Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Internet Explorer startet ohne Grund automatisch

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 22.03.2011, 15:04   #1
LolaLo
 
Internet Explorer startet ohne Grund automatisch - Standard

Internet Explorer startet ohne Grund automatisch



Liebe Alle,

seit heute verhält sich mein Computer merkwürdig: ohne ersichtlichen Grund startet der Internetexplorer automatisch mit Werbung als Startseite. Ca. alle Stunde.

Ich verwende für gewöhnlichen Firefox. Gestern habe ich "Freemind" heruntergeladen. Allerdings war ich dabei wohl leichtsinnig und habe einer mir bis dahin nicht vertrauten Seite Vertrauen geschenkt (Details weiss ich nicht mehr). Jedenfalls habe ich eine .exe zugelassen, wobei danach nichts für mich ersichtliches passiert ist...
Ich vermute einen Trojaner. Mein Problem habe ich brav gegoogel t jedoch nichts gefunden, dass mir wirklich weiterhelfen würde. Meine Computerfähigkeiten sind nicht so. Ich habe Angst, was kaputt zu machen...
Bereits jetzt bedanke ich mich ganz herzlich bei Euch!
Liebe Grüße,
Anja

Und hier die beiden Log-Files:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 22.03.2011 15:22:13 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\***\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 47,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 153,68 Gb Total Space | 74,72 Gb Free Space | 48,62% Space Free | Partition Type: NTFS
Drive Q: | 9,77 Gb Total Space | 2,25 Gb Free Space | 23,04% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.03.22 15:12:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2011.03.21 16:24:22 | 000,143,872 | ---- | M] (Borland International) -- C:\Windows\Kbinya.exe
PRC - [2011.03.17 10:25:32 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.03.08 09:05:17 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010.11.05 13:08:59 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.05 13:08:58 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.09.01 06:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.05.28 11:08:50 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\HSPA USB MODEM\ModemListener.exe
PRC - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010.03.01 09:31:32 | 000,402,792 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
PRC - [2010.03.01 09:29:12 | 000,259,432 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
PRC - [2010.03.01 09:29:10 | 000,124,264 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
PRC - [2010.03.01 09:17:52 | 000,344,064 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
PRC - [2010.02.10 13:40:56 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program Files (x86)\Lenovo\System Update\SUService.exe
PRC - [2009.11.17 10:44:54 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Common Files\DeviceHelper\DeviceManager.exe
PRC - [2009.09.28 07:27:20 | 000,144,752 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe
PRC - [2009.08.31 08:43:46 | 000,241,664 | ---- | M] () -- C:\Program Files (x86)\Join Air\AssistantServices.exe
PRC - [2009.08.28 12:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2009.08.20 00:38:30 | 000,062,752 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\tpfnf6r.exe
PRC - [2009.08.07 03:29:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.08.07 03:29:36 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2009.07.15 01:18:02 | 000,062,320 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2009.07.03 09:47:10 | 000,045,424 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\micmute.exe
PRC - [2009.04.20 16:20:30 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
PRC - [2009.03.13 08:32:48 | 000,068,976 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2009.03.05 08:23:28 | 000,052,600 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\tpnumlkd.exe
PRC - [2009.03.05 07:28:28 | 000,059,760 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\tpnumlk.exe
PRC - [2009.02.02 09:04:10 | 000,067,432 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2007.01.04 17:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.03.22 15:12:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
MOD - [2010.08.21 05:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.03.22 14:40:22 | 000,009,728 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Program Files\T-Online\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service)
SRV:64bit: - [2009.08.18 12:05:18 | 000,045,856 | ---- | M] (Lenovo) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2009.06.29 11:51:04 | 000,047,656 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV - [2011.03.17 10:25:32 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.11.05 13:08:59 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.02 18:20:00 | 000,075,112 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2010.03.01 09:29:12 | 000,259,432 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2010.03.01 09:29:10 | 000,124,264 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2010.02.10 13:40:56 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2009.11.17 10:44:54 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\DeviceHelper\DeviceManager.exe -- (DeviceManager)
SRV - [2009.09.21 14:24:40 | 001,420,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2009.09.21 14:00:44 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2009.08.31 08:43:46 | 000,241,664 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Join Air\AssistantServices.exe -- (UI Assistant Service)
SRV - [2009.08.28 12:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2009.08.07 03:29:36 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
SRV - [2009.08.04 19:36:56 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2009.08.04 19:36:46 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2009.08.04 19:33:46 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - [2009.08.04 19:33:34 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)
SRV - [2009.08.04 19:32:42 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009.07.15 01:18:02 | 000,062,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2009.07.03 09:47:10 | 000,045,424 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2009.07.01 16:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.06.10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.04.20 16:20:30 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2007.01.04 17:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.02.18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010.11.22 22:26:51 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010.08.12 04:07:46 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010.06.11 06:55:12 | 000,040,512 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2010.03.23 12:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.03.02 18:20:00 | 000,013,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2010.03.02 11:35:02 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2010.02.08 06:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009.11.25 07:37:12 | 000,299,568 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.09.15 10:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2009.08.27 13:18:30 | 000,118,016 | ---- | M] (TCT International Mobile Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qcusbser.sys -- (qcusbser)
DRV:64bit: - [2009.08.18 12:04:56 | 000,030,760 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2009.08.13 05:53:50 | 007,370,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.08.07 03:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.07.14 01:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 01:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 01:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.13 23:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009.07.13 23:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.07.09 21:45:12 | 000,139,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:64bit: - [2009.07.01 03:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009.07.01 03:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009.07.01 03:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.06.29 11:51:02 | 000,133,672 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2009.06.29 11:51:00 | 000,023,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2009.06.10 21:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 21:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 21:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 20:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 20:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009.06.10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.22 13:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.05.18 11:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.05.18 05:23:42 | 000,143,320 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2009.04.22 14:35:04 | 000,012,800 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2009.04.09 12:38:26 | 000,116,864 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009.04.07 06:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009.02.02 16:14:20 | 000,150,784 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2009.02.02 16:14:20 | 000,150,656 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2009.02.02 16:14:20 | 000,150,656 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2008.11.16 16:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2008.05.12 09:04:26 | 000,015,400 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV - [2010.12.09 22:52:42 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Programme\PC-Doctor\pcdsrvc_x64.pkms -- (PCDSRVC{127174DC-C366ED8B-06020101}_0)
DRV - [2010.11.13 11:30:10 | 000,006,860 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWow64\NULL -- (Null)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {5B52016C-D097-4aec-BE61-9F129D8FDDBA}:2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 9666
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.03.08 09:05:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.08 09:05:18 | 000,000,000 | ---D | M]
 
