5716 lnvounic (e0e3542a65e559819110f6b435d95e4d) C:\Windows\system32\DRIVERS\lnvounic.sys
2011/04/01 17:27:31.0703 5716 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/01 17:27:31.0874 5716 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/01 17:27:32.0046 5716 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/01 17:27:32.0202 5716 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/04/01 17:27:32.0452 5716 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/04/01 17:27:32.0686 5716 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/04/01 17:27:32.0951 5716 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/04/01 17:27:33.0169 5716 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/04/01 17:27:33.0372 5716 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/01 17:27:33.0590 5716 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/01 17:27:33.0778 5716 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/01 17:27:34.0090 5716 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/04/01 17:27:34.0230 5716 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/04/01 17:27:34.0448 5716 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/01 17:27:34.0823 5716 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/01 17:27:35.0104 5716 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/04/01 17:27:35.0384 5716 mrxsmb (c4ad205530888404e2b5fc8d9319b119) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/01 17:27:35.0556 5716 mrxsmb10 (67e55ced3fc143c82a8197988bfc1f9a) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/01 17:27:35.0634 5716 mrxsmb20 (3268b8c3fa92bfc086355c39b45e9cc9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/01 17:27:35.0774 5716 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/04/01 17:27:35.0821 5716 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/04/01 17:27:36.0055 5716 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/04/01 17:27:36.0196 5716 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/04/01 17:27:36.0336 5716 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/01 17:27:36.0430 5716 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/01 17:27:36.0554 5716 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/04/01 17:27:36.0726 5716 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/04/01 17:27:36.0804 5716 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/01 17:27:36.0960 5716 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/04/01 17:27:37.0069 5716 MTsensor (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\A0101V32.sys
2011/04/01 17:27:37.0225 5716 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/04/01 17:27:37.0475 5716 NativeWifiP (dd721f8635191132992e7ceaa3c43c84) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/01 17:27:37.0600 5716 NDIS (c8560010a542b5dca94c62468dc20784) C:\Windows\system32\drivers\ndis.sys
2011/04/01 17:27:37.0678 5716 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/01 17:27:37.0974 5716 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/01 17:27:38.0177 5716 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/01 17:27:38.0302 5716 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/04/01 17:27:38.0504 5716 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/01 17:27:38.0567 5716 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/01 17:27:39.0238 5716 NETw5v32 (840d89327c45b0cb9e1ab130249046e2) C:\Windows\system32\DRIVERS\NETw5v32.sys
2011/04/01 17:27:39.0503 5716 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/04/01 17:27:39.0706 5716 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/04/01 17:27:39.0940 5716 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/01 17:27:40.0205 5716 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/04/01 17:27:40.0470 5716 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/04/01 17:27:40.0704 5716 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/04/01 17:27:40.0985 5716 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/04/01 17:27:41.0250 5716 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/04/01 17:27:41.0515 5716 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/04/01 17:27:42.0030 5716 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/01 17:27:42.0233 5716 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/04/01 17:27:42.0280 5716 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/04/01 17:27:42.0326 5716 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/04/01 17:27:42.0436 5716 PCD5SRVC{DF187064-5DA14001-05040000} (77a76c2da7c9431024b299ef7700dd4f) C:\PROGRA~1\PCDR5\PCD5SRVC.pkms
2011/04/01 17:27:42.0638 5716 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2011/04/01 17:27:42.0826 5716 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/04/01 17:27:42.0997 5716 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/04/01 17:27:43.0231 5716 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/04/01 17:27:43.0481 5716 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/01 17:27:43.0762 5716 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/04/01 17:27:43.0964 5716 psadd (f8a25f1dd8b2c332cbc663e3579566e7) C:\Windows\system32\DRIVERS\psadd.sys
2011/04/01 17:27:44.0167 5716 PSched (a114cfe308c24b8235b03cfdffe11e99) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/01 17:27:44.0308 5716 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
2011/04/01 17:27:44.0417 5716 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/04/01 17:27:44.0651 5716 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/04/01 17:27:44.0869 5716 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/01 17:27:45.0119 5716 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/01 17:27:45.0306 5716 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/01 17:27:45.0353 5716 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/01 17:27:45.0571 5716 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/01 17:27:45.0758 5716 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/01 17:27:46.0008 5716 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/01 17:27:46.0258 5716 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\DRIVERS\rdpdr.sys
2011/04/01 17:27:46.0382 5716 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/01 17:27:46.0429 5716 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/04/01 17:27:46.0741 5716 RFCOMM (23f486726da7a9b2f3ec7326421a9c36) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/04/01 17:27:46.0913 5716 rimmptsk (a5b12a4b3b774432db9b9fa221190e59) C:\Windows\system32\DRIVERS\rimmptsk.sys
2011/04/01 17:27:46.0944 5716 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/04/01 17:27:47.0116 5716 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/04/01 17:27:47.0303 5716 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/01 17:27:47.0396 5716 RTL8169 (7157e70a90cce49deb8885d23a073a39) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/04/01 17:27:47.0443 5716 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/04/01 17:27:47.0584 5716 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2011/04/01 17:27:47.0615 5716 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/01 17:27:47.0693 5716 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/04/01 17:27:47.0740 5716 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/04/01 17:27:47.0771 5716 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/04/01 17:27:48.0036 5716 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/04/01 17:27:48.0254 5716 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/01 17:27:48.0364 5716 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/01 17:27:48.0410 5716 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/04/01 17:27:48.0566 5716 Shockprf (1310c5e81966e86b2ced7ae8ce3d74f1) C:\Windows\system32\DRIVERS\Apsx86.sys
