Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Win XP, Malwarebytes = Tojan.Agent , Bluescreen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 28.04.2010, 20:45   #1
darem
 
Win XP, Malwarebytes = Tojan.Agent , Bluescreen - Standard

Win XP, Malwarebytes = Tojan.Agent , Bluescreen



Hi,
Nun zur Sache:
Komputer meines Bruders hat Probleme.

Laptop , XP Prof SP3, läuft unter Benutzer mit Admin-Rechten.
Kein Virenscanner on board

Seit Gestern Mittag bootet, dann nach Passworteingabe kommt Bluescreen.
Im abgesicherten Modus möglich als ADMINISTRATOR zu booten und zum Desktop zu gelangen.

Malwarebytes gurchgeführt : 15 infizierte Daten.

nun zu den Logs

Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:48:16, on 28.04.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\scanner repair\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [cssauth] "C:\Programme\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Programme\Mouse Driver\4DMAIN.EXE
O4 - HKLM\..\Run: [BrStsWnd] C:\Programme\Brownie\BrstsWnd.exe Autorun
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\scanner repair\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\scanner repair\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IPS-Basisservice (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: IviRegMgr - InterVideo - C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\programme\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Programme\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe

--
End of file - 7475 bytes


--------------------------------------
Malwarebytes log:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 3930

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.11

28.04.2010 17:25:03
mbam-log-2010-04-28 (17-25-03).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 114151
Laufzeit: 9 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 1
Infizierte Dateien: 15

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\appsecdll (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
C:\WINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\WINDOWS\system32\sdra64.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\user.ds.lll (Stolen.data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\wmpscfgs.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\BN2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\BN4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\***\csrss.exe (Trojan.Agent) -> Delete on reboot.
C:\Programme\Internet Explorer\js.mui (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\taskmgr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\win32.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\jisfije9fjoiee.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cooper.mine (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msxsltsso.dll (Trojan.GootKit) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nmklo.dll (Worm.MarioFev) -> Quarantined and deleted successfully.


Malwarebytes danach:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 3930

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.11

28.04.2010 17:35:48
mbam-log-2010-04-28 (17-35-48).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 18926
Laufzeit: 9 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

------------------------------------------

Alt 28.04.2010, 20:53   #2
darem
 
Win XP, Malwarebytes = Tojan.Agent , Bluescreen - Standard

Win XP, Malwarebytes = Tojan.Agent , Bluescreen



Teil 2


Gmer.exe Scan:

GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-04-28 18:15:35
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\kwlcyaob.sys


---- Kernel code sections - GMER 1.0.15 ----

.pak2 C:\WINDOWS\system32\drivers\hlogvppi.sys entry point in ".pak2" section [0xBA7394E0]
? C:\WINDOWS\system32\drivers\hlogvppi.sys Ein an das System angeschlossenes Gerät funktioniert nicht.
PAGE Ntfs.sys BA4C9E55 4 Bytes CALL 8A8AE141

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A8154C8

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mouclass.sys (Mausklassentreiber/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \FileSystem\Fastfat \Fat B9873D20

---- Services - GMER 1.0.15 ----

Service (*** hidden *** ) [BOOT] hlogvppi <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\hlogvppi@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\hlogvppi@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\hlogvppi@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\hlogvppi@Group Boot Bus Extender

---- EOF - GMER 1.0.15 ----
__________________


Alt 28.04.2010, 20:54   #3
darem
 
Win XP, Malwarebytes = Tojan.Agent , Bluescreen - Standard

Win XP, Malwarebytes = Tojan.Agent , Bluescreen



Teil 3


OTL.txt

OTL logfile created on: 28.04.2010 20:52:35 - Run 2
OTL by OldTimer - Version 3.2.3.0 Folder = C:\scanner repair\scanner
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 89,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 98,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 143,89 Gb Total Space | 17,36 Gb Free Space | 12,07% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ***
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\scanner repair\scanner\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\scanner repair\scanner\OTL.exe (OldTimer Tools)


