|
Log-Analyse und Auswertung: Win32:Rootkit-gen [rtk]Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
21.09.2010, 17:26 | #1 |
| Win32:Rootkit-gen [rtk] Hallo, mein Antivirenprogramm (AVAST 5.0.677) meldete folgenden Virus in den Container verschoben zu haben: Win32:Rootkit-gen [Rtk] in folgendem Prozess: yhec.exe in folgendem Ordner: .../anwendungsdaten/lfica Ich weiß woher er stammt, ich hab gedankenlos neben dem telefonieren Emails gecheckt und auf einen Anhang geklickt (komplett multitasking unfähig), würde ich sonst nie machen) der mich auf eine website geschickt hat. Avast dazu: JS-Redirector-DW [Trj] Nachdem Avast sofort alles in den container geschickt hat und ich zwei gründliche Scans ohne weitere Warnung durchgeführt habe, bitte ich jemanden der sich auskennt (dazu gehöre ich nicht), untenstehendes Logfile anzusehen. Ist mein Rechner nun infiziert, oder bin ich mit dem Schreck davon gekommen? Ich danke schon mal für Antwort. Mfg HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:01:35, on 21.09.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\WINDOWS\system32\acs.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\WINDOWS\system32\Ati2evxx.exe C:\Programme\IBM\IBM Rapid Restore Ultra\rrpcsb.exe C:\WINDOWS\Explorer.EXE C:\Programme\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe C:\WINDOWS\System32\TPHDEXLG.exe C:\WINDOWS\system32\TpKmpSVC.exe C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe C:\Programme\Lenovo\System Update\SUService.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\TpShocks.exe C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\Programme\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\TpScrLk.exe C:\Programme\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe C:\IBMTOOLS\UTILS\ibmprc.exe C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe C:\WINDOWS\System32\svchost.exe E:\005download\hijackthis\HijackThis.exe C:\Programme\Mozilla Firefox\firefox.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Programme\ThinkPad\Utilities\TpKmapAp.exe -helper O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe O4 - HKLM\..\Run: [TP4EX] tp4ex.exe O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor O4 - HKLM\..\Run: [BMMLREF] C:\Programme\ThinkPad\Utilities\BMMLREF.EXE O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe O4 - HKLM\..\Run: [PRONoMgrWired] C:\Programme\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [{BDB1A116-A244-7A2A-D4A2-A54E77E4E2A3}] "C:\Dokumente und Einstellungen\Georg\Anwendungsdaten\Ifica\yhec.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\jp2iexp.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O11 - Options group: [JAVA_IBM] Java (IBM) O15 - Trusted Zone: hxxp://*.windowsupdate.com O15 - Trusted Zone: hxxp://download.windowsupdate.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - hxxp://go.microsoft.com/fwlink/?linkid=39204 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing) O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Aca15avipswr - Intel Corporation - (no file) O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Programme\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Programme\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Programme\Alwil Software\Avast5\AvastSvc.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Programme\IBM\IBM Rapid Restore Ultra\rrpcsb.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Programme\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing) O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Programme\Lenovo\System Update\SUService.exe O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe -- End of file - 9226 bytes |
22.09.2010, 21:46 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win32:Rootkit-gen [rtk] Hallo und
__________________Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
27.09.2010, 16:43 | #3 |
| Win32:Rootkit-gen [rtk] Hallo Cosinus,
__________________danke für deine Antwort. Hat etwas gedauert, hier erstmal der Log von Malwarebytes Vollscan mit aktualisiertem Programm: Malwarebytes' Anti-Malware 1.46 Malwarebytes Datenbank Version: 4703 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 27.09.2010 17:29:10 mbam-log-2010-09-27 (17-29-10).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|) Durchsuchte Objekte: 225511 Laufzeit: 55 Minute(n), 18 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Programme\REALVIZ\Stitcher 4.0\CrackBatch400.exe (Trojan.Bancos) -> Quarantined and deleted successfully. C:\Programme\REALVIZ\Stitcher 4.0\CrackStitcher400.exe (Trojan.Bancos) -> Quarantined and deleted successfully. |
27.09.2010, 16:57 | #4 |
| Win32:Rootkit-gen [rtk] Und die beiden OTL Logs ******************************OTL Logfile: Code:
ATTFilter OTL logfile created on: 27.09.2010 17:46:22 - Run 2 OTL by OldTimer - Version 3.2.14.1 Folder = E:\005download\otl Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 511,00 Mb Total Physical Memory | 60,00 Mb Available Physical Memory | 12,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 70,00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 22,69 Gb Total Space | 7,73 Gb Free Space | 34,08% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 10,04 Gb Total Space | 6,06 Gb Free Space | 60,33% Space Free | Partition Type: FAT32 F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive Y: | 20,61 Gb Total Space | 7,19 Gb Free Space | 34,89% Space Free | Partition Type: FAT Drive Z: | 20,11 Gb Total Space | 12,61 Gb Free Space | 62,71% Space Free | Partition Type: FAT Computer Name: METEORIT Current User Name: Georg Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - E:\005download\otl\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software) PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) PRC - C:\Programme\Lenovo\System Update\SUService.exe (Lenovo Group Limited) PRC - C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo ) PRC - C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo ) PRC - C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo ) PRC - C:\WINDOWS\system32\ibmpmsvc.exe (Lenovo) PRC - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) PRC - C:\WINDOWS\system32\TpShocks.exe (Lenovo.) PRC - C:\Programme\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.) PRC - C:\WINDOWS\system32\TPHDEXLG.exe (Lenovo.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\acs.exe (Atheros) PRC - C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited) PRC - C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited) PRC - C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe () PRC - C:\Programme\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe (Lenovo Group Limited) PRC - C:\WINDOWS\system32\dla\DLACTRLW.EXE (Sonic Solutions) PRC - C:\Programme\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe () PRC - C:\WINDOWS\system32\TpKmpSvc.exe () PRC - C:\WINDOWS\system32\drivers\CDAC11BA.EXE (Macrovision) PRC - C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) PRC - C:\Programme\IBM\IBM Rapid Restore Ultra\rrpcsb.exe () PRC - C:\IBMTOOLS\utils\ibmprc.exe (IBM Corp.) PRC - C:\Programme\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe (Intel(R) Corporation) PRC - C:\WINDOWS\system32\TpScrLk.exe () ========== Modules (SafeList) ========== MOD - E:\005download\otl\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (PsaSrv) -- C:\WINDOWS\System32\PsaSrv.exe File not found SRV - (avast! Web Scanner) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV - (avast! Mail Scanner) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV - (avast! Antivirus) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV - (SUService) -- C:\Programme\Lenovo\System Update\SUService.exe (Lenovo Group Limited) SRV - (AcPrfMgrSvc) -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo ) SRV - (AcSvc) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo ) SRV - (IBMPMSVC) -- C:\WINDOWS\system32\ibmpmsvc.exe (Lenovo) SRV - (TPHDEXLGSVC) -- C:\WINDOWS\system32\TPHDEXLG.exe (Lenovo.) SRV - (acs) -- C:\WINDOWS\system32\acs.exe (Atheros) SRV - (TVT Scheduler) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited) SRV - (ThinkVantage Registry Monitor Service) -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited) SRV - (usnjsvc) -- C:\Programme\MSN Messenger\usnsvc.exe (Microsoft Corporation) SRV - (Adobe LM Service) -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems) SRV - (TpKmpSVC) -- C:\WINDOWS\system32\TpKmpSvc.exe () SRV - (C-DillaCdaC11BA) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE (Macrovision) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (IBM Rapid Restore Ultra Service) -- C:\Programme\IBM\IBM Rapid Restore Ultra\rrpcsb.exe () ========== Driver Services (SafeList) ========== DRV - (USBAAPL) -- C:\WINDOWS\System32\Drivers\usbaapl.sys File not found DRV - (UIUSys) -- C:\WINDOWS\System32\drivers\UIUSys.sys File not found DRV - (DS1410D) -- C:\WINDOWS\System32\drivers\DS1410D.SYS File not found DRV - (AR5211) -- C:\WINDOWS\System32\DRIVERS\ar5211.sys File not found DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software) DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software) DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.) DRV - (smihlp2) SMI Helper Driver (smihlp2) -- C:\Programme\Gemeinsame Dateien\ThinkVantage Fingerprint Software\Drivers\smihlp.sys (UPEK Inc.) DRV - (ANC) -- C:\WINDOWS\system32\drivers\ANC.sys (IBM Corp.) DRV - (IBMTPCHK) -- C:\WINDOWS\system32\drivers\IBMBLDID.sys () DRV - (IBMPMDRV) -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys (Lenovo.) DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.) DRV - (TcUsb) -- C:\WINDOWS\system32\drivers\tcusb.sys (UPEK Inc.) DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (Shockprf) -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys (Lenovo.) DRV - (TPDIGIMN) -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys (Lenovo.) DRV - (NSCIRDA) -- C:\WINDOWS\system32\drivers\nscirda.sys (National Semiconductor Corporation) DRV - (amdagp) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (sisagp) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (WSIMD) -- C:\WINDOWS\system32\drivers\wsimd.sys (Atheros Communications, Inc.) DRV - (TSMAPIP) -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS () DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (Smapint) -- C:\WINDOWS\system32\drivers\SMAPINT.SYS (Microsoft Corporation) DRV - (TDSMAPI) -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS () DRV - (hardlock) -- C:\WINDOWS\system32\drivers\hardlock.sys (Aladdin Knowledge Systems) DRV - (Haspnt) -- C:\WINDOWS\system32\drivers\Haspnt.sys (Aladdin Knowledge Systems) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (DLAUDFAM) -- C:\WINDOWS\system32\dla\DLAUDFAM.SYS (Sonic Solutions) DRV - (DLAUDF_M) -- C:\WINDOWS\system32\dla\DLAUDF_M.SYS (Sonic Solutions) DRV - (DLAIFS_M) -- C:\WINDOWS\system32\dla\DLAIFS_M.SYS (Sonic Solutions) DRV - (DLABOIOM) -- C:\WINDOWS\system32\dla\DLABOIOM.SYS (Sonic Solutions) DRV - (DLAOPIOM) -- C:\WINDOWS\system32\dla\DLAOPIOM.SYS (Sonic Solutions) DRV - (DLAPoolM) -- C:\WINDOWS\system32\dla\DLAPoolM.SYS (Sonic Solutions) DRV - (DLADResN) -- C:\WINDOWS\system32\dla\DLADResN.SYS (Sonic Solutions) DRV - (drvmcdb) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions) DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions) DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions) DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions) DRV - (TPHKDRV) -- C:\WINDOWS\System32\drivers\TPHKDRV.sys (IBM Corporation) DRV - (AtmelTpm) -- C:\WINDOWS\system32\drivers\atmeltpm.sys (Atmel, Inc.) DRV - (CdaC15BA) -- C:\WINDOWS\system32\drivers\CDAC15BA.SYS (Macrovision Europe Ltd) DRV - (ibmfilter) -- C:\WINDOWS\system32\drivers\ibmfilter.sys (IBM) DRV - (TPPWR) -- C:\WINDOWS\system32\drivers\TPPWR.SYS (IBM Corp.) DRV - (DgiVecp) -- C:\WINDOWS\system32\drivers\DGIVECP.SYS (DeviceGuys, Inc.) DRV - (EGATHDRV) -- C:\WINDOWS\system32\egathdrv.sys (IBM Corporation) DRV - (S3SSavage) -- C:\WINDOWS\system32\drivers\s3ssavm.sys (S3 Graphics, Inc.) DRV - (CmdIde) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (Sparrow) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (sym_u3) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (sym_hi) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (symc8xx) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (symc810) -- C:\WINDOWS\System32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (ultra) -- C:\WINDOWS\System32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (ql12160) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1080) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ql1280) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (dac2w2k) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (mraid35x) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (asc) -- C:\WINDOWS\System32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (asc3550) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (AliIde) -- C:\WINDOWS\System32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (TwoTrack) -- C:\WINDOWS\system32\drivers\TwoTrack.sys (IBM Corporation) DRV - (LucentSoftModem) -- C:\WINDOWS\system32\drivers\LTSM.sys (Lucent Technologies) DRV - (ac97intc) Intel(r) 82801 Audiotreiber-Installationsdienst (WDM) -- C:\WINDOWS\system32\drivers\ac97intc.sys (Intel Corporation) DRV - (Sentinel) -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS (Rainbow Technologies, Inc.) DRV - (Sntnlusb) -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS (Rainbow Technologies Inc.) DRV - (PMEM) -- C:\WINDOWS\system32\drivers\PMEMNT.SYS (Microsoft Corporation) DRV - (OlCamudp) -- C:\WINDOWS\system32\drivers\olcamudp.sys (OLYMPUS Optical Co.,Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..network.proxy.type: 1 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.09.21 15:30:47 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.09.17 10:48:09 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.09.19 16:01:06 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2010.08.31 14:11:51 | 000,000,000 | ---D | M] [2010.09.13 16:14:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Georg\Anwendungsdaten\Mozilla\Extensions [2010.09.13 16:14:23 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Georg\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.09.27 09:26:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Georg\Anwendungsdaten\Mozilla\Firefox\Profiles\wjilaf7g.default\extensions [2010.04.28 08:15:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Georg\Anwendungsdaten\Mozilla\Firefox\Profiles\wjilaf7g.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2005.10.10 17:00:40 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Georg\Anwendungsdaten\Mozilla\Firefox\Profiles\wjilaf7g.default\extensions\{8e117890-a33f-424b-a2ea-deb272731365} [2010.09.22 12:05:17 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Georg\Anwendungsdaten\Mozilla\Firefox\Profiles\wjilaf7g.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2010.09.27 09:26:54 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2008.06.09 14:59:39 | 000,243,136 | ---- | M] (Viewpoint Corporation) -- C:\Programme\Mozilla Firefox\plugins\npViewpoint_0306003B.dll [2010.09.17 10:48:01 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.09.17 10:48:01 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.09.17 10:48:01 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.09.17 10:48:01 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.09.17 10:48:01 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2001.08.18 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\DLASHX_W.DLL (Sonic Solutions) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll () O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll () O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll () O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avast5] C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software) O4 - HKLM..\Run: [BMMGAG] C:\Programme\ThinkPad\Utilities\PWRMONIT.DLL (IBM Corp.) O4 - HKLM..\Run: [BMMLREF] C:\Programme\ThinkPad\Utilities\BMMLREF.EXE () O4 - HKLM..