2011/04/01 17:27:48.0613 5716 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/04/01 17:27:48.0644 5716 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/04/01 17:27:48.0769 5716 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/04/01 17:27:48.0816 5716 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2011/04/01 17:27:48.0894 5716 smihlp (fcc8edd602b50247c3e75bd23d4face6) C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys
2011/04/01 17:27:49.0066 5716 Sony_EricssonWWSC (a19e0acc0b49def046900bce6756db6a) C:\Windows\system32\DRIVERS\lnvoscard.sys
2011/04/01 17:27:49.0222 5716 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/04/01 17:27:49.0518 5716 sptd (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys
2011/04/01 17:27:49.0518 5716 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
2011/04/01 17:27:49.0518 5716 sptd - detected Locked file (1)
2011/04/01 17:27:49.0861 5716 srv (3d7c04aba41ac96ba7e9d123ec8f7fa3) C:\Windows\system32\DRIVERS\srv.sys
2011/04/01 17:27:50.0095 5716 srv2 (805fac010405ad3f82ef8df0bb035d81) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/01 17:27:50.0360 5716 srvnet (f63a0a58aafe34d7a1a0a74abccdd9c0) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/01 17:27:50.0719 5716 ssmdrv (5ec550b8952882ee856b862cf648522d) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/04/01 17:27:50.0984 5716 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/01 17:27:51.0281 5716 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/04/01 17:27:51.0390 5716 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/04/01 17:27:51.0437 5716 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/04/01 17:27:51.0484 5716 SynTP (f92350e343b056a83093bc0d8f750f05) C:\Windows\system32\DRIVERS\SynTP.sys
2011/04/01 17:27:51.0796 5716 Tcpip (fc6e2835d667774d409c7c7021eaf9c4) C:\Windows\system32\drivers\tcpip.sys
2011/04/01 17:27:52.0061 5716 Tcpip6 (fc6e2835d667774d409c7c7021eaf9c4) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/01 17:27:52.0310 5716 tcpipBM (dcfeb82ca988598ceb8f83148616038e) C:\Windows\system32\drivers\tcpipBM.sys
2011/04/01 17:27:52.0451 5716 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/01 17:27:52.0700 5716 TcUsb (72b9e77565da5fa564581976e000d29b) C:\Windows\system32\Drivers\tcusb.sys
2011/04/01 17:27:53.0059 5716 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/04/01 17:27:53.0387 5716 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/04/01 17:27:53.0621 5716 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/01 17:27:53.0808 5716 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/01 17:27:54.0260 5716 TPDIGIMN (d7a29e343632e2fc5f7ebfc886f12675) C:\Windows\system32\DRIVERS\ApsHM86.sys
2011/04/01 17:27:54.0448 5716 TPM (cb258c2f726f1be73c507022be33ebb3) C:\Windows\system32\drivers\tpm.sys
2011/04/01 17:27:54.0541 5716 TPPWRIF (1bd5719ef160e0ab739cd0ff3ba5e298) C:\Windows\system32\drivers\Tppwr32v.sys
2011/04/01 17:27:54.0744 5716 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/01 17:27:54.0869 5716 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/01 17:27:54.0962 5716 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/01 17:27:55.0274 5716 tvtfilter (49258a02a1e8d304ed88b0f1c56b1738) C:\Windows\system32\DRIVERS\tvtfilter.sys
2011/04/01 17:27:55.0462 5716 tvtumon (2d1ec233c89416ba8187c9d7d49a075a) C:\Windows\system32\DRIVERS\tvtumon.sys
2011/04/01 17:27:55.0867 5716 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/04/01 17:27:56.0242 5716 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/01 17:27:56.0476 5716 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/01 17:27:56.0756 5716 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/04/01 17:27:56.0944 5716 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/04/01 17:27:57.0146 5716 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/04/01 17:27:57.0193 5716 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/01 17:27:57.0474 5716 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/01 17:27:57.0552 5716 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/04/01 17:27:57.0724 5716 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/01 17:27:57.0802 5716 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/01 17:27:57.0911 5716 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/04/01 17:27:57.0958 5716 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/01 17:27:57.0989 5716 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/01 17:27:58.0223 5716 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/01 17:27:58.0410 5716 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/01 17:27:58.0722 5716 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/04/01 17:27:58.0878 5716 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/01 17:27:58.0909 5716 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/04/01 17:27:58.0956 5716 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/04/01 17:27:59.0065 5716 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/04/01 17:27:59.0096 5716 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/04/01 17:27:59.0143 5716 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/04/01 17:27:59.0190 5716 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/04/01 17:27:59.0299 5716 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/04/01 17:27:59.0408 5716 vpnva (2fa9fb828d29fed55efc800e267be09d) C:\Windows\system32\DRIVERS\vpnva.sys
2011/04/01 17:27:59.0518 5716 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/04/01 17:27:59.0596 5716 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/04/01 17:27:59.0642 5716 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/01 17:27:59.0658 5716 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/01 17:27:59.0830 5716 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/04/01 17:28:00.0282 5716 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/01 17:28:00.0578 5716 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
2011/04/01 17:28:00.0672 5716 winachsf (bb9cbaf6ac20452b245c324f1f50ee81) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/04/01 17:28:00.0906 5716 winusb (f03110711b17ad31271cb2baf0dbb2b1) C:\Windows\system32\DRIVERS\winusb.sys
2011/04/01 17:28:00.0953 5716 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/01 17:28:01.0062 5716 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/04/01 17:28:01.0312 5716 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/01 17:28:01.0452 5716 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/01 17:28:01.0514 5716 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
2011/04/01 17:28:01.0670 5716 ================================================================================
2011/04/01 17:28:01.0670 5716 Scan finished
2011/04/01 17:28:01.0670 5716 ================================================================================
2011/04/01 17:28:01.0686 4824 Detected object count: 1
2011/04/01 17:28:17.0380 4824 Locked file(sptd) - User select action: Skip