========== Win32 Services (SafeList) ==========

SRV - (Automatisches LiveUpdate - Scheduler) -- File not found
SRV - (Symantec Core LC) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
SRV - (TPHDEXLGSVC) -- C:\WINDOWS\system32\TPHDEXLG.exe (Lenovo.)
SRV - (TSSCoreService) -- C:\Programme\Lenovo\Client Security Solution\tvttcsd.exe (IBM)
SRV - (ThinkVantage Registry Monitor Service) -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (AcPrfMgrSvc) -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )
SRV - (AcSvc) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )
SRV - (SUService) -- c:\Programme\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (IBMPMSVC) -- C:\WINDOWS\system32\ibmpmsvc.exe (Lenovo)
SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (S24EventMonitor) Intel(R) -- C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (RegSrvc) Intel(R) -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (btwdins) -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
SRV - (TVT Scheduler) -- c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)
SRV - (IPSSVC) -- C:\WINDOWS\system32\IPSSVC.EXE (Lenovo Group Limited)
SRV - (IviRegMgr) -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (WMConnectCDS) -- C:\Programme\Windows Media Connect 2\wmccds.exe (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (zgbulultew1) -- C:\WINDOWS\system32\drivers\zgbulultew1.sys ()
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (pmem) -- C:\WINDOWS\system32\drivers\pmemnt.sys (Microsoft Corporation)
DRV - (Shockprf) -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys (Lenovo.)
DRV - (TPDIGIMN) -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys (Lenovo.)
DRV - (TPPWRIF) -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS ()
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (IBMPMDRV) -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys (Lenovo.)
DRV - (TVTI2C) -- C:\WINDOWS\system32\drivers\tvti2c.sys (Lenovo (United States) Inc.)
DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (NETw4x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw4x32.sys (Intel Corporation)
DRV - (ADIHdAudAddService) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (TSMAPIP) -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS ()
DRV - (IBMTPCHK) -- C:\WINDOWS\system32\drivers\IBMBLDID.sys ()
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (iaStor) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (PROCDD) -- C:\WINDOWS\system32\drivers\PROCDD.SYS (Lenovo Group Limited)
DRV - (V0260VID) -- C:\WINDOWS\system32\drivers\V0260Vid.sys (Creative Technology Ltd.)
DRV - (TPHKDRV) -- C:\WINDOWS\system32\drivers\TPHKDRV.sys (IBM Corporation)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (ANC) -- C:\WINDOWS\system32\drivers\ANC.sys (IBM Corp.)
DRV - (atmeltpm) -- C:\WINDOWS\system32\drivers\atmeltpm.sys (Atmel, Inc.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (Iviaspi) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (G400) -- C:\WINDOWS\system32\drivers\G400m.sys (Matrox Graphics Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (ac97intc) Intel(r) 82801 Audiotreiber-Installationsdienst (WDM) -- C:\WINDOWS\system32\drivers\ac97intc.sys (Intel Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Lenovo | MSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Lenovo - Welcome - Country selection [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Lenovo | MSN
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.04.28 17:08:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.04.03 21:34:00 | 000,000,000 | ---D | M]