\Run: [BMMMONWND] C:\Programme\ThinkPad\Utilities\BATINFEX.DLL (IBM Corp.) O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\dla\DLACTRLW.EXE (Sonic Solutions) O4 - HKLM..\Run: [EZEJMNAP] C:\Programme\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.) O4 - HKLM..\Run: [IBMPRC] C:\IBMTOOLS\utils\ibmprc.exe (IBM Corp.) O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [PRONoMgrWired] C:\Programme\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe (Intel(R) Corporation) O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited) O4 - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe () O4 - HKLM..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe () O4 - HKLM..\Run: [TPKMAPHELPER] C:\Programme\ThinkPad\Utilities\TpKmapAp.exe (Lenovo) O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo.) O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited) O4 - HKCU..\Run: [IBM RecordNow!] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\npjpi160_11.dll (Sun Microsystems, Inc.) O15 - HKCU\..Trusted Domains: ([]msn in Arbeitsplatz) O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] http in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] https in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: microsoft.com ([update] https in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: windowsupdate.com ([]http in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: windowsupdate.com ([download] http in Vertrauenswürdige Sites) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/1.4.1/jinstall-141-win.cab (Java Plug-in 1.4.1) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\ACNotify: DllName - ACNotify.dll - C:\Programme\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo ) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\tpfnf2: DllName - notifyf2.dll - C:\WINDOWS\System32\notifyf2.dll () O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll () O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Georg\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Georg\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004.12.14 10:22:58 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{150bae92-1093-11df-8c57-000e9b6c6699}\Shell - "" = AutoRun O33 - MountPoints2\{150bae92-1093-11df-8c57-000e9b6c6699}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{150bae92-1093-11df-8c57-000e9b6c6699}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O33 - MountPoints2\{9df154f1-da45-11dc-89aa-000e9b6c6699}\Shell - "" = AutoRun O33 - MountPoints2\{9df154f1-da45-11dc-89aa-000e9b6c6699}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9df154f1-da45-11dc-89aa-000e9b6c6699}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.09.27 17:30:38 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Georg\Recent [2010.09.27 16:26:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Georg\Anwendungsdaten\Malwarebytes [2010.09.27 16:24:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.09.27 16:24:38 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.09.27 16:24:38 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.09.27 16:24:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.09.22 12:05:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Georg\Anwendungsdaten\QuickScan [2010.09.20 14:23:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Georg\Anwendungsdaten\Zofy [2010.09.20 14:23:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Georg\Anwendungsdaten\Ifica [2010.08.31 14:10:52 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime [2006.08.05 16:04:24 | 000,118,867 | ---- | C] ( ) -- C:\WINDOWS\System32\DSLLK175.dll [2004.12.13 08:57:36 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\RCCOLLAB.DLL [9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.09.27 17:34:09 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.09.27 17:32:54 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.09.27 17:32:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.09.27 17:32:36 | 535,810,048 | -HS- | M] () -- C:\hiberfil.sys [2010.09.27 17:30:49 | 015,204,352 | ---- | M] () -- C:\Dokumente und Einstellungen\Georg\ntuser.dat [2010.09.27 17:30:49 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\Georg\ntuser.ini [2010.09.27 16:24:43 | 000,000,693 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.27 14:07:58 | 000,002,467 | ---- | M] () -- C:\Dokumente und Einstellungen\Georg\Desktop\Microsoft Word.lnk [2010.09.20 13:45:38 | 000,001,165 | ---- | M] () -- C:\WINDOWS\wincmd.ini [2010.09.20 13:20:12 | 000,000,795 | ---- | M] () -- C:\WINDOWS\wcx_ftp.ini [2010.09.16 11:29:42 | 000,007,518 | ---- | M] () -- C:\Dokumente und Einstellungen\Georg\Desktop\cc_20100916_112937.reg [2010.09.16 11:17:23 | 000,033,718 | ---- | M] () -- C:\Dokumente und Einstellungen\Georg\Desktop\cc_20100916_111715.reg [2010.09.14 09:12:54 | 000,003,049 | ---- | M] () -- C:\WINDOWS\System32\config.nt [2010.09.13 16:14:02 | 000,001,649 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Desktop\Mozilla Thunderbird.lnk [2010.09.07 17:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr [2010.09.07 17:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [2010.09.07 16:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2010.09.07 16:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2010.09.07 16:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2010.09.07 16:47:19 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2010.09.07 