[2010.08.18 10:31:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011.03.21 16:11:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\9v03o173.default\extensions
[2010.09.17 13:50:51 | 000,000,000 | ---D | M] ("UltraSurf Firefox Tool") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\9v03o173.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}
[2010.12.26 20:39:37 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\9v03o173.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.03.11 11:20:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.02.13 22:54:42 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.08.18 10:45:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.14 07:42:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.03.11 11:20:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.07.23 00:48:56 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.07.23 00:48:56 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.07.23 00:48:56 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.07.23 00:48:56 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.07.23 00:48:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LENOVO.TPFNF6R] C:\Programme\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ModemListener] C:\Program Files (x86)\HSPA USB MODEM\ModemListener.exe ()
O4 - HKLM..\Run: [PWMTRV] File not found
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe (Sonic Solutions)
O4 - HKCU..\Run: [A9YA3MI1CF] File not found
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.06.10 16:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{223c735b-168e-11e0-8261-c80aa9af880e}\Shell - "" = AutoRun
O33 - MountPoints2\{223c735b-168e-11e0-8261-c80aa9af880e}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{223c735f-168e-11e0-8261-c80aa9af880e}\Shell - "" = AutoRun
O33 - MountPoints2\{223c735f-168e-11e0-8261-c80aa9af880e}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{6dcc5a76-15b9-11e0-9ffe-c80aa9af880e}\Shell - "" = AutoRun
O33 - MountPoints2\{6dcc5a76-15b9-11e0-9ffe-c80aa9af880e}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{6dcc5a79-15b9-11e0-9ffe-c80aa9af880e}\Shell - "" = AutoRun
O33 - MountPoints2\{6dcc5a79-15b9-11e0-9ffe-c80aa9af880e}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{7e6af318-2e08-11e0-a4f8-c80aa9af880e}\Shell - "" = AutoRun
O33 - MountPoints2\{7e6af318-2e08-11e0-a4f8-c80aa9af880e}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{84707787-15ab-11e0-a4dc-c80aa9af880e}\Shell - "" = AutoRun
O33 - MountPoints2\{84707787-15ab-11e0-a4dc-c80aa9af880e}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{aa7e03f0-7521-11df-92cf-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{aa7e03f0-7521-11df-92cf-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009.08.10 21:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O33 - MountPoints2\{cbfeb730-12be-11e0-b338-c80aa9af880e}\Shell - "" = AutoRun
O33 - MountPoints2\{cbfeb730-12be-11e0-b338-c80aa9af880e}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{cbfeb737-12be-11e0-b338-c80aa9af880e}\Shell - "" = AutoRun
O33 - MountPoints2\{cbfeb737-12be-11e0-b338-c80aa9af880e}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk - - File not found
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^vpngui.exe.lnk - C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe - ()
MsConfig:64bit - StartUpReg: AcWin7Hlpr - hkey= - key= - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe ()
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: CanonMyPrinter - hkey= - key= - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: Message Center Plus - hkey= - key= - C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe ()
MsConfig:64bit - StartUpReg: MobileConnect - hkey= - key= - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: UIExec - hkey= - key= - C:\Program Files (x86)\Join Air\UIExec.exe ()
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.03.22 15:21:13 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.03.22 15:20:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011.03.22 15:20:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011.03.22 15:12:40 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\***\Desktop\Erunt-setup.exe
[2011.03.22 15:12:40 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.03.22 15:12:40 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\TFC.exe
[2011.03.21 16:18:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Mindjet
[2011.03.21 16:17:16 | 000,006,656 | ---- | C] (Tracker Software) -- C:\Windows\SysNative\pxc35pm.dll
[2011.03.21 16:17:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange 3
[2011.03.21 16:16:57 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Eigene Maps
[2011.03.21 16:16:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mindjet MindManager 9
[2011.03.21 16:16:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Mindjet
[2011.03.21 16:16:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mindjet
[2011.03.21 16:14:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{6936B99C-2538-4542-95DA-67066DD6D440}
[2011.03.21 16:11:10 | 000,000,000 | ---D | C] -- C:\Users\***\.freemind
[2011.03.21 16:10:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeMind
[2011.03.21 16:10:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeMind
[2011.03.15 20:21:40 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Fotos Sana
[2011.03.11 11:20:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011.03.11 09:58:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.03.11 09:58:21 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2011.03.11 09:58:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011.03.11 09:58:21 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2011.03.09 11:21:00 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\bilder
[2011.03.04 09:07:56 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2011.03.04 09:07:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011.02.24 10:38:01 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan
[2011.02.24 10:38:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Canon
[2011.02.23 08:47:29 | 000,000,000 | ---D | C] -- C:\ProgramData\PC-Doctor for Windows
[2011.02.22 15:16:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Update
[2011.02.22 15:00:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJSolutionMenu
[2011.02.22 14:53:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP250 series Benutzerregistrierung
[2011.02.22 14:50:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP250 series
[2011.02.22 14:45:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEGV
[2011.02.21 22:07:16 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\CANON
[2011.02.21 22:04:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP250 series Manual
[2 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.03.22 15:23:58 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.03.22 15:23:58 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.03.22 15:23:03 | 000,000,308 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011.03.22 15:20:21 | 000,001,115 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011.03.22 15:20:16 | 000,000,935 | ---- | M] () -- C:\Users\***\Desktop\NTREGOPT.lnk
[2011.03.22 15:20:16 | 000,000,916 | ---- | M] () -- C:\Users\***\Desktop\ERUNT.lnk
[2011.03.22 15:17:10 | 000,000,262 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2011.03.22 15:16:22 | 000,000,316 | -HS- | M] () -- C:\Windows\tasks\sdqxeht.job
[2011.03.22 15:16:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.03.22 15:16:04 | 1504,333,824 | -HS- | M] () -- C:\hiberfil.sys
[2011.03.22 15:12:59 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\***\Desktop\Erunt-setup.exe
[2011.03.22 15:12:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.03.22 15:12:45 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\TFC.exe
[2011.03.22 15:09:53 | 000,742,874 | ---- | M] () -- C:\Users\***\Desktop\Load.exe
[2011.03.22 14:45:12 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2011.03.22 14:03:35 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011.03.21 16:24:16 | 000,139,776 | RHS- | M] () -- C:\Windows\SysWow64\msdtd.dll
[2011.03.21 16:16:38 | 000,002,886 | ---- | M] () -- C:\Users\Public\Desktop\Mindjet MindManager 9.lnk
[2011.03.21 16:10:56 | 000,001,896 | ---- | M] () -- C:\Users\***\Desktop\FreeMind.lnk
[2011.03.21 16:10:37 | 010,900,992 | ---- | M] () -- C:\Users\***\Desktop\FreeMind-Windows-Installer-0.8.1-max_De.exe
[2011.03.21 12:21:45 | 001,507,170 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.03.21 12:21:45 | 000,657,676 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.03.21 12:21:45 | 000,618,912 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.03.21 12:21:45 | 000,131,016 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.03.21 12:21:45 | 000,107,232 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.03.20 19:39:06 | 001,461,001 | ---- | M] () -- C:\Users\***\Desktop\http___www.giga-hamburg.de_dl_download.php_d=_content_imes_menastabilisierung_pdf_faath_studieKontrolle_2008_volltext.pdf
[2011.03.17 12:31:35 | 001,866,773 | ---- | M] () -- C:\Users\***\Desktop\***.pdf
[2011.03.13 11:40:23 | 000,005,701 | ---- | M] () -- C:\Users\***\Desktop\Anleitung.html
[2011.03.11 19:11:41 | 000,001,732 | ---- | M] () -- C:\tvtpktfilter.dat
[2011.03.11 09:58:48 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.03.08 11:24:39 | 000,358,521 | ---- | M] () -- C:\Users\***Desktop\***.pdf
[2011.03.03 15:18:20 | 000,381,711 | ---- | M] () -- C:\Users\***\Desktop\***l.pdf
[2011.03.03 12:52:01 | 000,021,765 | ---- | M] () -- C:\Users\***\Desktop\***.pdf
[2011.03.03 12:50:40 | 000,020,391 | ---- | M] () -- C:\Users\***\Desktop\daily star.pdf
[2011.03.03 12:16:17 | 000,171,116 | ---- | M] () -- C:\Users\***Desktop\Albrecht 2006 Autocrats and islamists (2).pdf
[2011.03.03 12:04:18 | 000,020,103 | ---- | M] () -- C:\Users\A***\Desktop\TAZ-Artikel.pdf
[2011.03.03 11:15:58 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011.02.23 16:36:33 | 000,034,534 | ---- | M] () -- C:\Users\***\Desktop\20110406_HOFFMANN_Florenz.pdf
[2011.02.21 15:06:08 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.03.22 15:20:21 | 000,001,115 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011.03.22 15:20:16 | 000,000,935 | ---- | C] () -- C:\Users\***\Desktop\NTREGOPT.lnk
[2011.03.22 15:20:16 | 000,000,916 | ---- | C] () -- C:\Users\***\Desktop\ERUNT.lnk
[2011.03.22 15:10:54 | 000,742,874 | ---- | C] () -- C:\Users\***\Desktop\Load.exe
[2011.03.22 14:45:10 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2011.03.21 16:24:32 | 000,000,308 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011.03.21 16:24:24 | 000,000,262 | -H-- | C] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2011.03.21 16:24:17 | 000,000,316 | -HS- | C] () -- C:\Windows\tasks\sdqxeht.job
[2011.03.21 16:24:16 | 000,139,776 | RHS- | C] () -- C:\Windows\SysWow64\msdtd.dll
[2011.03.21 16:16:38 | 000,002,886 | ---- | C] () -- C:\Users\Public\Desktop\Mindjet MindManager 9.lnk
[2011.03.21 16:10:56 | 000,001,896 | ---- | C] () -- C:\Users\***\Desktop\FreeMind.lnk
[2011.03.21 16:09:30 | 010,900,992 | ---- | C] () -- C:\Users\***\Desktop\FreeMind-Windows-Installer-0.8.1-max_De.exe
[2011.03.20 19:39:06 | 001,461,001 | ---- | C] () -- C:\Users***\Desktop\http___www.giga-hamburg.de_dl_download.php_d=_content_imes_menastabilisierung_pdf_faath_studieKontrolle_2008_volltext.pdf
[2011.03.17 12:31:34 | 001,866,773 | ---- | C] () -- C:\Users\***\Desktop\Contrat_Bouziane_Hoffmann.pdf
[2011.03.13 11:41:14 | 000,005,701 | ---- | C] () -- C:\Users\***\Desktop\Anleitung.html
[2011.03.11 19:11:41 | 000,001,732 | ---- | C] () -- C:\tvtpktfilter.dat
[2011.03.11 09:58:48 | 000,001,794 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.03.08 11:24:39 | 000,358,521 | ---- | C] () -- C:\Users\***\Desktop\Reiseunterlagen Kunde Hoffmann.pdf
[2011.03.03 15:18:20 | 000,381,711 | ---- | C] () -- C:\Users***\Desktop\*** Artikel.pdf
[2011.03.03 12:52:01 | 000,021,765 | ---- | C] () -- C:\Users\***\Desktop\wasington post morocco protest.pdf
[2011.03.03 12:50:40 | 000,020,391 | ---- | C] () -- C:\Users\***\Desktop\daily star.pdf
[2011.03.03 12:16:17 | 000,171,116 | ---- | C] () -- C:\Users\***\Desktop\Albrecht 2006 Autocrats and islamists (2).pdf
[2011.03.03 12:04:18 | 000,020,103 | ---- | C] () -- C:\Users\***\Desktop\TAZ-Artikel.pdf
[2011.02.23 16:36:33 | 000,034,534 | ---- | C] () -- C:\Users\***\Desktop\20110406_HOFFMANN_Florenz.pdf
[2011.02.23 08:47:35 | 000,000,528 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011.02.23 08:47:35 | 000,000,382 | ---- | C] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011.02.22 14:45:58 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\CNC173AD.TBL
[2011.02.22 14:45:58 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\CNC173AD.TBL
[2011.02.21 15:06:08 | 000,002,025 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.08.29 18:09:16 | 000,017,408 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db
[2010.08.18 10:38:14 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.06.11 07:16:04 | 001,647,884 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.09.10 07:34:15 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009.09.10 07:34:13 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009.09.10 07:34:13 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009.09.10 07:34:12 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009.07.14 05:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 02:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 02:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 00:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 21:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009.04.09 12:44:42 | 000,108,066 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
 