[2010.04.28 17:09:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions
[2010.04.28 17:09:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\82me8d44.default\extensions
[2010.04.28 17:09:03 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.03.31 02:34:50 | 000,001,382 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.11 23:05:18 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.11 23:05:18 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.11 23:05:18 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.11 23:05:18 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010.04.27 13:13:48 | 000,001,017 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 im.adtech.de
O1 - Hosts: 127.0.0.1 adserver.adtech.de
O1 - Hosts: 127.0.0.1 adtech.de
O1 - Hosts: 127.0.0.1 ar.atwola.com
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O1 - Hosts: 127.0.0.1 71i.de
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\actray.exe (eSXi)
O4 - HKLM..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\acwlicon.exe (eSXi)
O4 - HKLM..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\awaysch.exe (eSXi)
O4 - HKLM..\Run: [BrStsWnd] C:\Programme\Brownie\BrstsWnd.exe (eSXi)
O4 - HKLM..\Run: [cssauth] C:\Programme\Lenovo\Client Security Solution\cssauth.exe (eSXi)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\Installshield\UpdateService\isuspm.exe (eSXi)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LPManager] C:\Programme\ThinkVantage\PrdCtr\lpmgr.exe (eSXi)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\scanner repair\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [SoundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe (eSXi)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe (eSXi)
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\syntplpr.exe (eSXi)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (eSXi)
O4 - HKLM..\Run: [WheelMouse] C:\Programme\Mouse Driver\4dmain.exe (eSXi)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\scanner repair\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: TaskMan - (C:\Dokumente und Einstellungen\***\csrss.exe) - C:\Dokumente und Einstellungen\***\csrss.exe File not found
O20 - Winlogon\Notify\ACNotify: DllName - ACNotify.dll - C:\Programme\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\tpfnf2: DllName - C:\Programme\Lenovo\HOTKEY\notifyf2.dll - C:\Programme\Lenovo\HOTKEY\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - C:\Programme\Lenovo\HOTKEY\tphklock.dll - C:\Programme\Lenovo\HOTKEY\tphklock.dll ()
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.01.27 04:18:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.04.28 17:13:22 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.04.28 20:47:14 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Recent
[2010.04.28 17:13:22 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2010.04.28 17:10:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes
[2010.04.28 17:10:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.04.28 17:09:58 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.04.28 17:09:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.04.28 17:08:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Mozilla
[2010.04.28 17:08:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla
[2010.04.28 17:06:29 | 000,000,000 | ---D | C] -- C:\scanner repair
[2010.04.28 14:01:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Client Security Solution
[2010.04.27 13:14:26 | 000,580,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2010.04.27 13:14:24 | 000,000,000 | ---D | C] -- C:\Programme\Adobe
[2010.04.27 13:14:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood.Tmp
[2010.04.27 13:13:40 | 000,036,864 | ---- | C] (eSXi) -- C:\WINDOWS\System32\psolpphm@.exe
[2010.04.14 15:10:49 | 000,000,000 | ---D | C] -- C:\Programme\MyDefragGUI
[2010.04.14 15:00:15 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.04.01 00:57:12 | 000,000,000 | ---D | C] -- C:\Programme\Zattoo4
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.04.28 20:54:31 | 000,823,808 | ---- | M] () -- C:\WINDOWS\System32\drivers\hlogvppi.sys
[2010.04.28 20:40:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.04.28 17:42:08 | 000,025,202 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
[2010.04.28 17:42:02 | 000,000,380 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2010.04.28 17:42:01 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.04.28 17:41:10 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.ini
[2010.04.28 17:41:09 | 001,048,576 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.dat
[2010.04.28 14:01:38 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010.04.28 14:01:38 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010.04.28 14:01:38 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010.04.28 14:01:38 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010.04.28 14:01:38 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010.04.28 14:01:38 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010.04.28 14:01:38 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010.04.28 14:01:38 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010.04.28 14:01:38 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010.04.28 14:01:38 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010.04.28 14:01:38 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010.04.28 14:01:38 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010.04.28 14:01:38 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010.04.28 14:01:38 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010.04.28 14:01:38 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010.04.28 14:01:38 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010.04.28 14:01:38 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010.04.28 14:01:38 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010.04.28 14:01:38 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010.04.28 14:01:38 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010.04.28 14:01:38 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010.04.28 14:01:38 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010.04.28 14:01:38 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010.04.28 14:01:38 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010.04.28 14:01:38 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2010.04.28 14:01:38 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2010.04.28 14:01:38 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2010.04.28 14:01:38 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2010.04.28 14:01:38 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2010.04.28 14:01:38 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2010.04.28 14:01:38 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2010.04.28 14:01:38 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2010.04.28 14:01:38 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2010.04.28 14:01:38 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2010.04.28 14:01:38 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2010.04.28 14:01:38 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2010.04.28 14:01:38 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2010.04.28 14:01:38 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2010.04.28 14:01:38 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2010.04.28 14:01:38 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2010.04.28 14:01:38 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2010.04.28 14:01:38 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2010.04.28 14:01:38 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2010.04.28 14:01:38 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2010.04.28 14:01:38 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2010.04.28 14:01:38 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2010.04.28 14:01:38 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2010.04.28 14:01:38 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2010.04.27 22:42:20 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.04.27 13:17:28 | 000,032,768 | ---- | M] () -- C:\WINDOWS\System32\hgtd.ruy