16:47:16 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2010.09.07 16:47:07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2010.09.07 16:46:51 | 000,028,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2010.08.31 10:37:48 | 001,053,048 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.08.31 09:00:15 | 000,998,648 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.08.31 09:00:15 | 000,449,390 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.08.31 09:00:15 | 000,433,130 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.08.31 09:00:15 | 000,080,314 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.08.31 09:00:15 | 000,067,704 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.09.27 16:24:43 | 000,000,693 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.16 11:29:40 | 000,007,518 | ---- | C] () -- C:\Dokumente und Einstellungen\Georg\Desktop\cc_20100916_112937.reg [2010.09.16 11:17:19 | 000,033,718 | ---- | C] () -- C:\Dokumente und Einstellungen\Georg\Desktop\cc_20100916_111715.reg [2008.12.23 09:34:37 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll [2008.08.05 10:32:54 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys [2008.07.23 18:50:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2008.07.23 18:47:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest [2008.07.23 18:47:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest [2008.07.23 18:46:38 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll [2008.06.23 18:23:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mtstack16.INI [2008.05.26 17:50:05 | 000,000,185 | ---- | C] () -- C:\Dokumente und Einstellungen\Georg\Anwendungsdaten\mainhst.zgh [2008.05.20 18:23:27 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll [2007.11.12 22:08:02 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll [2007.11.12 22:08:02 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll [2007.04.18 12:32:00 | 000,000,123 | ---- | C] () -- C:\WINDOWS\Winchat.ini [2007.04.18 10:36:17 | 000,000,312 | ---- | C] () -- C:\WINDOWS\pdf2word.INI [2006.12.18 20:32:14 | 000,001,359 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache [2006.12.14 17:47:49 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006.11.17 12:39:10 | 000,000,795 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini [2006.06.09 12:43:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2006.04.18 14:42:35 | 000,000,076 | ---- | C] () -- C:\WINDOWS\Setup Wizard.INI [2006.04.13 10:13:41 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI [2006.03.31 15:24:22 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2006.01.31 18:21:22 | 000,000,044 | ---- | C] () -- C:\WINDOWS\SMWizard.INI [2005.11.21 18:51:38 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys [2005.11.15 17:23:44 | 000,206,611 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Autosave.3dm [2005.10.02 17:20:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI [2005.08.09 18:26:14 | 000,000,019 | ---- | C] () -- C:\WINDOWS\SoundConverter.INI [2005.07.06 00:45:08 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll [2005.06.21 19:46:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL [2005.06.16 23:23:08 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll [2005.05.17 17:58:06 | 000,001,165 | ---- | C] () -- C:\WINDOWS\wincmd.ini [2005.03.29 15:50:34 | 000,000,138 | ---- | C] () -- C:\Dokumente und Einstellungen\Georg\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2004.12.18 22:51:45 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Georg\Anwendungsdaten\sversion.ini [2004.12.15 16:16:25 | 000,102,400 | ---- | C] () -- C:\Dokumente und Einstellungen\Georg\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2004.11.27 09:05:06 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2004.11.27 09:02:56 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll [2004.11.27 09:02:23 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll [2004.11.27 09:02:23 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll [2004.11.27 08:54:42 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2004.11.27 08:54:42 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2004.11.27 08:54:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2004.11.27 08:54:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2004.11.27 08:54:42 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2004.11.27 08:54:42 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2004.11.27 08:53:33 | 000,000,344 | ---- | C] () -- C:\WINDOWS\wininit.ini [2004.11.27 08:45:56 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll [2004.11.27 08:45:36 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2004.11.27 08:45:08 | 000,009,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS [2004.11.27 08:43:21 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll [2004.11.27 08:43:21 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll [2004.11.27 08:25:26 | 000,002,458 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2004.03.19 22:12:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\pwdmon.dll [2004.03.19 13:12:10 | 000,019,692 | ---- | C] () -- C:\WINDOWS\ibmprc.ini [2004.01.09 16:10:32 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\AIBMRUNL.dll [2003.02.25 01:52:33 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini [1980.01.01 10:00:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx(3).dll < End of report > ************************OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 27.09.2010 17:46:22 - Run 2 OTL by OldTimer - Version 3.2.14.1 Folder = E:\005download\otl Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 511,00 Mb Total Physical Memory | 60,00 Mb Available Physical Memory | 12,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 70,00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 22,69 Gb Total Space | 7,73 Gb Free Space | 34,08% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 10,04 Gb Total Space | 6,06 Gb Free Space | 60,33% Space Free | Partition Type: FAT32 F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive Y: | 20,61 Gb Total Space | 7,19 Gb Free Space | 34,89% Space Free | Partition Type: FAT Drive Z: | 20,11 Gb Total Space | 12,61 Gb Free Space | 62,71% Space Free | Partition Type: FAT Computer Name: METEORIT Current User Name: Georg Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Programme\IBM\Updater\jre\bin\java.exe" = C:\Programme\IBM\Updater\jre\bin\java.exe:*:Enabled:IBM Update Connector -- File not found "C:\Programme\IBM\Updater\jre\bin\javaw.exe" = C:\Programme\IBM\Updater\jre\bin\javaw.exe:*:Enabled:IBM Update Connector -- File not found "C:\Programme\IBM\Updater\ucsmb.exe" = C:\Programme\IBM\Updater\ucsmb.exe:*:Enabled:IBM Update Connector -- File not found "C:\Programme\MSN Messenger\msncall.exe" = C:\Programme\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found "C:\Programme\MSN Messenger\livecall.exe" = C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\IBM\Updater\jre\bin\java.exe" = C:\Programme\IBM\Updater\jre\bin\java.exe:*:Enabled:IBM Update Connector -- File not found "C:\Programme\IBM\Updater\jre\bin\javaw.exe" = C:\Programme\IBM\Updater\jre\bin\javaw.exe:*:Enabled:IBM Update Connector -- File not found "C:\Programme\IBM\Updater\ucsmb.exe" = C:\Programme\IBM\Updater\ucsmb.exe:*:Enabled:IBM Update Connector -- File not found "C:\Programme\AliasWavefront\Maya5.0\bin\maya.exe" = C:\Programme\AliasWavefront\Maya5.0\bin\maya.exe:*:Disabled:Maya -- File not found "C:\Programme\Real\RealPlayer\realplay.exe" = C:\Programme\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- File not found "C:\Programme\CA\eTrust Antivirus\InoRpc.exe" = C:\Programme\CA\eTrust Antivirus\InoRpc.exe:138.232.1.207/255.255.255.255:Enabled:eTrust Antivirus Administrationsserver -- File not found "C:\Programme\CA\eTrust Antivirus\Realmon.exe" = C:\Programme\CA\eTrust Antivirus\Realmon.exe:138.232.1.207/255.255.255.255:Enabled:eTrust Antivirus Realmon -- File not found "C:\Programme\CA\eTrust Antivirus\InocIT.exe" = C:\Programme\CA\eTrust Antivirus\InocIT.exe:138.232.1.207/255.255.255.255:Enabled:eTrust Antivirus InocIT -- File not found "C:\Programme\CA\eTrust Antivirus\Shellscn.exe" = C:\Programme\CA\eTrust Antivirus\Shellscn.exe:*:Enabled:Shellscn -- File not found "C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation) "C:\Programme\Alias\Maya7.0\bin\maya.exe" = C:\Programme\Alias\Maya7.0\bin\maya.exe:*:Enabled:Maya -- File not found "\\georg\DOWNLOADS\netgear\wpgs606_sw_10024\SW_10024\Utility\Utility\WINNT_XP\Setup Wizard.exe" = \\georg\DOWNLOADS\netgear\wpgs606_sw_10024\SW_10024\Utility\Utility\WINNT_XP\Setup Wizard.exe:*:Enabled:Netgear-WGPS606-SetupWizard "C:\Programme\Adobe\InDesign CS\InDesign.exe" = C:\Programme\Adobe\InDesign CS\InDesign.exe:*:Disabled:InDesign Application -- (Adobe Systems Incorporated) "C:\Programme\MSN Messenger\msncall.exe" = C:\Programme\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found "C:\Programme\totalcmd\TOTALCMD.EXE" = C:\Programme\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows -- (C. Ghisler & Co.) "C:\Programme\Mozilla Thunderbird\thunderbird.exe" = C:\Programme\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird -- (Mozilla Messaging) "C:\Programme\MSN Messenger\livecall.exe" = C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation) "C:\Programme\Orbitdownloader\orbitnet.exe" = C:\Programme\Orbitdownloader\orbitnet.exe:*:Disabled:P2P service of Orbit Downloader -- File not found "C:\Programme\Cleaner 5\cleaner 5.exe" = C:\Programme\Cleaner 5\cleaner 5.exe:*:Disabled:Cleaner Application -- File not found "C:\Programme\BitTorrent\bittorrent.exe" = C:\Programme\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found "C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0383CC25-67FD-4D07-8AD5-4B6F6AFA23EA}" = Eurofibu EA 2009 Standard "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel "{1007F41F-7D69-468E-8017-3849A5A973C2}" = IBM ThinkVantage Technologies Welcome Message "{11783F13-C3A9-44A8-929B-21A476F65272}" = IBM Rescue and Recovery with Rapid Restore "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA "{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad-Dienstprogramm 'EasyEject' "{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu "{16906D21-0656-4F8B-9A01-C3D24B5401FC}" = Intel(R) PROSet for Wired Connections "{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav" "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor für Windows "{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = Dienstprogramm 'ThinkPad-Tastaturanpassung' "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11 "{279DB581-239C-4E13-97F8-0F48E40BE75C}" = Windows Live Messenger "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager "{31800004-6386-4999-A519-518F2D78D8F0}" = Python 2.5.1 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION "{416DFEDD-9F1B-4EFC-AF70-FCA891AE0251}" = Adobe InDesign CS "{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz "{5783F2D7-0201-0407-0002-0060B0CE6BBA}" = AutoCAD 2004 "{5783F2D7-0211-0409-0000-0060B0CE6BBA}" = AutoCAD Express Tools Volumes 1-9 "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8 "{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0 "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler "{6C72E14A-C1F3-45E5-8810-83CE3C19ED63}" = IBM 32-bit Runtime Environment for Java 2, v1.4.1 "{6CE96A14-61E2-48CC-837E-22710A953ADE}" = IBM Themes "{70C592EC-AE9B-4734-928B-676E824FB41E}" = MFC RunTime files "{747FBF94-3C06-438C-AB05-61CBC86CD1D7}" = Deutsch + Sonderzeichen 0.12 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7AD4D6E7-CF00-4299-A8BF-EED77E37770E}" = Atmel Tpm Install 2.1.1.01 "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections "{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = ThinkPad-UltraNav-Assistent "{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update "{8745DEAB-1126-42F5-9585-C66D5497B47B}" = EMEA Wallpaper "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow! "{9A1E6130-8F5E-4076-899A-D51FF01EDA6C}" = System Migration Assistant 5.0 "{9F98C9F8-9B49-411C-AFB9-AF633249FA7C}" = ThinkVantage Fingerprint Software 5.8 "{9FAC9E5C-0D20-4DBF-AFE5-2E09C52A95A2}" = ThinkPad 11a/b/g/n Wireless LAN Mini-PCI Express Adapter "{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A833A505-4D7A-41F5-9362-A2F8DFFE6E9B}" = Camera Window "{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update "{AC76BA86-0000-7EC8-7489-000000000603}" = Adobe Acrobat and Reader 6.0.3 Update "{AC76BA86-0000-7EC8-7489-000000000604}" = Adobe Acrobat and Reader 6.0.4 Update "{AC76BA86-0000-7EC8-7489-000000000605}" = Adobe Acrobat and Reader 6.0.5 Update "{AC76BA86-0000-7EC8-7489-000000000606}" = Adobe Acrobat and Reader 6.0.6 Update "{AC76BA86-1033-F400-7760-000000000001}" = Adobe Acrobat 6.0.1 Professional - English, Français, Deutsch "{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.6 - Deutsch "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2 "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{DD066C5F-A5C6-4A2B-8A08-7E3395B72C24}" = CIG "{EA664480-3844-11D5-8C25-444553540000}" = Funktion "TrackPoint-Eingabehilfen" "{EC3B598C-1151-4191-B5B4-A9072ADE6259}_is1" = ZipGenius 6 (6.0.3.1150) "{EC6AF20D-4376-4070-BEE4-D3A0DFF7E140}" = Access IBM "{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS "{F413B3A4-EE5D-457C-BAE5-6E58D9589ED5}" = Access IBM Message Center "{FC081D4D-DF1B-4CF1-B530-027E4118D846}" = ThinkPad-Konfiguration "{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus "7-Zip" = 7-Zip 4.57 "Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Illustrator CS2" = Adobe Illustrator CS2 "Adobe Shockwave Player" = Adobe Shockwave Player 11 "Adobe SVG Viewer" = Adobe SVG Viewer 3.0 "All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software "AMP Font Viewer" = AMP Font Viewer "ATI Display Driver" = ATI Display Driver "Autodesk Express Viewer" = Autodesk Express Viewer "avast5" = avast! Free Antivirus "Blender" = Blender (remove only) "Canon LBP2900" = Canon LBP2900 "CCleaner" = CCleaner "CdaC13Ba" = SafeCast Shared Components "CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014" = ThinkPad Integrated 56K Modem "Free Disk Analyzer" = Free Disk Analyzer "GPL Ghostscript 8.61" = GPL Ghostscript 8.61 "GPL Ghostscript Fonts" = GPL Ghostscript Fonts "InBooklet" = InBooklet "InstallShield_{6C72E14A-C1F3-45E5-8810-83CE3C19ED63}" = IBM 32-bit Runtime Environment for Java 2, v1.4.1 "InstallShield_{A833A505-4D7A-41F5-9362-A2F8DFFE6E9B}" = Canon Camera Window for ZoomBrowser EX "InstallShield_{DD066C5F-A5C6-4A2B-8A08-7E3395B72C24}" = Canon Internet Library for ZoomBrowser EX "KompoZer_is1" = KompoZer 0.77 "Macromedia Shockwave Player" = Macromedia Shockwave Player "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10) "Mozilla Thunderbird (3.1.4)" = Mozilla Thunderbird (3.1.4) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MSMONEYV60" = Microsoft Money 98 "PDF Blender" = PDF Blender "PhotoRecord" = Canon PhotoRecord "Power Features" = IBM ThinkPad 'Akku-MaxiMiser' und Stromsparfunktionen "Power Management Driver" = ThinkPad Power Management Driver "Presentation Director" = ThinkPad-Präsentationsdirektor "PROSet" = Intel(R) PRO Network Connections Drivers "Rainbow Sentinel Driver" = Sentinel System Driver "Samsung CLP-510 Series" = Samsung CLP-510 Series "SynTPDeinstKey" = ThinkPad UltraNav Driver "ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier "Totalcmd" = Total Commander (Remove or Repair) "TPKBDLED" = Scroll Lock Indicator Utility "Unlocker" = Unlocker 1.8.7 "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "winscp3_is1" = WinSCP 4.0.4 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "xp-AntiSpy" = xp-AntiSpy 3.97-9 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 "Yaf(a)Ray_is1" = Yaf(a)Ray 0.1.0 "Yet Another Free RayTracer for Windows_is1" = Yet Another Free RayTracer for Windows 0.0.9 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 15.07.2009 06:34:08 | Computer Name = METEORIT | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung thunderbird.exe, Version 1.8.20090.60502, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 