========== LOP Check ==========
 
[2011.02.24 10:38:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2010.11.20 13:45:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Cornelsen
[2010.12.12 19:53:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EndNote
[2010.11.12 07:55:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InterVideo
[2010.11.13 11:30:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\T-Online
[2011.02.23 08:47:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Update
[2010.12.30 14:30:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vodafone
[2011.03.03 11:15:58 | 000,000,528 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011.01.01 15:12:09 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.03.22 15:16:22 | 000,000,316 | -HS- | M] () -- C:\Windows\Tasks\sdqxeht.job
[2011.03.22 14:03:35 | 000,000,382 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
[2011.03.22 15:23:03 | 000,000,308 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011.03.22 15:17:10 | 000,000,262 | -H-- | M] () -- C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010.11.12 07:50:48 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2009.07.24 17:28:56 | 000,000,000 | -HSD | M] -- C:\Boot
[2009.07.14 05:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.08.18 09:49:45 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.06.11 06:32:58 | 000,000,000 | ---D | M] -- C:\Intel
[2010.06.11 15:59:34 | 000,000,000 | ---D | M] -- C:\mfg
[2010.08.18 13:45:15 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 03:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.03.11 09:58:21 | 000,000,000 | R--D | M] -- C:\Programme
[2011.03.22 15:20:16 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2011.03.21 16:16:26 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.08.18 09:49:45 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.08.18 09:50:38 | 000,000,000 | RHSD | M] -- C:\RRbackups
[2011.03.11 19:24:35 | 000,000,000 | ---D | M] -- C:\swshare
[2010.08.18 10:24:22 | 000,000,000 | ---D | M] -- C:\SWTOOLS
[2011.03.21 17:21:42 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.03.21 16:11:42 | 000,000,000 | R--D | M] -- C:\Users
[2011.03.22 15:21:13 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE >
[2010.06.11 16:15:11 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2009.07.14 01:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2010.06.11 16:18:06 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2010.06.11 16:18:06 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2010.06.11 16:15:11 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2010.06.11 16:16:19 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2010.06.11 16:18:06 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2010.06.11 16:18:06 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010.06.11 16:16:19 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.06.11 16:18:06 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010.06.11 16:16:19 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 01:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010.06.11 16:18:06 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010.06.11 16:15:11 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2010.06.11 16:16:19 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2010.06.11 16:15:11 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe
 
< MD5 for: USERINIT.EXE >
[2009.07.14 01:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 01:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 01:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 01:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
 
< MD5 for: WININIT.EXE >
[2009.07.14 01:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 01:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 01:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 01:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE >
[2009.07.14 01:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010.06.11 16:17:52 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=9ED521C0B287D4A396E1456B3D1556C9 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16440_none_cbde32e1ee86914c\winlogon.exe
[2010.06.11 16:18:06 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010.06.11 16:18:06 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2010.06.11 16:18:06 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
[2010.06.11 16:17:52 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=FEFF314FF78051201309E47D90554BE8 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20548_none_cc6fd1fd079cfbce\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
< End of report >
         
--- --- ---

Und der Extras:OTL EXTRAS Logfile:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 22.03.2011 15:22:13 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 47,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 153,68 Gb Total Space | 74,72 Gb Free Space | 48,62% Space Free | Partition Type: NTFS
Drive Q: | 9,77 Gb Total Space | 2,25 Gb Free Space | 23,04% Space Free | Partition Type: NTFS
 
Computer Name: ***| User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" File not found
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series" = Canon MP250 series MP Drivers
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series" = Canon MP550 series MP Drivers
"{26A24AE4-039D-4CA4-87B4-2F86416016FF}" = Java(TM) 6 Update 16 (64-bit)
"{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9545E9DB-6F4C-4404-BF25-E221BE8B44C5}" = iTunes
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel(R) PROSet/Wireless WiFi-Software
"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F68310EC-B615-4044-B7D7-1A6349758D42}" = Microsoft SQL Server VSS Writer
"{F90F5A11-53E6-4045-ACB1-BC03D71FB06C}" = Microsoft SQL Server Native Client
"0D12EED917642F81501AB8731CEFC39641FB12CF" = Windows-Treiberpaket - Realtek Semiconductor Corp. HD Audio Driver (07/10/2009 6.0.1.5892)
"112AA64E0C8CC704E307FE914F7DEC1C0035598E" = Windows-Treiberpaket - Lenovo 1.55 (08/18/2009 1.55)
"1AE98C75AE2DD1284F66876FA76F46BFDF6B9D31" = Windows-Treiberpaket - Intel hdc  (06/04/2009 7.0.0.1013)
"E7B58217635B8F723D4744A328A4B3237DB35FA9" = Windows-Treiberpaket - Intel System  (06/04/2009 1.0.0.0002)
"EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"LENOVO.SMIIF" = Lenovo System Interface Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"OnScreenDisplay" = Anzeige am Bildschirm
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"PDF-XChange 3_is1" = PDF-XChange 3
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"W7DevOR" =  Registry Patch to arrange icons in Device and Printers folder of Windows 7
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{1F8DA253-3C27-4B01-A63A-BA3533120833}" = Microsoft Research AutoCollage Touch 2009
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 24
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Small Business Edition
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{651CA61C-6803-4E74-8CA6-9DA721F1D24E}" = iDumpPod2iTunes
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6A77FE0A-6A36-44F0-A503-A4BC49EFD6BC}" = OLYMPUS DSS Player-Lite
"{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86B3F2D6-AC2B-4E88-8AE1-F2F77F781B0C}" = EndNote X3
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_PROPLUS_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUS_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{986AB50A-A527-4F6D-8E8B-87FC3F0C2DBA}" = Mobile Broadband
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Join Air
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.2 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B383F243-0ABC-4E56-AA30-923B8D85076E}" = Rescue and Recovery
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C64A877E-DF8D-4017-AA82-000A77C6D809}" = Verizon Wireless Mobile Broadband Self Activation
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Energie-Manager
"{DB44F479-789A-4D76-A31E-663C5658F576}" = Mindjet MindManager 9
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E3B99F3D-9856-482A-9048-305E28E2510C}" = Vodafone Mobile Connect Lite
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E8A54984-9776-4283-ACE2-782BA850A1C0}" = Roxio Creator Small Business Edition
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AudibleDownloadManager" = Audible Download Manager
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Canon MP250 series Benutzerregistrierung" = Canon MP250 series Benutzerregistrierung
"Canon MP550 series Benutzerregistrierung" = Canon MP550 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"DivX Setup.divx.com" = DivX-Setup
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ERUNT_is1" = ERUNT 1.1j
"HSPA USB MODEM ALCATEL_is1" = HSPA USB MODEM
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"Lenovo Welcome_is1" = Lenovo Welcome
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"Netzmanager" = Netzmanager
"PROPLUS" = Microsoft Office Professional Plus 2007
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"WinLiveSuite_Wave3" = Windows Live Essentials
"Zattoo4" = Zattoo4 4.0.5
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 11.03.2011 06:42:27 | Computer Name = ***| Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 11.03.2011 07:08:18 | Computer Name = *** | Source = VMCService | ID = 0
Description = GetProcessOwner
 
Error - 11.03.2011 07:13:51 | Computer Name = *** | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 11.03.2011 07:25:59 | Computer Name = ***| Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 11.03.2011 07:28:10 | Computer Name = ***| Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 11.03.2011 07:41:51 | Computer Name = *** | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 11.03.2011 08:44:28 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 11.03.2011 08:44:30 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1060
 
Error - 11.03.2011 08:44:30 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1060
 
Error - 11.03.2011 11:34:48 | Computer Name =*** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
[ OSession Events ]
Error - 04.10.2010 11:26:50 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 347
 seconds with 180 seconds of active time.  This session ended with a crash.
 