[2010.04.27 13:17:27 | 000,065,024 | ---- | M] () -- C:\WINDOWS\System32\h7t.wt
[2010.04.27 13:15:32 | 000,036,865 | ---- | M] () -- C:\WINDOWS\System32\msfwbiul.dll
[2010.04.27 13:14:46 | 000,081,408 | ---- | M] () -- C:\WINDOWS\System32\drivers\zgbulultew1.sys
[2010.04.27 13:14:24 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2010.04.27 13:14:24 | 000,036,864 | ---- | M] (eSXi) -- C:\WINDOWS\System32\psolpphm@.exe
[2010.04.27 13:13:40 | 000,044,032 | ---- | M] () -- C:\WINDOWS\System32\psolpphm@ .exe
[2010.04.27 13:13:35 | 000,030,000 | ---- | M] () -- C:\WINDOWS\System32\lny3ypo5.dll
[2010.04.27 13:13:22 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2010.04.26 14:35:52 | 000,002,235 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2010.04.14 14:51:50 | 000,000,432 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2010.04.04 00:06:25 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.04.27 13:17:28 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\hgtd.ruy
[2010.04.27 13:17:27 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\h7t.wt
[2010.04.27 13:15:32 | 000,036,865 | ---- | C] () -- C:\WINDOWS\System32\msfwbiul.dll
[2010.04.27 13:15:08 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2010.04.27 13:15:08 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2010.04.27 13:15:08 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2010.04.27 13:15:08 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2010.04.27 13:15:08 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2010.04.27 13:15:07 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2010.04.27 13:15:07 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2010.04.27 13:15:07 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2010.04.27 13:15:07 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2010.04.27 13:15:07 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2010.04.27 13:15:07 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2010.04.27 13:15:07 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2010.04.27 13:15:07 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2010.04.27 13:15:07 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2010.04.27 13:15:07 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2010.04.27 13:15:07 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2010.04.27 13:15:07 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2010.04.27 13:15:07 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2010.04.27 13:15:07 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2010.04.27 13:15:07 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2010.04.27 13:15:07 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2010.04.27 13:15:07 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2010.04.27 13:15:07 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2010.04.27 13:15:07 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2010.04.27 13:14:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010.04.27 13:14:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010.04.27 13:14:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010.04.27 13:14:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010.04.27 13:14:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010.04.27 13:14:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010.04.27 13:14:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010.04.27 13:14:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010.04.27 13:14:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010.04.27 13:14:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010.04.27 13:14:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010.04.27 13:14:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010.04.27 13:14:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010.04.27 13:14:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010.04.27 13:14:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010.04.27 13:14:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010.04.27 13:14:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010.04.27 13:14:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010.04.27 13:14:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010.04.27 13:14:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010.04.27 13:14:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010.04.27 13:14:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010.04.27 13:14:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010.04.27 13:14:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010.04.27 13:13:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\hlogvppi.sys
[2010.04.27 13:13:40 | 000,044,032 | ---- | C] () -- C:\WINDOWS\System32\psolpphm@ .exe
[2010.04.27 13:13:39 | 000,081,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\zgbulultew1.sys
[2010.04.27 13:13:35 | 000,030,000 | ---- | C] () -- C:\WINDOWS\System32\lny3ypo5.dll
[2009.12.06 19:04:23 | 000,020,992 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2008.12.29 20:52:25 | 000,000,141 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2008.12.29 20:52:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2008.12.29 20:52:19 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\brlmw03a.ini
[2008.12.29 20:52:18 | 000,009,853 | ---- | C] () -- C:\WINDOWS\HL-2140.INI
[2008.12.29 20:52:08 | 000,000,432 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008.12.29 20:51:00 | 000,000,283 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2008.10.21 20:23:59 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.10.15 11:33:46 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008.06.16 14:14:06 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008.05.19 15:33:36 | 000,000,021 | ---- | C] () -- C:\WINDOWS\progman.ini
[2008.04.03 17:08:36 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008.04.03 16:45:34 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2008.04.03 16:39:00 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008.04.03 16:37:14 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008.04.03 16:37:14 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008.04.03 16:37:14 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008.04.03 16:37:13 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008.04.03 16:37:13 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008.04.03 16:37:13 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008.04.03 16:30:28 | 000,910,464 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008.04.03 16:30:28 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4860.dll
[2008.04.03 16:28:54 | 000,012,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2008.04.03 16:27:53 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2008.04.03 16:27:44 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2007.07.27 08:37:40 | 000,025,202 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI
[2007.07.27 08:37:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2007.02.27 17:48:38 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007.02.27 17:29:32 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2007.01.16 17:12:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006.09.05 14:20:36 | 000,079,400 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL
[2006.01.27 19:18:01 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006.01.27 19:05:14 | 000,002,963 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005.02.17 11:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005.02.17 11:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001.09.13 04:21:22 | 000,000,455 | ---- | C] () -- C:\WINDOWS\SCROLL.INI
< End of report >
__________________