cosinus 01.04.2011 18:54
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

Peter82 12.04.2011 19:47
Sorry, hat ein bissel länger gedauert!!!

OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 20:43:00 on 12.04.2011

OS: Windows Vista Business Edition Service Pack 1 (Build 6001), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.15

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"Auf Updates für Windows Live Toolbar prüfen.job" - "Microsoft Corporation" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"iproset.cpl" - "Intel(R) Corporation" - C:\Windows\system32\iproset.cpl
"TpShCPL.cpl" - "Lenovo." - C:\Windows\system32\TpShCPL.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLCFG32.CPL
"PROSet Tools" - "Intel(R) Corporation" - C:\Windows\System32\iPROSet.cpl
"ProtectorSuiteInfoPanel" - "UPEK Inc." - C:\Program Files\ThinkVantage Fingerprint Software\infopnl.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"APS Digitizer Activity Monitor" (TPDIGIMN) - "Lenovo." - C:\Windows\System32\DRIVERS\ApsHM86.sys
"ASMMAP" (ASMMAP) - ? - C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys
"asuc0ztx" (asuc0ztx) - "Microsoft Corporation" - C:\Windows\system32\drivers\asuc0ztx.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"avgio" (avgio) - "Avira GmbH" - C:\Platte\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"Bytemobile Boot Time Load Driver" (BMLoad) - "Bytemobile, Inc." - C:\Windows\System32\drivers\BMLoad.sys
"Bytemobile Kernel Network Provider" (tcpipBM) - "Bytemobile, Inc." - C:\Windows\system32\drivers\tcpipBM.sys
"catchme" (catchme) - ? - C:\cofi\catchme.sys  (File not found)
"DLABMFSM" (DLABMFSM) - "Roxio" - C:\Windows\System32\DLA\DLABMFSM.SYS
"DLABOIOM" (DLABOIOM) - "Roxio" - C:\Windows\System32\DLA\DLABOIOM.SYS
"DLACDBHM" (DLACDBHM) - "Roxio" - C:\Windows\System32\Drivers\DLACDBHM.SYS
"DLADResM" (DLADResM) - "Roxio" - C:\Windows\System32\DLA\DLADResM.SYS
"DLAIFS_M" (DLAIFS_M) - "Roxio" - C:\Windows\System32\DLA\DLAIFS_M.SYS
"DLAOPIOM" (DLAOPIOM) - "Roxio" - C:\Windows\System32\DLA\DLAOPIOM.SYS
"DLAPoolM" (DLAPoolM) - "Roxio" - C:\Windows\System32\DLA\DLAPoolM.SYS
"DLARTL_M" (DLARTL_M) - "Roxio" - C:\Windows\System32\Drivers\DLARTL_M.SYS
"DLAUDFAM" (DLAUDFAM) - "Roxio" - C:\Windows\System32\DLA\DLAUDFAM.SYS
"DLAUDF_M" (DLAUDF_M) - "Roxio" - C:\Windows\System32\DLA\DLAUDF_M.SYS
"DRVMCDB" (DRVMCDB) - "Sonic Solutions" - C:\Windows\System32\Drivers\DRVMCDB.SYS
"DRVNDDM" (DRVNDDM) - "Roxio" - C:\Windows\System32\Drivers\DRVNDDM.SYS
"Huawei DataCard USB Fake" (hwusbfake) - ? - C:\Windows\System32\DRIVERS\ewusbfake.sys  (File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"PCD5SRVC{DF187064-5DA14001-05040000} - PCDR Kernel Mode Service Helper Driver" (PCD5SRVC{DF187064-5DA14001-05040000}) - "PC-Doctor, Inc." - C:\PROGRA~1\PCDR5\PCD5SRVC.pkms
"Shockprf" (Shockprf) - "Lenovo." - C:\Windows\System32\DRIVERS\Apsx86.sys
"SMI Helper Driver (smihlp)" (smihlp) - "UPEK Inc." - C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys
"sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"TPPWRIF" (TPPWRIF) - ? - C:\Windows\System32\drivers\Tppwr32v.sys  (File signed by Microsoft | File found, but it contains no detailed information)
"tvtfilter" (tvtfilter) - "Lenovo" - C:\Windows\System32\DRIVERS\tvtfilter.sys
"tvtumon" (tvtumon) - "Lenovo" - C:\Windows\System32\DRIVERS\tvtumon.sys
"WimFltr" (WimFltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\wimfltr.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\ONFILTER.DLL
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\OLKFSTUB.DLL
{5E44E225-A408-11CF-B581-008029601108} "Roxio DragToDisc Shell Extension" - "Roxio" - C:\Program Files\Lenovo\Drag-to-Disc\Shellex.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Platte\Programme\win rar\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live Toolbar\msntb.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
{D0C0F75C-683A-4390-A791-1ACFD5599AB8} "Oberon Flash Game Host" - "Oberon Media, Inc." - C:\Windows\Downloaded Program Files\OberonGameHost.dll / hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@btrez.dll,-4015" - ? - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} "ClsidExtension" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
{F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} "ClsidExtension" - "Lenovo Group Limited" - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
"ICQ6" - "ICQ, LLC." - C:\Platte\Programme\ICQ\ICQ6.5\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live Toolbar\msntb.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} "IePasswordManagerHelper Class" - "Lenovo Group Limited" - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "SSVHelper Class" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} "Windows Live Toolbar Helper" - "Microsoft Corporation" - C:\Program Files\Windows Live Toolbar\msntb.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\InFo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"PHOTOfunSTUDIO 5.1 HD Edition.lnk" - "Panasonic Corporation" - C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe  (Shortcut exists | File exists)
"BTTray.lnk" - "Broadcom Corporation." - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"AdobeUpdater" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
"DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Platte\Programme\Neuer Ordner\DAEMON Tools Lite\daemon.exe" -autorun
"ICQ" - "ICQ, LLC." - "C:\Platte\Programme\ICQ\ICQ6.5\ICQ.exe" silent
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"ACTray" - "Lenovo" - C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
"ACWlIcon" - "Lenovo" - C:\Program Files\ThinkPad\ConnectUtilities\ACWlIcon.exe
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"AMSG" - "LENOVO" - C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup
"avgnt" - "Avira GmbH" - "C:\Platte\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"BLOG" - ? - rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL,StartBattLog  (File found, but it contains no detailed information)