Error - 19.10.2010 17:56:36 | Computer Name =*** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 776
 seconds with 360 seconds of active time.  This session ended with a crash.
 
Error - 13.02.2011 14:53:01 | Computer Name =*** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 286
 seconds with 120 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 09.03.2011 13:57:31 | Computer Name = *** | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst lmhosts erreicht.
 
Error - 09.03.2011 13:58:40 | Computer Name =*** | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Netzmanager Service erreicht.
 
Error - 09.03.2011 19:42:52 | Computer Name = *** | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
Error - 10.03.2011 18:39:08 | Computer Name = *** | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst lmhosts erreicht.
 
Error - 11.03.2011 06:48:15 | Computer Name = ***| Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse 
des Computers,  der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
 -n an  der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
 
Error - 11.03.2011 06:57:18 | Computer Name = *** | Source = bowser | ID = 8003
Description = 
 
Error - 11.03.2011 07:28:34 | Computer Name = *** | Source = bowser | ID = 8003
Description = 
 
Error - 11.03.2011 07:41:15 | Computer Name = ***| Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Presentation Foundation-Schriftartcache 3.0.0.0 erreicht.
 
Error - 11.03.2011 07:41:15 | Computer Name =***| Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0"
 wurde aufgrund folgenden Fehlers nicht gestartet:   %%1053
 
Error - 11.03.2011 07:41:45 | Computer Name = ***| Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Netzmanager Infrastruktur Informationssystem Dienst erreicht.
 
 
< End of report >
         
--- --- ---

--- --- ---

Geändert von LolaLo (22.03.2011 um 15:42 Uhr) Grund: Log-Files wurden hinzugefügt

Alt 22.03.2011, 19:25   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Internet Explorer startet ohne Grund automatisch - Standard

Internet Explorer startet ohne Grund automatisch



Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________

__________________

Alt 23.03.2011, 01:15   #3
LolaLo
 
Internet Explorer startet ohne Grund automatisch - Standard

Internet Explorer startet ohne Grund automatisch



Es gibt zwar keine weiteren Logs, aber ich habe soeben ein erstes erstellt. Der scan hat 9! Funde gehabt und viel. war das Löschen dieser ja bereits der Weg zum Erfolg?
Übermütig Danke ich bereits:


Und hier der Scan:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6137

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

23.03.2011 01:11:45
mbam-log-2011-03-23 (01-11-45).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 166550
Laufzeit: 4 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
c:\Windows\Kbinya.exe (Trojan.Downloader) -> 3524 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\A9YA3MI1CF (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VXEG3ZNNE5 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\A9YA3MI1CF (Trojan.FakeAlert) -> Value: A9YA3MI1CF -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Windows\Kbinya.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{35dc3473-a719-4d14-b7c1-fd326ca84a0c}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
__________________

Alt 23.03.2011, 09:03   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Internet Explorer startet ohne Grund automatisch - Standard

Internet Explorer startet ohne Grund automatisch



Zitat:
Art des Suchlaufs: Quick-Scan
Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 23.03.2011, 10:27   #5
LolaLo
 
Internet Explorer startet ohne Grund automatisch - Standard

Internet Explorer startet ohne Grund automatisch



Hier der Log vom vollständigen Scan (den ich nach der manuellen Aktuatlisierung durchgeführt habe)

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6140

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

23.03.2011 10:26:02
mbam-log-2011-03-23 (10-26-02).txt

Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|Q:\|)
Durchsuchte Objekte: 286746
Laufzeit: 46 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


Alt 23.03.2011, 11:24   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Internet Explorer startet ohne Grund automatisch - Standard

Internet Explorer startet ohne Grund automatisch



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.06.10 16:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{223c735b-168e-11e0-8261-c80aa9af880e}\Shell - "" = AutoRun
O33 - MountPoints2\{223c735b-168e-11e0-8261-c80aa9af880e}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{223c735f-168e-11e0-8261-c80aa9af880e}\Shell - "" = AutoRun
O33 - MountPoints2\{223c735f-168e-11e0-8261-c80aa9af880e}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{6dcc5a76-15b9-11e0-9ffe-c80aa9af880e}\Shell - "" = AutoRun
O33 - MountPoints2\{6dcc5a76-15b9-11e0-9ffe-c80aa9af880e}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{6dcc5a79-15b9-11e0-9ffe-c80aa9af880e}\Shell - "" = AutoRun
O33 - MountPoints2\{6dcc5a79-15b9-11e0-9ffe-c80aa9af880e}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{7e6af318-2e08-11e0-a4f8-c80aa9af880e}\Shell - "" = AutoRun
O33 - MountPoints2\{7e6af318-2e08-11e0-a4f8-c80aa9af880e}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{84707787-15ab-11e0-a4dc-c80aa9af880e}\Shell - "" = AutoRun
O33 - MountPoints2\{84707787-15ab-11e0-a4dc-c80aa9af880e}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{aa7e03f0-7521-11df-92cf-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{aa7e03f0-7521-11df-92cf-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009.08.10 21:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O33 - MountPoints2\{cbfeb730-12be-11e0-b338-c80aa9af880e}\Shell - "" = AutoRun
O33 - MountPoints2\{cbfeb730-12be-11e0-b338-c80aa9af880e}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{cbfeb737-12be-11e0-b338-c80aa9af880e}\Shell - "" = AutoRun
O33 - MountPoints2\{cbfeb737-12be-11e0-b338-c80aa9af880e}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [PWMTRV] File not found
O4 - HKCU..\Run: [A9YA3MI1CF] File not found
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 9666
FF - prefs.js..network.proxy.type: 0
:Files
C:\Windows\Tasks\*.job
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________
--> Internet Explorer startet ohne Grund automatisch

Alt 23.03.2011, 11:53   #7
LolaLo
 
Internet Explorer startet ohne Grund automatisch - Standard

Internet Explorer startet ohne Grund automatisch



Cool, schonmal vielen Dank. Klappt alles
Hier das Ergebnis:

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Q:\AUTORUN.INF moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{223c735b-168e-11e0-8261-c80aa9af880e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{223c735b-168e-11e0-8261-c80aa9af880e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{223c735b-168e-11e0-8261-c80aa9af880e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{223c735b-168e-11e0-8261-c80aa9af880e}\ not found.
File E:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{223c735f-168e-11e0-8261-c80aa9af880e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{223c735f-168e-11e0-8261-c80aa9af880e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{223c735f-168e-11e0-8261-c80aa9af880e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{223c735f-168e-11e0-8261-c80aa9af880e}\ not found.
File E:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6dcc5a76-15b9-11e0-9ffe-c80aa9af880e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6dcc5a76-15b9-11e0-9ffe-c80aa9af880e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6dcc5a76-15b9-11e0-9ffe-c80aa9af880e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6dcc5a76-15b9-11e0-9ffe-c80aa9af880e}\ not found.
File E:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6dcc5a79-15b9-11e0-9ffe-c80aa9af880e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6dcc5a79-15b9-11e0-9ffe-c80aa9af880e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6dcc5a79-15b9-11e0-9ffe-c80aa9af880e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6dcc5a79-15b9-11e0-9ffe-c80aa9af880e}\ not found.
File E:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7e6af318-2e08-11e0-a4f8-c80aa9af880e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e6af318-2e08-11e0-a4f8-c80aa9af880e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7e6af318-2e08-11e0-a4f8-c80aa9af880e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e6af318-2e08-11e0-a4f8-c80aa9af880e}\ not found.
File E:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{84707787-15ab-11e0-a4dc-c80aa9af880e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84707787-15ab-11e0-a4dc-c80aa9af880e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{84707787-15ab-11e0-a4dc-c80aa9af880e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84707787-15ab-11e0-a4dc-c80aa9af880e}\ not found.
File E:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa7e03f0-7521-11df-92cf-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa7e03f0-7521-11df-92cf-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa7e03f0-7521-11df-92cf-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa7e03f0-7521-11df-92cf-806e6f6e6963}\ not found.
Q:\LenovoQDrive.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cbfeb730-12be-11e0-b338-c80aa9af880e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cbfeb730-12be-11e0-b338-c80aa9af880e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cbfeb730-12be-11e0-b338-c80aa9af880e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cbfeb730-12be-11e0-b338-c80aa9af880e}\ not found.
File E:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cbfeb737-12be-11e0-b338-c80aa9af880e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cbfeb737-12be-11e0-b338-c80aa9af880e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cbfeb737-12be-11e0-b338-c80aa9af880e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cbfeb737-12be-11e0-b338-c80aa9af880e}\ not found.
File F:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PWMTRV deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\A9YA3MI1CF not found.
Prefs.js: "localhost" removed from network.proxy.http
Prefs.js: 9666 removed from network.proxy.http_port
Prefs.js: "localhost" removed from network.proxy.socks
Prefs.js: 9050 removed from network.proxy.socks_port
Prefs.js: true removed from network.proxy.socks_remote_dns
Prefs.js: "localhost" removed from network.proxy.ssl
Prefs.js: 9666 removed from network.proxy.ssl_port
Prefs.js: 0 removed from network.proxy.type
========== FILES ==========
C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job moved successfully.
C:\Windows\Tasks\sdqxeht.job moved successfully.
C:\Windows\Tasks\SystemToolsDailyTest.job moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: ***
->Temp folder emptied: 3890902 bytes
->Temporary Internet Files folder emptied: 929668 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 93222843 bytes
->Flash cache emptied: 1691 bytes