Alt 28.04.2010, 20:55   #4
darem
 
Win XP, Malwarebytes = Tojan.Agent , Bluescreen - Ausrufezeichen

Win XP, Malwarebytes = Tojan.Agent , Bluescreen



Teil 4

OTL Extras.txt

OTL Extras logfile created on: 28.04.2010 20:52:35 - Run 2
OTL by OldTimer - Version 3.2.3.0 Folder = C:\scanner repair\scanner
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 89,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 98,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 143,89 Gb Total Space | 17,36 Gb Free Space | 12,07% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ***
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ.exe -- (ICQ, LLC.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\FileZilla FTP Client\filezilla.exe" = C:\Programme\FileZilla FTP Client\filezilla.exe:*:Enabled:FileZilla FTP Client -- (FileZilla Project)
"C:\Programme\eMu***e" = C:\Programme\eMu***e:*:Enabled:eMu** -- File not found
"C:\Programme\TmNationsForever\TmForever.exe" = C:\Programme\TmNationsForever\TmForever.exe:*:Enabled:TmForever -- ()
"C:\Programme\ICQLite\ICQLite.exe" = C:\Programme\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite -- File not found
"C:\Programme\ICQ\ICQ6\ICQ.exe" = C:\Programme\ICQ\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- File not found
"C:\Programme\uTorrent\uTorrent.exe" = C:\Programme\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Dokumente und Einstellungen\***\Desktop\utorrent18.exe" = C:\Dokumente und Einstellungen\***\Desktop\utorrent18.exe:*:Enabled:µTorrent -- File not found
"C:\Programme\Zattoo\zattood.exe" = C:\Programme\Zattoo\zattood.exe:*:Enabled:zattood -- ()
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{075473F5-846A-448B-BCB3-104AA1760205}" = RecordNow Data
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0E9905FD-6D7A-4506-BF99-8928F38F105F}_is1" = ICQ 6.5 Build #2024 Banner Remover 1.0
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad-Dienstprogramm 'EasyEject'
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2C313EDC-F12A-40CB-ABDE-04154C4C56E3}" = Brother HL-2140
"{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Präsentationsdirektor
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}" = InterVideo WinDVD Creator 3
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90AB0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint 2003 Template Pack 1
"{90AC0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint 2003 Template Pack 2
"{90AD0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint 2003 Template Pack 3
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Energie-Manager
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = RecordNow Audio
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = RecordNow Copy
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D728E945-256D-4477-B377-6BBA693714AC}" = Ergänzung zu Productivity Center für ThinkPad
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EA2D9BC0-75E9-4975-9A0A-DD82198DDC53}" = MSXML 6.0 Parser
"{F055E1B2-8A05-4D87-8039-1BE979BA4193}" = Client Security Solution
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F705E3E1-A471-426B-9A09-73429F3418EE}" = System Migration Assistant
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"7-Zip" = 7-Zip 4.57
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AwayTask" = Maintenance Manager
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
"Creative VF0260" = Creative Live! Cam Vista IM Driver (1.01.03.1104)
"fahrinfo" = fahrinfo
"FileZilla Client" = FileZilla Client 3.0.5.2
"FL Studio 7" = FL Studio 7
"Foxit Reader" = Foxit Reader
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Lenovo Registration" = Lenovo Registration
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Nero - Burning Rom!UninstallKey" = Nero 6 Enterprise Edition
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OnScreenDisplay" = Anzeige am Bildschirm
"PCMCIAPW" = ThinkPad PC Card Power Policy
"PDFCreator Toolbar" = PDFCreator Toolbar
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel(R) PROSet/Wireless Software
"RealAlt_is1" = Real Alternative 1.9.0
"Remove Multimedia Center" = Remove Multimedia Center
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"TmNationsForever_is1" = TmNationsForever
"VLC media player" = VideoLAN VLC media player 0.8.6f
"WheelMouse" = Mouse Driver V1.0
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMCSetup" = Windows Media Connect
"Zattoo" = Zattoo 3.3.2 Beta
"Zattoo4" = Zattoo4 4.0.4