"CameraApplicationLauncher" - ? - C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe
"cssauth" - "Lenovo Group Limited" - "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
"EZEJMNAP" - "Lenovo Group Ltd." - C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
"FreePDF Assistant" - "shbox.de" - C:\Program Files\FreePDF_XP\fpassist.exe
"LPMailChecker" - "Lenovo Group Limited" - C:\PROGRA~1\Lenovo\LENOVO~2\LPMLCHK.exe
"LPManager" - "Lenovo Group Limited" - C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
"lxdiamon" - ? - "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
"lxdimon.exe" - ? - "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"PWMTRV" - "Lenovo Group Limited" - rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
"RoxioDragToDisc" - "Roxio" - "C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe"
"RoxWatchTray" - "Sonic Solutions" - "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
"TPFNF7" - "Lenovo Group Limited" - C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
"TPHOTKEY" - "Lenovo Group Limited" - C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe
"TpShocks" - "Lenovo." - TpShocks.exe
"TVT Scheduler Proxy" - "Lenovo Group Limited" - C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Redirected Port" - ? - C:\Windows\system32\redmonnt.dll  (File found, but it contains no detailed information)
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Ac Profile Manager Service" (AcPrfMgrSvc) - "Lenovo" - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
"Access Connections Main Service" (AcSvc) - "Lenovo" - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
"Anzeige am Bildschirm" (TPHKSVC) - "Lenovo Group Limited" - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
"ASLDR Service" (ASLDRService) - ? - C:\Program Files\Lenovo\ATK Hotkey\ASLDRSrv.exe
"ATKGFNEX Service" (ATKGFNEXSrv) - ? - C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Platte\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Platte\Programme\Avira\AntiVir Desktop\sched.exe
"B's Recorder GOLD Library General Service" (bgsvcgen) - "B.H.A Corporation" - C:\Windows\System32\bgsvcgen.exe
"Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
"Cisco AnyConnect VPN Agent" (vpnagent) - "Cisco Systems, Inc." - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
"DCService.exe" (DCService.exe) - ? - C:\ProgramData\DatacardService\DCService.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"Intel® PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
"Intel® PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
"IviRegMgr" (IviRegMgr) - "InterVideo" - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
"LiveShare P2P Server 10" (RoxLiveShare10) - "Sonic Solutions" - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
"Macromedia Licensing Service" (Macromedia Licensing Service) - ? - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Power Manager DBC Service" (Power Manager DBC Service) - "Lenovo" - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
"Roxio Hard Drive Watcher 10" (RoxWatch10) - "Sonic Solutions" - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
"Roxio UPnP Renderer 10" (Roxio UPnP Renderer 10) - "Sonic Solutions" - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
"Roxio Upnp Server 10" (Roxio Upnp Server 10) - "Sonic Solutions" - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
"RoxMediaDB10" (RoxMediaDB10) - "Sonic Solutions" - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
"Service of LFKA" (LFKAS) - ? - C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe
"SessionLauncher" (SessionLauncher) - ? - C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe  (File not found)
"SQL Server (MSSMLBIZ)" (MSSQL$MSSMLBIZ) - "Microsoft Corporation" - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
"SQL Server-Startdienst für Business Contact Manager" (BcmSqlStartupSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
"stllssvr" (stllssvr) - "MicroVision Development, Inc." - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
"System Update" (SUService) - "Lenovo Group Limited" - c:\Program Files\Lenovo\System Update\SUService.exe
"ThinkPad HDD APS Logging Service" (TPHDEXLGSVC) - "Lenovo." - C:\Windows\System32\TPHDEXLG.exe
"ThinkVantage Registry Monitor Service" (ThinkVantage Registry Monitor Service) - "Lenovo Group Limited" - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
"TSS Core Service" (TSSCoreService) - "Lenovo" - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
"TVT Backup Protection Service" (TVT Backup Protection Service) - ? - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
"TVT Backup Service" (TVT Backup Service) - "Lenovo Group Limited" - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
"TVT Scheduler" (TVT Scheduler) - "Lenovo Group Limited" - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
"TVT Windows Update Monitor" (TVT_UpdateMonitor) - "Lenovo Group Limited" - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
"Vodafone Mobile Connect Service" (VMCService) - "Vodafone" - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----
"GinaDLL" - "UPEK Inc." - C:\Windows\system32\vrlogon.dll
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"psfus" - "UPEK Inc." - C:\Windows\system32\psqlpwd.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"BMI over [MSAFD-Tcpip [RAW/IP]]" - "Bytemobile, Inc." - C:\Windows\system32\bmnet.dll
"BMI over [MSAFD-Tcpip [TCP/IP]]" - "Bytemobile, Inc." - C:\Windows\system32\bmnet.dll
"BMI over [MSAFD-Tcpip [UDP/IP]]" - "Bytemobile, Inc." - C:\Windows\system32\bmnet.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Peter82 12.04.2011 20:30
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Business Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: LENOVO
BIOS Manufacturer: LENOVO
System Manufacturer: LENOVO
System Product Name: 27464DG
Logical Drives Mask: 0x0005001c