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8204 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 66818 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 94,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 03232011_114720

Files\Folders moved on Reboot...
C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Alt 23.03.2011, 12:34   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Internet Explorer startet ohne Grund automatisch - Standard

Internet Explorer startet ohne Grund automatisch



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 23.03.2011, 13:32   #9
LolaLo
 
Internet Explorer startet ohne Grund automatisch - Standard

Internet Explorer startet ohne Grund automatisch



Und hier der Log:

Combofix Logfile:
Code:
ATTFilter
ComboFix 11-03-22.09 - *** 23.03.2011  12:56:28.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.1913.1027 [GMT 0:00]
ausgeführt von:: c:\users\***\Desktop\cofi.exe.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\swtools\APPS\CSBED\CSBE\ACTIVATION_104\_desktop.ini
c:\swtools\APPS\CSBED\CSBE\ACTIVATION_104\BIN\_desktop.ini
c:\windows\system32\jusched.exe
c:\windows\system32\Thumbs.db
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-02-23 bis 2011-03-23  ))))))))))))))))))))))))))))))
.
.
2011-03-23 13:06 . 2011-03-23 13:06	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-03-23 12:46 . 2011-03-23 12:46	--------	d-----w-	c:\program files\CCleaner
2011-03-23 11:47 . 2011-03-23 11:47	--------	d-----w-	C:\_OTL
2011-03-23 01:05 . 2011-03-23 01:05	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2011-03-23 01:04 . 2010-12-20 18:09	38224	----a-w-	c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-23 01:04 . 2011-03-23 01:04	--------	d-----w-	c:\programdata\Malwarebytes
2011-03-23 01:04 . 2011-03-23 01:04	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2011-03-23 01:04 . 2010-12-20 18:08	24152	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-03-22 15:20 . 2011-03-22 15:20	--------	d-----w-	c:\program files (x86)\ERUNT
2011-03-22 14:45 . 2011-03-22 14:45	2560	----a-w-	c:\windows\_MSRSTRT.EXE
2011-03-21 16:24 . 2011-03-21 16:24	139776	--sha-r-	c:\windows\SysWow64\msdtd.dll
2011-03-21 16:18 . 2011-03-21 16:18	--------	d-----w-	c:\users\***\AppData\Local\Mindjet
2011-03-21 16:17 . 2006-01-30 08:32	6656	----a-w-	c:\windows\system32\pxc35pm.dll
2011-03-21 16:16 . 2011-03-21 16:16	--------	d-----w-	c:\programdata\Mindjet
2011-03-21 16:16 . 2011-03-21 16:16	--------	d-----w-	c:\program files (x86)\Mindjet
2011-03-21 16:14 . 2011-03-21 16:14	--------	d-----w-	c:\users\***\AppData\Local\{6936B99C-2538-4542-95DA-67066DD6D440}
2011-03-21 16:11 . 2011-03-21 16:11	--------	d-----w-	c:\users\AppData
2011-03-21 16:11 . 2011-03-21 16:15	--------	d-----w-	c:\users\***\.freemind
2011-03-21 16:10 . 2011-03-21 16:10	--------	d-----w-	c:\program files (x86)\FreeMind
2011-03-18 10:30 . 2011-02-11 07:30	7947600	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{E20EC697-347B-4A84-9B3E-506139F6044A}\mpengine.dll
2011-03-12 12:28 . 2011-03-12 12:28	103864	----a-w-	c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-03-12 12:28 . 2011-03-12 12:28	103864	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-03-11 11:20 . 2011-03-11 11:20	--------	d-----w-	c:\program files (x86)\Common Files\Java
2011-03-11 09:58 . 2011-03-11 09:58	--------	d-----w-	c:\program files\iTunes
2011-03-11 09:58 . 2011-03-11 09:58	--------	d-----w-	c:\program files (x86)\iTunes
2011-03-11 09:58 . 2011-03-11 09:58	--------	d-----w-	c:\program files\iPod
2011-03-04 09:07 . 2011-03-04 09:07	--------	d-----w-	c:\program files\Bonjour
2011-03-04 09:07 . 2011-03-04 09:07	--------	d-----w-	c:\program files (x86)\Bonjour
2011-02-24 10:38 . 2011-02-24 10:38	--------	d--h--w-	c:\programdata\CanonIJScan
2011-02-24 10:38 . 2011-02-24 10:38	--------	d-----w-	c:\users\***\AppData\Roaming\Canon
2011-02-23 18:10 . 2010-09-14 06:45	367104	----a-w-	c:\windows\system32\wcncsvc.dll
2011-02-23 18:10 . 2010-09-14 06:07	276992	----a-w-	c:\windows\SysWow64\wcncsvc.dll
2011-02-23 11:35 . 2011-01-07 08:07	662528	----a-w-	c:\windows\system32\XpsPrint.dll
2011-02-23 11:35 . 2011-01-07 07:31	442880	----a-w-	c:\windows\SysWow64\XpsPrint.dll
2011-02-23 11:35 . 2011-01-07 08:07	475648	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2011-02-23 11:35 . 2011-01-07 07:31	288256	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2011-02-23 08:47 . 2011-02-23 08:47	--------	d-----w-	c:\programdata\PC-Doctor for Windows
2011-02-22 15:16 . 2011-02-23 08:47	--------	d-----w-	c:\users\***\AppData\Roaming\Update
2011-02-22 15:00 . 2011-02-22 15:00	--------	d--h--w-	c:\programdata\CanonIJSolutionMenu
2011-02-22 14:55 . 2010-04-24 05:00	336896	----a-w-	c:\windows\system32\CNMLM9W.DLL
2011-02-22 14:54 . 2009-04-03 16:01	1321984	----a-w-	c:\windows\system32\CNC250C.dll
2011-02-22 14:54 . 2009-04-03 16:00	92672	----a-w-	c:\windows\system32\CNC250I.dll
2011-02-22 14:54 . 2009-04-03 15:57	106496	----a-w-	c:\windows\SysWow64\CNC250U.dll
2011-02-22 14:54 . 2009-03-11 11:36	328192	----a-w-	c:\windows\system32\CNC250L.dll
2011-02-22 14:54 . 2009-03-11 11:34	303104	----a-w-	c:\windows\SysWow64\CNC250L.dll
2011-02-22 14:45 . 2011-02-22 14:45	--------	d--h--w-	c:\programdata\CanonIJEGV
2011-02-21 22:07 . 2011-02-21 22:07	--------	d-----w-	c:\program files\Common Files\CANON
2011-02-21 22:04 . 2010-04-24 05:00	83968	----a-w-	c:\windows\system32\Spool\prtprocs\x64\CNMPP9W.DLL
2011-02-21 22:04 . 2010-04-24 05:00	28672	----a-w-	c:\windows\system32\Spool\prtprocs\x64\CNMPD9W.DLL
2011-02-21 22:03 . 2009-03-18 08:10	244736	----a-w-	c:\windows\system32\CNMIU9W.DLL
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-18 16:36 . 2011-02-18 16:36	51712	----a-w-	c:\windows\system32\drivers\usbaapl64.sys
2011-02-18 16:36 . 2011-02-18 16:36	4184352	----a-w-	c:\windows\system32\usbaaplrc.dll
2011-02-02 21:40 . 2010-08-18 10:45	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2011-02-02 17:11 . 2010-08-18 10:06	270720	------w-	c:\windows\system32\MpSigStub.exe
2011-01-26 06:53 . 2011-02-09 09:14	982912	------w-	c:\windows\system32\drivers\dxgkrnl.sys
2011-01-26 06:53 . 2011-02-09 09:14	265088	------w-	c:\windows\system32\drivers\dxgmms1.sys
2011-01-26 06:31 . 2011-02-09 09:14	144384	------w-	c:\windows\system32\cdd.dll
2011-01-07 08:06 . 2011-02-09 09:14	46080	------w-	c:\windows\system32\atmlib.dll
2011-01-07 07:27 . 2011-02-09 09:14	34304	------w-	c:\windows\SysWow64\atmlib.dll
2011-01-07 05:49 . 2011-02-09 09:14	366080	------w-	c:\windows\system32\atmfd.dll
2011-01-07 05:33 . 2011-02-09 09:14	294400	------w-	c:\windows\SysWow64\atmfd.dll
2011-01-05 06:20 . 2011-02-09 09:14	612352	------w-	c:\windows\system32\vbscript.dll
2011-01-05 05:37 . 2011-02-09 09:14	428032	------w-	c:\windows\SysWow64\vbscript.dll
2011-01-05 04:00 . 2011-02-09 09:14	3127808	------w-	c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2009-08-04 244208]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-05 281768]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"ModemListener"="c:\program files (x86)\HSPA USB MODEM\ModemListener.exe" [2010-05-28 98304]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"UIExec"="c:\program files (x86)\Join Air\UIExec.exe" [2009-08-31 132608]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
vpngui.exe.lnk - c:\windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe [2010-12-21 5120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DeviceManager;DeviceManager;c:\program files (x86)\Common Files\DeviceHelper\DeviceManager.exe [2009-11-17 40960]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-04 362992]
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2009-08-04 309744]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2009-08-04 166384]
R2 UI Assistant Service;UI Assistant Service;c:\program files (x86)\Join Air\AssistantServices.exe [2009-08-31 241664]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 PCDSRVC{127174DC-C366ED8B-06020101}_0;PCDSRVC{127174DC-C366ED8B-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc_x64.pkms [2010-12-09 25072]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2010-03-02 75112]
R3 qcusbser;Modem Interface USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\qcusbser.sys [x]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-04 313840]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-08-04 1124848]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-11-05 135336]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2009-07-03 45424]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2009-07-15 62320]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-04-20 9216]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\cofi.exe\CF44.cfxxe" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-10 7968800]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"TpShocks"="TpShocks.exe" [2009-07-08 380704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-08 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-08 365592]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2009-10-13 36864]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = local;*.local
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\9v03o173.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: UltraSurf Firefox Tool: {5B52016C-D097-4aec-BE61-9F129D8FDDBA} - %profile%\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-MobileConnect - %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{127174DC-C366ED8B-06020101}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc_x64.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\SysWOW64\rundll32.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlk.exe
c:\program files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlkd.exe
c:\program files (x86)\Lenovo\Access Connections\AcSvc.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Lenovo\System Update\SUService.exe
c:\program files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-03-23  13:29:01 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-03-23 13:28
.
Vor Suchlauf: 11 Verzeichnis(se), 89.764.958.208 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 89.447.964.672 Bytes frei
.
- - End Of File - - 9C8889C0EAE93384615C6487556222D9
         