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 27.04.2010 10:15:23 | Computer Name = *** | Source = Userenv | ID = 1508
Description = Die Registrierung konnte nicht geladen werden. Dies wird oft durch
zuwenig Arbeitsspeicher oder nicht ausreichende Sicherheitsberechtigungen verursacht.
Details - Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen
Prozess verwendet wird. for C:\Dokumente und Einstellungen\***\ntuser.dat

[ System Events ]
Error - 28.04.2010 11:44:48 | Computer Name = *** | Source = Service Control Manager | ID = 7001
Description = Der Dienst "IPSEC-Dienste" ist vom Dienst "IPSEC-Treiber" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31

Error - 28.04.2010 11:44:48 | Computer Name = ***| Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AFD ANC Fips IBMTPCHK intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip TPHKDRV TPPWRIF
TSMAPIP

Error - 28.04.2010 12:06:56 | Computer Name = *** | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "netman"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 28.04.2010 14:41:31 | Computer Name = *** | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 28.04.2010 14:41:54 | Computer Name = *** | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "netman"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 28.04.2010 14:42:02 | Computer Name = *** | Source = Service Control Manager | ID = 7001
Description = Der Dienst "DHCP-Client" ist vom Dienst "NetBios über TCP/IP" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31

Error - 28.04.2010 14:42:02 | Computer Name = *** | Source = Service Control Manager | ID = 7001
Description = Der Dienst "DNS-Client" ist vom Dienst "TCP/IP-Protokolltreiber" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31

Error - 28.04.2010 14:42:02 | Computer Name = ***| Source = Service Control Manager | ID = 7001
Description = Der Dienst "TCP/IP-NetBIOS-Hilfsprogramm" ist vom Dienst "AFD" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31

Error - 28.04.2010 14:42:02 | Computer Name = ***| Source = Service Control Manager | ID = 7001
Description = Der Dienst "IPSEC-Dienste" ist vom Dienst "IPSEC-Treiber" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31

Error - 28.04.2010 14:42:02 | Computer Name = ***| Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AFD ANC Fips IBMTPCHK intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip TPHKDRV TPPWRIF
TSMAPIP


< End of report >

-------------------------------------

Bitte um Hilfe

Geändert von darem (28.04.2010 um 21:00 Uhr)

Alt 25.05.2010, 22:09   #5
darem
 
Win XP, Malwarebytes = Tojan.Agent , Bluescreen - Standard

Win XP, Malwarebytes = Tojan.Agent , Bluescreen



Problem behoben - windows platt gemacht.