17.07.2009 02:42:04 | Computer Name = METEORIT | Source = Microsoft Office 10 | ID = 1000 Description = Faulting application winword.exe, version 10.0.2627.0, faulting module ntdll.dll, version 5.1.2600.5755, fault address 0x00010a19. Error - 17.07.2009 02:42:17 | Computer Name = METEORIT | Source = Microsoft Office 10 | ID = 1000 Description = Faulting application winword.exe, version 10.0.2627.0, faulting module ntdll.dll, version 5.1.2600.5755, fault address 0x00010a19. Error - 20.07.2009 09:55:19 | Computer Name = METEORIT | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.5512, fehlgeschlagenes Modul msvcr80.dll, Version 8.0.50727.1433, Fehleradresse 0x000149d1. Error - 27.07.2009 13:07:46 | Computer Name = METEORIT | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung iTunes.exe, Version 8.2.1.6, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 03.08.2009 11:21:09 | Computer Name = METEORIT | Source = MsiInstaller | ID = 11706 Description = Product: Microsoft Office XP Professional with FrontPage -- Error 1706. Setup cannot find the required files. Check your connection to the network, or CD-ROM drive. For other potential solutions to this problem, see C:\Programme\Microsoft Office\Office10\1033\SETUP.HLP. Error - 04.08.2009 05:32:01 | Computer Name = METEORIT | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung applemobiledevicehelper.exe, Version 8.2.596.2, fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.5755, Fehleradresse 0x000369da. [ System Events ] Error - 21.09.2010 09:45:33 | Computer Name = METEORIT | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. Error - 21.09.2010 09:45:37 | Computer Name = METEORIT | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. Error - 21.09.2010 09:45:41 | Computer Name = METEORIT | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. Error - 21.09.2010 09:45:45 | Computer Name = METEORIT | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. Error - 21.09.2010 09:45:49 | Computer Name = METEORIT | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. Error - 21.09.2010 12:13:27 | Computer Name = METEORIT | Source = BROWSER | ID = 8032 Description = Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{C4936B35-203D-41E5-96A4-929544759751}" zu oft fehl. Der Sicherungssuchdienst wird beendet. Error - 22.09.2010 05:33:26 | Computer Name = METEORIT | Source = Service Control Manager | ID = 7000 Description = Der Dienst "DS1410D" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 27.09.2010 03:15:43 | Computer Name = METEORIT | Source = Service Control Manager | ID = 7000 Description = Der Dienst "DS1410D" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 27.09.2010 07:07:24 | Computer Name = METEORIT | Source = BROWSER | ID = 8032 Description = Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{C4936B35-203D-41E5-96A4-929544759751}" zu oft fehl. Der Sicherungssuchdienst wird beendet. Error - 27.09.2010 11:34:09 | Computer Name = METEORIT | Source = Service Control Manager | ID = 7000 Description = Der Dienst "DS1410D" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 < End of report > ************************** |
27.09.2010, 22:16 | #5 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win32:Rootkit-gen [rtk]Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
28.09.2010, 08:08 | #6 |
| Win32:Rootkit-gen [rtk] hallo cosinus, das ist eine sehr gute Frage. Ein Foto-Stitch Programm von Autodesk Realviz ist eine Panoramafotosoftware- kann mich nicht erinnern, das einst installiert zu haben. Allerdings könnte das noch vom vorhergehenden Nutzer des Computers stammen - zuminest der Ordner mit dem offensichtlichen Crack Dateien. Falls das nun tatsächlich ein Virus namens Trojan.Bancos ist dann hätte ich den wohl schon seit Erwerb des Computers. Gemacht wurde der nun leere Ordner am Donnerstag, 05. Mai 2005, 20:11:30 Hierher gekommen bin ich ja wegem dem Win32:Rootkit-gen [Rtk] - gibt's da was zu sehen, Herr Computerdoktor? Was nun, weiterer Scan? Danke für die Hilfe! Georg |
28.09.2010, 12:30 | #7 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win32:Rootkit-gen [rtk] Sry aber wieso verwendest Du eine Windows-Installation, die der Vorbesitzer auch genutzt hat? Grundsätzlich installiert man Windows komplett neu, wenn der Rechner den Besitzer wechselt oder willst Du mit den Altlasten, Dateileichen und Schädlingen des Vorbesitzers kämpfen? Ich rate Dir zu einer Neuinstallation von Windows.
__________________ Logfiles bitte immer in CODE-Tags posten |
28.09.2010, 13:08 | #8 |
| Win32:Rootkit-gen [rtk] Danke Arne für deinen Tip - Erklärung: Windows in einer vorinstalltierten Version - es gibt zwar ein "tolles" IBM Recovery and Rescue Programm, aber da durch zu ackern war nicht gerade sehr verlockend. Also blieb mal die alte, und das würde auch so bleiben, außer es wäre nun hier eine Infizierung mit weiteren Viren festgestellt worden. Ich hab erneut das Malwarebytes Vollscan durchlaufen lassen, nichts weiter. Ich werde mir überlegen, deinen Ratschlag zu befolgen, danke und viel Erfolg. |
Themen zu Win32:Rootkit-gen [rtk] |
adobe, antivirus, avast, avast!, bho, einstellungen, excel, explorer, firefox, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, lenovo, logfile, monitor, mozilla, plug-in, programm, prozess, registry, rootkit, rundll, software, system, thinkvantage registry monitor service, trojaner, virus, warnung, windows, windows xp |