Kernel Drivers (total 199):
0x82016000 \SystemRoot\system32\ntkrnlpa.exe
0x823CF000 \SystemRoot\system32\hal.dll
0x80405000 \SystemRoot\system32\kdcom.dll
0x8040D000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8046D000 \SystemRoot\system32\PSHED.dll
0x8047E000 \SystemRoot\system32\BOOTVID.dll
0x80486000 \SystemRoot\system32\CLFS.SYS
0x804C7000 \SystemRoot\system32\CI.dll
0x80604000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80675000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80683000 \SystemRoot\System32\Drivers\sphh.sys
0x80783000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x8078C000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x807B2000 \SystemRoot\system32\drivers\acpi.sys
0x807F8000 \SystemRoot\system32\drivers\msisadrv.sys
0x805A7000 \SystemRoot\system32\drivers\pci.sys
0x805CE000 \SystemRoot\System32\drivers\partmgr.sys
0x80600000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x805DD000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x805E7000 \SystemRoot\system32\drivers\volmgr.sys
0x82604000 \SystemRoot\System32\drivers\volmgrx.sys
0x8264E000 \SystemRoot\System32\drivers\mountmgr.sys
0x8265E000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x8272E000 \SystemRoot\system32\drivers\atapi.sys
0x82736000 \SystemRoot\system32\drivers\ataport.SYS
0x82754000 \SystemRoot\system32\drivers\msahci.sys
0x8275E000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8276C000 \SystemRoot\system32\drivers\fltmgr.sys
0x8279E000 \SystemRoot\system32\drivers\fileinfo.sys
0x827AE000 \SystemRoot\System32\Drivers\DRVMCDB.SYS
0x827C5000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x87E0A000 \SystemRoot\System32\Drivers\ksecdd.sys
0x87E7B000 \SystemRoot\system32\drivers\ndis.sys
0x87F86000 \SystemRoot\system32\drivers\msrpc.sys
0x87FB1000 \SystemRoot\system32\drivers\NETIO.SYS
0x8800C000 \SystemRoot\System32\drivers\tcpip.sys
0x880F3000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8820E000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8831D000 \SystemRoot\system32\drivers\volsnap.sys
0x88356000 \SystemRoot\System32\DRIVERS\ApsHM86.sys
0x8835E000 \SystemRoot\System32\Drivers\spldr.sys
0x88366000 \SystemRoot\System32\DRIVERS\Apsx86.sys
0x88384000 \SystemRoot\System32\Drivers\mup.sys
0x88393000 \SystemRoot\System32\drivers\ecache.sys
0x883BA000 \SystemRoot\system32\drivers\disk.sys
0x883CB000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x883EC000 \SystemRoot\system32\drivers\crcdisk.sys
0x883F5000 \SystemRoot\system32\drivers\BMLoad.sys
0x881DE000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x881E9000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x87FEB000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8BC0A000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8C2EE000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8C38D000 \SystemRoot\System32\drivers\watchdog.sys
0x8C39A000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8C3A5000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8C3E3000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x827CF000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8C406000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
0x8C78D000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8C7AE000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8C7BE000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8C7CC000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8C7E6000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x827E1000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8B80E000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8B860000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8B873000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8B87E000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8B8AE000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8B8B0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8B8BB000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys
0x8B8BF000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0x8B8C1000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8B8D9000 \SystemRoot\System32\Drivers\a3laoih1.SYS
0x8B90F000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8B913000 \SystemRoot\system32\DRIVERS\A0101V32.sys
0x8B91B000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8B949000 \SystemRoot\system32\DRIVERS\storport.sys
0x8B98A000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8B995000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8B9AC000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8B9B7000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8B9DA000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8B9E9000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8CA0E000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8CA23000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0x8CAAC000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8CABC000 \SystemRoot\system32\DRIVERS\psadd.sys
0x8CAC2000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8CAC4000 \SystemRoot\system32\DRIVERS\ks.sys
0x8CAEE000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8CAF8000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8CB05000 \SystemRoot\system32\DRIVERS\ew_jubusenum.sys
0x8CB15000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8CB49000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8CB5A000 \SystemRoot\system32\drivers\CHDRT32.sys
0x8CB90000 \SystemRoot\system32\drivers\portcls.sys
0x8CBBD000 \SystemRoot\system32\drivers\drmk.sys