--- --- ---

Alt 23.03.2011, 13:48   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Internet Explorer startet ohne Grund automatisch - Standard

Internet Explorer startet ohne Grund automatisch



Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
ATTFilter
Folder::
c:\users\***\AppData\Local\{6936B99C-2538-4542-95DA-67066DD6D440}

Driver::
SrvHsfHDA
SrvHsfV92
PxHlpa64
TPDIGIMN

File::
c:\windows\system32\DRIVERS\VSTAZL6.SYS
c:\windows\system32\DRIVERS\VSTDPV6.SYS
c:\windows\System32\Drivers\PxHlpa64.sys
c:\windows\System32\DRIVERS\ApsHM64.sys
         
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.



6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 23.03.2011, 14:38   #11
LolaLo
 
Internet Explorer startet ohne Grund automatisch - Standard

Internet Explorer startet ohne Grund automatisch



Combofix Logfile:
Code:
ATTFilter
ComboFix 11-03-22.09 - *** 23.03.2011  14:00:23.2.2 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.1913.1016 [GMT 0:00]
ausgeführt von:: c:\users\***\Desktop\cofi.exe.exe
Benutzte Befehlsschalter :: c:\users\***\Desktop\CFScript.txt
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
FILE ::
"c:\windows\System32\DRIVERS\ApsHM64.sys"
"c:\windows\System32\Drivers\PxHlpa64.sys"
"c:\windows\system32\DRIVERS\VSTAZL6.SYS"
"c:\windows\system32\DRIVERS\VSTDPV6.SYS"
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\cofi.exe
c:\cofi.exe\CF44.cfxxe
c:\users\***\AppData\Local\{6936B99C-2538-4542-95DA-67066DD6D440}
c:\users\***\AppData\Local\{6936B99C-2538-4542-95DA-67066DD6D440}\Mindjet MindManager 9.msi
c:\windows\System32\DRIVERS\ApsHM64.sys
c:\windows\System32\Drivers\PxHlpa64.sys
c:\windows\system32\DRIVERS\VSTAZL6.SYS
c:\windows\system32\DRIVERS\VSTDPV6.SYS
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_PxHlpa64
-------\Service_SrvHsfHDA
-------\Service_SrvHsfV92
-------\Service_TPDIGIMN
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-02-23 bis 2011-03-23  ))))))))))))))))))))))))))))))
.
.
2011-03-23 14:26 . 2011-03-23 14:26	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-03-23 12:46 . 2011-03-23 12:46	--------	d-----w-	c:\program files\CCleaner
2011-03-23 11:47 . 2011-03-23 11:47	--------	d-----w-	C:\_OTL
2011-03-23 01:05 . 2011-03-23 01:05	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2011-03-23 01:04 . 2010-12-20 18:09	38224	----a-w-	c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-23 01:04 . 2011-03-23 01:04	--------	d-----w-	c:\programdata\Malwarebytes
2011-03-23 01:04 . 2011-03-23 01:04	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2011-03-23 01:04 . 2010-12-20 18:08	24152	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-03-22 15:20 . 2011-03-22 15:20	--------	d-----w-	c:\program files (x86)\ERUNT
2011-03-22 14:45 . 2011-03-22 14:45	2560	----a-w-	c:\windows\_MSRSTRT.EXE
2011-03-21 16:24 . 2011-03-21 16:24	139776	--sha-r-	c:\windows\SysWow64\msdtd.dll
2011-03-21 16:18 . 2011-03-21 16:18	--------	d-----w-	c:\users\***AppData\Local\Mindjet
2011-03-21 16:17 . 2006-01-30 08:32	6656	----a-w-	c:\windows\system32\pxc35pm.dll
2011-03-21 16:16 . 2011-03-21 16:16	--------	d-----w-	c:\programdata\Mindjet
2011-03-21 16:16 . 2011-03-21 16:16	--------	d-----w-	c:\program files (x86)\Mindjet
2011-03-21 16:11 . 2011-03-23 13:29	--------	d-----w-	c:\users\AppData
2011-03-21 16:11 . 2011-03-21 16:15	--------	d-----w-	c:\users\***\.freemind
2011-03-21 16:10 . 2011-03-21 16:10	--------	d-----w-	c:\program files (x86)\FreeMind
2011-03-18 10:30 . 2011-02-11 07:30	7947600	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{E20EC697-347B-4A84-9B3E-506139F6044A}\mpengine.dll
2011-03-12 12:28 . 2011-03-12 12:28	103864	----a-w-	c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-03-12 12:28 . 2011-03-12 12:28	103864	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-03-11 11:20 . 2011-03-11 11:20	--------	d-----w-	c:\program files (x86)\Common Files\Java
2011-03-11 09:58 . 2011-03-11 09:58	--------	d-----w-	c:\program files\iTunes
2011-03-11 09:58 . 2011-03-11 09:58	--------	d-----w-	c:\program files (x86)\iTunes
2011-03-11 09:58 . 2011-03-11 09:58	--------	d-----w-	c:\program files\iPod
2011-03-04 09:07 . 2011-03-04 09:07	--------	d-----w-	c:\program files\Bonjour
2011-03-04 09:07 . 2011-03-04 09:07	--------	d-----w-	c:\program files (x86)\Bonjour
2011-02-24 10:38 . 2011-02-24 10:38	--------	d--h--w-	c:\programdata\CanonIJScan
2011-02-24 10:38 . 2011-02-24 10:38	--------	d-----w-	c:\users\***\AppData\Roaming\Canon
2011-02-23 18:10 . 2010-09-14 06:45	367104	----a-w-	c:\windows\system32\wcncsvc.dll
2011-02-23 18:10 . 2010-09-14 06:07	276992	----a-w-	c:\windows\SysWow64\wcncsvc.dll
2011-02-23 11:35 . 2011-01-07 08:07	662528	----a-w-	c:\windows\system32\XpsPrint.dll
2011-02-23 11:35 . 2011-01-07 07:31	442880	----a-w-	c:\windows\SysWow64\XpsPrint.dll
2011-02-23 11:35 . 2011-01-07 08:07	475648	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2011-02-23 11:35 . 2011-01-07 07:31	288256	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2011-02-23 08:47 . 2011-02-23 08:47	--------	d-----w-	c:\programdata\PC-Doctor for Windows
2011-02-22 15:16 . 2011-02-23 08:47	--------	d-----w-	c:\users\***\AppData\Roaming\Update
2011-02-22 15:00 . 2011-02-22 15:00	--------	d--h--w-	c:\programdata\CanonIJSolutionMenu
2011-02-22 14:55 . 2010-04-24 05:00	336896	----a-w-	c:\windows\system32\CNMLM9W.DLL
2011-02-22 14:54 . 2009-04-03 16:01	1321984	----a-w-	c:\windows\system32\CNC250C.dll
2011-02-22 14:54 . 2009-04-03 16:00	92672	----a-w-	c:\windows\system32\CNC250I.dll
2011-02-22 14:54 . 2009-04-03 15:57	106496	----a-w-	c:\windows\SysWow64\CNC250U.dll
2011-02-22 14:54 . 2009-03-11 11:36	328192	----a-w-	c:\windows\system32\CNC250L.dll
2011-02-22 14:54 . 2009-03-11 11:34	303104	----a-w-	c:\windows\SysWow64\CNC250L.dll
2011-02-22 14:45 . 2011-02-22 14:45	--------	d--h--w-	c:\programdata\CanonIJEGV
2011-02-21 22:07 . 2011-02-21 22:07	--------	d-----w-	c:\program files\Common Files\CANON
2011-02-21 22:04 . 2010-04-24 05:00	83968	----a-w-	c:\windows\system32\Spool\prtprocs\x64\CNMPP9W.DLL
2011-02-21 22:04 . 2010-04-24 05:00	28672	----a-w-	c:\windows\system32\Spool\prtprocs\x64\CNMPD9W.DLL
2011-02-21 22:03 . 2009-03-18 08:10	244736	----a-w-	c:\windows\system32\CNMIU9W.DLL
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-18 16:36 . 2011-02-18 16:36	51712	----a-w-	c:\windows\system32\drivers\usbaapl64.sys
2011-02-18 16:36 . 2011-02-18 16:36	4184352	----a-w-	c:\windows\system32\usbaaplrc.dll
2011-02-02 21:40 . 2010-08-18 10:45	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2011-02-02 17:11 . 2010-08-18 10:06	270720	------w-	c:\windows\system32\MpSigStub.exe
2011-01-26 06:53 . 2011-02-09 09:14	982912	------w-	c:\windows\system32\drivers\dxgkrnl.sys
2011-01-26 06:53 . 2011-02-09 09:14	265088	------w-	c:\windows\system32\drivers\dxgmms1.sys