Bitte Thread schliessen.


Antwort

Themen zu Win XP, Malwarebytes = Tojan.Agent , Bluescreen
administrator, ask toolbar, bho, bluescree, bluescreen, booten, broken.opencommand, browseui preloader, desktop, einstellungen, explorer, hijack, hijackthis, hijackthis log, hkus\s-1-5-18, infizierte, internet, internet explorer, malwarebytes' anti-malware, object, pdfcreator, programme, proxy, registry, rundll, scan, security, senden, software, spyware.zbot, stolen.data, system, taskman, taskmgr.exe, temp, thinkvantage registry monitor service, trojan.downloader, trojan.gootkit, windows, windows xp, xp prof sp3



Ähnliche Themen: Win XP, Malwarebytes = Tojan.Agent , Bluescreen


  1. Virus von Phising Seite (Tojan.Heur2.JP.TD2@aWV8e!oi)
    Plagegeister aller Art und deren Bekämpfung - 05.08.2014 (2)
  2. Malwarebytes - Bluescreen (Bug)
    Antiviren-, Firewall- und andere Schutzprogramme - 30.06.2014 (3)
  3. Malwarebytes Riskware.Agent.ck
    Log-Analyse und Auswertung - 26.04.2014 (8)
  4. Bluescreen nach Malwarebytes Virenscan
    Plagegeister aller Art und deren Bekämpfung - 31.12.2013 (5)
  5. Mit Malwarebytes Backdoor/Agent ; Trojaner/Agent gefunden. Was Tun?
    Log-Analyse und Auswertung - 05.03.2013 (18)
  6. tojan.fakeRP -was tun?
    Plagegeister aller Art und deren Bekämpfung - 17.02.2013 (1)
  7. Tojan.ransom was nun
    Plagegeister aller Art und deren Bekämpfung - 27.10.2012 (7)
  8. Trojan.Agent.WNL - Malwarebytes
    Log-Analyse und Auswertung - 16.10.2012 (1)
  9. Unlöschbarer Tojan.Agent.Gen - Registry Value!
    Log-Analyse und Auswertung - 26.07.2012 (19)
  10. Tojan.Ransom.Win32 Gimemo.uov
    Plagegeister aller Art und deren Bekämpfung - 11.06.2012 (1)
  11. Tojan.SpyEyes.R
    Plagegeister aller Art und deren Bekämpfung - 25.08.2011 (5)
  12. fakeAlert-REP tojan found UND Programm(de)installationen gehen auch nicht (mehr)
    Log-Analyse und Auswertung - 11.05.2011 (3)
  13. Bluescreen nach Scannlauf (mit Malwarebytes' Anti-Malware) und Neustatart
    Plagegeister aller Art und deren Bekämpfung - 09.01.2011 (41)
  14. Mehrere Viren führen zu Webweiterleitungen, Bluescreen etc. / Agent.HZ und TR/Kazy.3557.5
    Plagegeister aller Art und deren Bekämpfung - 22.11.2010 (1)
  15. TR/Agent.afwt.1' + Bluescreen+ Absturz
    Plagegeister aller Art und deren Bekämpfung - 10.11.2008 (14)
  16. Tojan-Dropper - was macht er?
    Plagegeister aller Art und deren Bekämpfung - 31.05.2008 (4)
  17. G Data AV kommt mit Win32:Tojan-gen nicht klar
    Plagegeister aller Art und deren Bekämpfung - 15.01.2008 (6)

Zum Thema Win XP, Malwarebytes = Tojan.Agent , Bluescreen - Hi, Nun zur Sache: Komputer meines Bruders hat Probleme. Laptop , XP Prof SP3, läuft unter Benutzer mit Admin-Rechten. Kein Virenscanner on board Seit Gestern Mittag bootet, dann nach Passworteingabe - Win XP, Malwarebytes = Tojan.Agent , Bluescreen...
Archiv
Du betrachtest: Win XP, Malwarebytes = Tojan.Agent , Bluescreen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.