0x8F80C000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8F849000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8F94B000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8CBE2000 \SystemRoot\system32\drivers\modem.sys
0x8FA03000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x8FA33000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8FA3C000 \SystemRoot\System32\Drivers\Null.SYS
0x8FA43000 \SystemRoot\System32\Drivers\Beep.SYS
0x8FA4A000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
0x8FA50000 \SystemRoot\System32\drivers\vga.sys
0x8FA5C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8FA7D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8FA85000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8FA8D000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8FA98000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8FAA6000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8FAAF000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8FAC5000 \SystemRoot\System32\Drivers\tcpipBM.SYS
0x8FACA000 \SystemRoot\system32\DRIVERS\smb.sys
0x8FADE000 \SystemRoot\system32\drivers\afd.sys
0x8FB26000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8FB58000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x8FB61000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8FB77000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8FB85000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8FB98000 \SystemRoot\System32\drivers\Tppwr32v.sys
0x8FB9E000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8FBA4000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8FBE0000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8FBEA000 \SystemRoot\system32\DRIVERS\smiif32.sys
0x90004000 \SystemRoot\system32\drivers\csc.sys
0x9005E000 \SystemRoot\System32\Drivers\dfsc.sys
0x90075000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x90091000 \SystemRoot\System32\Drivers\tcusb.sys
0x9009C000 \??\C:\Platte\Programme\Avira\AntiVir Desktop\avgio.sys
0x9009E000 \SystemRoot\system32\DRIVERS\usbstk.sys
0x900C8000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x900D5000 \SystemRoot\system32\DRIVERS\USBCAMD2.SYS
0x900DC000 \SystemRoot\system32\DRIVERS\USBSTK0.SYS
0x9011F000 \SystemRoot\system32\DRIVERS\USBSTK1.SYS
0x9019D000 \SystemRoot\system32\DRIVERS\USBSTK2.SYS
0x901BF000 \SystemRoot\system32\DRIVERS\USBSTK3.SYS
0x901C2000 \SystemRoot\system32\DRIVERS\udfs.sys
0x8FBEC000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8810E000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x98850000 \SystemRoot\System32\win32k.sys
0x8FA24000 \SystemRoot\System32\drivers\Dxapi.sys
0x8CBEF000 \SystemRoot\system32\DRIVERS\monitor.sys
0x98A70000 \SystemRoot\System32\TSDDD.dll
0x98A90000 \SystemRoot\System32\cdd.dll
0xAA609000 \SystemRoot\system32\drivers\luafv.sys
0xAA624000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xAA638000 \SystemRoot\system32\DRIVERS\tvtfilter.sys
0xAA641000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xAA64C000 \SystemRoot\System32\DLA\DLADResM.SYS
0xAA64D000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xAA665000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xAA66A000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xAA66C000 \??\C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys
0xAA66E000 \SystemRoot\System32\DLA\DLABMFSM.SYS
0xAA675000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0xAA67C000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0xAA692000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xAA6A9000 \SystemRoot\system32\drivers\spsys.sys
0xAA758000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xAA768000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xAA792000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAA79C000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xAA7AF000 \??\C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys
0xAD00E000 \SystemRoot\system32\drivers\HTTP.sys
0xAD079000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xAD096000 \SystemRoot\system32\DRIVERS\bowser.sys
0xAD0AF000 \SystemRoot\System32\drivers\mpsdrv.sys
0xAD0C4000 \SystemRoot\system32\drivers\mrxdav.sys
0xAD0E4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAD103000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xAD13C000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xAD154000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAD17B000 \SystemRoot\System32\DRIVERS\srv.sys
0xAD1C7000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xAF40D000 \SystemRoot\system32\drivers\peauth.sys
0xAF4EB000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAF4F5000 \SystemRoot\System32\drivers\tcpipreg.sys
0xAF501000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xAF509000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xAF51F000 \SystemRoot\system32\DRIVERS\lnvobus.sys
0xAF568000 \SystemRoot\system32\DRIVERS\lnvowh.sys
0xAF56A000 \SystemRoot\system32\DRIVERS\lnvomdm.sys
0xAF5C7000 \SystemRoot\system32\DRIVERS\lnvocm.sys
0xAF5C9000 \SystemRoot\system32\DRIVERS\lnvomdfl.sys
0xB9C02000 \SystemRoot\system32\DRIVERS\lnvomdm2.sys
0xB9C6A000 \SystemRoot\system32\DRIVERS\lnvomdfl2.sys
0xB9C6D000 \SystemRoot\system32\DRIVERS\lnvocard.sys
0xB9CC8000 \SystemRoot\system32\DRIVERS\lnvoscard.sys
0xB9CCD000 \SystemRoot\system32\DRIVERS\lnvounic.sys
0xB9D2E000 \SystemRoot\system32\DRIVERS\lnvocr.sys
0xB9D2F000 \SystemRoot\system32\DRIVERS\lnvogps.sys
0xB9D44000 \SystemRoot\system32\DRIVERS\lnvond5.sys
0x77A30000 \Windows\System32\ntdll.dll
0x10000000 \Platte\Programme\Neuer Ordner\DAEMON Tools Lite\daemon.dll

Processes (total 115):
0 System Idle Process
4 System
572 C:\Windows\System32\smss.exe
652 csrss.exe
696 C:\Windows\System32\wininit.exe
708 csrss.exe
740 C:\Windows\System32\services.exe
752 C:\Windows\System32\lsass.exe
760 C:\Windows\System32\lsm.exe
840 C:\Windows\System32\winlogon.exe
948 C:\Windows\System32\svchost.exe
1044 C:\Windows\System32\ibmpmsvc.exe
1108 C:\Windows\System32\svchost.exe
1156 C:\Windows\System32\svchost.exe
1196 C:\Windows\System32\svchost.exe
1292 C:\Windows\System32\svchost.exe
1336 C:\Windows\System32\svchost.exe
1456 C:\Windows\System32\audiodg.exe
1492 C:\Windows\System32\SLsvc.exe
1540 C:\Windows\System32\svchost.exe
1720 C:\Windows\System32\svchost.exe
1784 C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
1828 C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
400 C:\Program Files\Lenovo\ATK Hotkey\ASLDRSrv.exe
460 C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe
480 C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe
936 C:\Windows\System32\spoolsv.exe
756 C:\Windows\System32\taskeng.exe
1432 C:\Platte\Programme\Avira\AntiVir Desktop\sched.exe
1528 C:\Windows\System32\svchost.exe
2268 C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
2312 C:\Platte\Programme\Avira\AntiVir Desktop\avguard.exe
2336 C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
2348 C:\Windows\System32\bgsvcgen.exe
2364 C:\Windows\System32\svchost.exe
2392 C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
2416 C:\ProgramData\DatacardService\DCService.exe
2460 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
2524 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
2656 C:\Windows\System32\lxdicoms.exe
2704 C:\Windows\System32\svchost.exe
2728 C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
2764 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
3068 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
3088 C:\Windows\System32\svchost.exe
3112 C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
3132 C:\Windows\System32\TPHDEXLG.exe
3168 C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
3220 C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
3232 C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
3252 C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
3300 C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
3364 C:\Windows\System32\svchost.exe
3392 C:\Windows\System32\SearchIndexer.exe
3428 C:\Windows\System32\drivers\XAudio.exe
3456 C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
3488 C:\Program Files\Lenovo\System Update\SUService.exe
3540 C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
3896 WmiPrvSE.exe
3948 WmiPrvSE.exe
4060 C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
2212 C:\Windows\servicing\TrustedInstaller.exe
1976 C:\Windows\System32\dwm.exe
1668 C:\Windows\System32\taskeng.exe
1548 C:\Windows\explorer.exe
2844 C:\ProgramData\DatacardService\DCSHelper.exe
3212 C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
2016 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1952 C:\Windows\System32\TpShocks.exe
2056 C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe
3604 C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
2472 C:\Windows\System32\igfxtray.exe
2884 C:\Program Files\Lenovo\ATK Hotkey\LControl.exe
4116 C:\Windows\System32\hkcmd.exe
4124 C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe
4132 C:\Windows\System32\igfxpers.exe
4140 C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
4188 C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe
4224 C:\Program Files\ThinkVantage\AMSG\Amsg.exe
4240 C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE
4252 C:\Program Files\Lenovo\LenovoCare\LPMLCHK.EXE
4280 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
4292 C:\Windows\System32\rundll32.exe
4312 C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
4320 C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
4340 C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
4348 C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
4356 C:\Windows\System32\igfxsrvc.exe
4364 C:\Platte\Programme\Avira\AntiVir Desktop\avgnt.exe
4388 C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
4404 C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
4412 C:\Program Files\Lenovo\ZOOM\TpScrex.exe
4428 C:\Program Files\FreePDF_XP\fpassist.exe
4444 C:\Windows\WindowsMobile\wmdSync.exe
4460 C:\Program Files\Windows Sidebar\sidebar.exe
4648 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
4656 C:\Platte\Programme\Neuer Ordner\DAEMON Tools Lite\daemon.exe
4688 C:\Platte\Programme\ICQ\ICQ6.5\ICQ.exe
4748 C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
4756 C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
4792 C:\Windows\System32\svchost.exe
5268 C:\Windows\System32\wbem\unsecapp.exe
5392 C:\Program Files\Lenovo\Camera Center\bin\LenovoCameraCenter.exe
5832 C:\Program Files\Windows Sidebar\sidebar.exe
6104 C:\Program Files\ThinkPad\ConnectUtilities\ACGadgetWrapper.exe
268 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3680 C:\Windows\System32\conime.exe
5120 C:\Platte\Programme\Firefox\firefox.exe
5648 C:\Windows\System32\wuauclt.exe
5716 C:\Platte\Programme\Firefox\plugin-container.exe
3536 C:\Windows\System32\SearchProtocolHost.exe
5280 C:\Windows\System32\SearchFilterHost.exe
4532 dllhost.exe
5160 dllhost.exe
4564 C:\Users\InFo\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)
\\.\Q: --> \\.\PhysicalDrive0 at offset 0x00000022`d2300000 (NTFS)
\\.\S: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive0 Model Number: HITACHIHTS542516K9SA00, Rev: BBCZC3HP

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 6E45FE6A65F34BA9C58EA7F16A2653C2401AAEFC


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Peter82 12.04.2011 20:33
zur Info: GMER ist 4 mal abgestürzt, habe es deswegen nicht mehr ausgeführt. Wie von Dir empfohlen....

Noch einmal Danke für Deine/Eure Hilfe!!!!

cosinus 12.04.2011 20:38
Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Peter82 13.04.2011 20:21
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6353

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

13.04.2011 21:16:48
mbam-log-2011-04-13 (21-16-48).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|S:\|)
Durchsuchte Objekte: 271132
Laufzeit: 41 Minute(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Peter82 13.04.2011 22:14
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 04/13/2011 at 10:56 PM

Application Version : 4.50.1002

Core Rules Database Version : 6830
Trace Rules Database Version: 4642

Scan type : Complete Scan
Total Scan Time : 01:16:28

Memory items scanned : 922
Memory threats detected : 0
Registry items scanned : 10314
Registry threats detected : 0
File items scanned : 116189
File threats detected : 2

Trojan.Agent/Gen-FakeAV
C:\PLATTE\PROGRAMME\WIN RAR\DEFAULT.SFX

Adware.Tracking Cookie
mediaserver.vrxstudios.com [ C:\Users\InFo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EB8FCPH8 ]

cosinus 14.04.2011 09:28
Ein Cookie und ein Fehlalarm. Harmlos.
Rechner wieder ok?

Peter82 14.04.2011 18:42
Ok, super :daumenhoc

m.E. funktioniert er wieder einwandfrei. Großes Kompliment für Deine hilfsbereite und kompetente Unterstützung!

Noch zwei offene Punkte:

1.) Was geschieht mit den installierten Programmen? Soll diese wieder deinstallieren oder schützen diese auch?
2.) Hast du noch ein Tipp, wie man sich besser schützen kann. Bisher verwende ich nur AntiVir (eingestelllt auf Standard) ;o)

..Danke für Alles..

:dankeschoen:

cosinus 14.04.2011 19:41
Zitat:
1.) Was geschieht mit den installierten Programmen? Soll diese wieder deinstallieren oder schützen diese auch?
Die können alle runter.

Zitat:
2.) Hast du noch ein Tipp, wie man sich besser schützen kann. Bisher verwende ich nur AntiVir (eingestelllt auf Standard) ;o)
Ein Virenscanner als alleinige Maßnahme ist ungenügend. Man darf sich nicht nur auf Software verlassen, die prinzipbedingt niemals alle Schädlinge finden kann. Halte Dich am besten grob an diese fünf Regeln:

1) Sei misstrauisch im Internet und v.a. bei unbekannten E-Mails, sei vorsichtig bei der Herausgabe persönlicher Daten!!
2) Halte Windows und alle verwendeten Programme immer aktuell
3) Führe regelmäßig Backups auf externe Medien durch
4) Arbeite mit eingeschränkten Rechten
5) Nutze sichere Programme wie zB Opera oder Firefox zum Surfen statt den IE, zum Mailen Thunderbird statt Outlook Express - E-Mails nur als reinen text anzeigen lassen

Alles noch genauer erklärt steht hier => Kompromittierung unvermeidbar?


Dann wären wir durch! :abklatsch:

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update



PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink:

Mozilla und andere Browser => http://filepony.de/?q=Flash+Player
Internet Explorer => http://fpdownload.adobe.com/get/flas..._player_ax.exe


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:38 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131