2011-01-26 06:31 . 2011-02-09 09:14	144384	------w-	c:\windows\system32\cdd.dll
2011-01-07 08:06 . 2011-02-09 09:14	46080	------w-	c:\windows\system32\atmlib.dll
2011-01-07 07:27 . 2011-02-09 09:14	34304	------w-	c:\windows\SysWow64\atmlib.dll
2011-01-07 05:49 . 2011-02-09 09:14	366080	------w-	c:\windows\system32\atmfd.dll
2011-01-07 05:33 . 2011-02-09 09:14	294400	------w-	c:\windows\SysWow64\atmfd.dll
2011-01-05 06:20 . 2011-02-09 09:14	612352	------w-	c:\windows\system32\vbscript.dll
2011-01-05 05:37 . 2011-02-09 09:14	428032	------w-	c:\windows\SysWow64\vbscript.dll
2011-01-05 04:00 . 2011-02-09 09:14	3127808	------w-	c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((   SnapShot@2011-03-23_13.10.34   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-03-23 14:27	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-03-23 13:09	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-03-23 13:09	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-03-23 14:27	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-03-23 13:09	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-03-23 14:27	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:10 . 2011-03-23 13:11	46822              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-08-19 06:41 . 2011-03-23 13:11	12176              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1896027625-230428059-964453913-1004_UserData.bin
+ 2010-08-18 11:19 . 2011-03-23 13:11	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-18 11:19 . 2011-03-23 11:51	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-18 11:19 . 2011-03-23 13:11	32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-08-18 11:19 . 2011-03-23 11:51	32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-08-18 11:19 . 2011-03-23 13:11	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-08-18 11:19 . 2011-03-23 11:51	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-08-18 11:19 . 2011-03-23 13:07	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-18 11:19 . 2011-03-23 14:12	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-18 11:19 . 2011-03-23 13:07	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-18 11:19 . 2011-03-23 14:12	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-03-23 14:27 . 2011-03-23 14:27	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-03-23 13:09 . 2011-03-23 13:09	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-03-23 14:27 . 2011-03-23 14:27	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-03-23 13:09 . 2011-03-23 13:09	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-03-18 12:10 . 2011-03-23 14:26	603856              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 05:01 . 2011-03-23 13:08	422592              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-03-23 14:26	422592              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 02:34 . 2011-03-23 12:02	10223616              c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2011-03-23 13:19	10223616              c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2009-08-04 244208]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"ModemListener"="c:\program files (x86)\HSPA USB MODEM\ModemListener.exe" [2010-05-28 98304]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"UIExec"="c:\program files (x86)\Join Air\UIExec.exe" [2009-08-31 132608]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
vpngui.exe.lnk - c:\windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe [2010-12-21 5120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-04 362992]
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2009-08-04 309744]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2009-08-04 166384]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 PCDSRVC{127174DC-C366ED8B-06020101}_0;PCDSRVC{127174DC-C366ED8B-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc_x64.pkms [2010-12-09 25072]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2010-03-02 75112]
R3 qcusbser;Modem Interface USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\qcusbser.sys [x]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-04 313840]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-08-04 1124848]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-11-05 135336]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 DeviceManager;DeviceManager;c:\program files (x86)\Common Files\DeviceHelper\DeviceManager.exe [2009-11-17 40960]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2009-07-03 45424]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2009-07-15 62320]
S2 UI Assistant Service;UI Assistant Service;c:\program files (x86)\Join Air\AssistantServices.exe [2009-08-31 241664]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-04-20 9216]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\cofi.exe32094c\CF12385.cfxxe" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-10 7968800]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"TpShocks"="TpShocks.exe" [2009-07-08 380704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-08 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-08 365592]
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe" [BU]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2009-10-13 36864]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = local;*.local
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\9v03o173.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: UltraSurf Firefox Tool: {5B52016C-D097-4aec-BE61-9F129D8FDDBA} - %profile%\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{127174DC-C366ED8B-06020101}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc_x64.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\SysWOW64\rundll32.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlk.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlkd.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Lenovo\System Update\SUService.exe
c:\program files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-03-23  14:33:14 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-03-23 14:33
ComboFix2.txt  2011-03-23 13:29
.
Vor Suchlauf: 16 Verzeichnis(se), 89.493.651.456 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 89.532.542.976 Bytes frei
.
- - End Of File - - 3D80295C049DEF0E6736A7C03ACF32A4
         
--- --- ---

Alt 23.03.2011, 15:18   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Internet Explorer startet ohne Grund automatisch - Standard

Internet Explorer startet ohne Grund automatisch



Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 23.03.2011, 15:31   #13
LolaLo
 
Internet Explorer startet ohne Grund automatisch - Standard

Internet Explorer startet ohne Grund automatisch



et voilà:

2011/03/23 15:28:55.0908 2800 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/23 15:28:57.0921 2800 ================================================================================
2011/03/23 15:28:57.0921 2800 SystemInfo:
2011/03/23 15:28:57.0921 2800
2011/03/23 15:28:57.0921 2800 OS Version: 6.1.7600 ServicePack: 0.0
2011/03/23 15:28:57.0921 2800 Product type: Workstation
2011/03/23 15:28:57.0921 2800 ComputerName: ***
2011/03/23 15:28:57.0921 2800 UserName: ***
2011/03/23 15:28:57.0921 2800 Windows directory: C:\Windows
2011/03/23 15:28:57.0921 2800 System windows directory: C:\Windows
2011/03/23 15:28:57.0921 2800 Running under WOW64
2011/03/23 15:28:57.0921 2800 Processor architecture: Intel x64
2011/03/23 15:28:57.0921 2800 Number of processors: 2
2011/03/23 15:28:57.0921 2800 Page size: 0x1000
2011/03/23 15:28:57.0921 2800 Boot type: Normal boot
2011/03/23 15:28:57.0921 2800 ================================================================================
2011/03/23 15:28:58.0732 2800 Initialize success
2011/03/23 15:29:03.0303 0536 ================================================================================
2011/03/23 15:29:03.0303 0536 Scan started
2011/03/23 15:29:03.0303 0536 Mode: Manual;
2011/03/23 15:29:03.0303 0536 ================================================================================
2011/03/23 15:29:04.0239 0536 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/03/23 15:29:04.0426 0536 ACPI (794ff35015209b9d44f1360c42c9776d) C:\Windows\system32\DRIVERS\ACPI.sys
2011/03/23 15:29:04.0629 0536 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/03/23 15:29:04.0925 0536 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/03/23 15:29:05.0143 0536 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/03/23 15:29:05.0331 0536 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/03/23 15:29:05.0518 0536 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/03/23 15:29:05.0674 0536 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/03/23 15:29:05.0861 0536 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/03/23 15:29:06.0001 0536 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/03/23 15:29:06.0251 0536 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/03/23 15:29:06.0547 0536 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/03/23 15:29:06.0719 0536 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/03/23 15:29:06.0891 0536 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/03/23 15:29:07.0062 0536 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/03/23 15:29:07.0265 0536 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/03/23 15:29:07.0577 0536 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/03/23 15:29:07.0827 0536 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/03/23 15:29:08.0170 0536 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/03/23 15:29:08.0357 0536 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/03/23 15:29:08.0575 0536 avgntflt (39c2e2870fc0c2ae0595b883cbe716b4) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/03/23 15:29:08.0763 0536 avipbb (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys
2011/03/23 15:29:09.0090 0536 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/03/23 15:29:09.0340 0536 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/03/23 15:29:09.0527 0536 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/03/23 15:29:09.0979 0536 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/03/23 15:29:10.0260 0536 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/03/23 15:29:10.0416 0536 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/03/23 15:29:10.0572 0536 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/03/23 15:29:10.0775 0536 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/03/23 15:29:10.0993 0536 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/03/23 15:29:11.0196 0536 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/03/23 15:29:11.0461 0536 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/03/23 15:29:11.0664 0536 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/03/23 15:29:11.0867 0536 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/03/23 15:29:12.0039 0536 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
2011/03/23 15:29:12.0210 0536 BTHPORT (a51fa9d0e85d5adabef72e67f386309c) C:\Windows\system32\Drivers\BTHport.sys
2011/03/23 15:29:12.0397 0536 BTHUSB (f740b9a16b2c06700f2130e19986bf3b) C:\Windows\system32\Drivers\BTHUSB.sys
2011/03/23 15:29:12.0538 0536 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys
2011/03/23 15:29:12.0772 0536 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\DRIVERS\btwavdt.sys
2011/03/23 15:29:12.0990 0536 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
2011/03/23 15:29:13.0177 0536 btwrchid (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/03/23 15:29:13.0349 0536 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/03/23 15:29:13.0567 0536 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/03/23 15:29:13.0786 0536 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/03/23 15:29:13.0942 0536 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/03/23 15:29:14.0160 0536 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/03/23 15:29:14.0332 0536 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/03/23 15:29:14.0550 0536 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/03/23 15:29:14.0769 0536 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/03/23 15:29:14.0956 0536 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/03/23 15:29:15.0283 0536 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/03/23 15:29:15.0471 0536 CVirtA (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys
2011/03/23 15:29:15.0658 0536 CVPNDRVA (cc8e52daa9826064ba464dbe531f2bb5) C:\Windows\system32\Drivers\CVPNDRVA.sys
2011/03/23 15:29:15.0876 0536 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/03/23 15:29:16.0095 0536 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/03/23 15:29:16.0266 0536 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/03/23 15:29:16.0500 0536 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys
2011/03/23 15:29:16.0719 0536 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/03/23 15:29:16.0968 0536 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/03/23 15:29:17.0327 0536 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/03/23 15:29:17.0717 0536 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/03/23 15:29:17.0920 0536 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/03/23 15:29:18.0091 0536 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/03/23 15:29:18.0154 0536 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/03/23 15:29:18.0232 0536 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/03/23 15:29:18.0294 0536 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/03/23 15:29:18.0325 0536 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/03/23 15:29:18.0388 0536 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/03/23 15:29:18.0419 0536 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/03/23 15:29:18.0466 0536 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/03/23 15:29:18.0497 0536 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/03/23 15:29:18.0575 0536 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/03/23 15:29:18.0653 0536 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/03/23 15:29:18.0747 0536 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/03/23 15:29:18.0825 0536 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/03/23 15:29:18.0918 0536 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/03/23 15:29:18.0996 0536 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/03/23 15:29:19.0043 0536 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/03/23 15:29:19.0090 0536 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/03/23 15:29:19.0121 0536 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/03/23 15:29:19.0215 0536 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/03/23 15:29:19.0261 0536 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/03/23 15:29:19.0308 0536 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/03/23 15:29:19.0402 0536 hwdatacard (4b5c07db91a0099272faae732e1152bd) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2011/03/23 15:29:19.0464 0536 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/03/23 15:29:19.0527 0536 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/03/23 15:29:19.0620 0536 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\Windows\system32\DRIVERS\iaStor.sys
2011/03/23 15:29:19.0807 0536 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/03/23 15:29:19.0885 0536 IBMPMDRV (b8e7ca64fff8b71636dea3a845cc23e5) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
2011/03/23 15:29:20.0151 0536 igfx (37a65e3d89f6bbf5719ff9585f99eb7d) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/03/23 15:29:20.0587 0536 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/03/23 15:29:20.0884 0536 IntcAzAudAddService (3111a658416dc464ba1e48e3b2169952) C:\Windows\system32\drivers\RTKVHD64.sys
2011/03/23 15:29:21.0196 0536 IntcHdmiAddService (88a20fa54c73ded4e8dac764e9130ae9) C:\Windows\system32\drivers\IntcHdmi.sys
2011/03/23 15:29:21.0305 0536 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/03/23 15:29:21.0399 0536 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/03/23 15:29:21.0430 0536 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/03/23 15:29:21.0477 0536 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/03/23 15:29:21.0555 0536 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/03/23 15:29:21.0633 0536 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/03/23 15:29:21.0664 0536 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/03/23 15:29:21.0726 0536 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/03/23 15:29:21.0835 0536 JMCR (80a1de467adf200390134d63e359937a) C:\Windows\system32\DRIVERS\jmcr.sys
2011/03/23 15:29:21.0882 0536 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/03/23 15:29:21.0960 0536 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/03/23 15:29:22.0023 0536 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/03/23 15:29:22.0069 0536 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/03/23 15:29:22.0132 0536 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/03/23 15:29:22.0225 0536 lenovo.smi (5acff5823634bc2c4ebf559c3b33e18e) C:\Windows\system32\DRIVERS\smiifx64.sys
2011/03/23 15:29:22.0288 0536 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/03/23 15:29:22.0381 0536 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/03/23 15:29:22.0428 0536 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/03/23 15:29:22.0459 0536 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/03/23 15:29:22.0506 0536 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/03/23 15:29:22.0569 0536 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/03/23 15:29:22.0647 0536 massfilter (faa4f845d478f4cedf95981aff859712) C:\Windows\system32\drivers\massfilter.sys
2011/03/23 15:29:22.0693 0536 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/03/23 15:29:22.0771 0536 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/03/23 15:29:22.0818 0536 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/03/23 15:29:22.0881 0536 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/03/23 15:29:22.0943 0536 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/03/23 15:29:23.0005 0536 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/03/23 15:29:23.0052 0536 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/03/23 15:29:23.0099 0536 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/03/23 15:29:23.0130 0536 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/03/23 15:29:23.0177 0536 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/03/23 15:29:23.0224 0536 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/03/23 15:29:23.0271 0536 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/03/23 15:29:23.0302 0536 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/03/23 15:29:23.0317 0536 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/03/23 15:29:23.0364 0536 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/03/23 15:29:23.0411 0536 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/03/23 15:29:23.0458 0536 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/03/23 15:29:23.0489 0536 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/03/23 15:29:23.0551 0536 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/03/23 15:29:23.0583 0536 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/03/23 15:29:23.0614 0536 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/03/23 15:29:23.0645 0536 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/03/23 15:29:23.0692 0536 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/03/23 15:29:23.0723 0536 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/03/23 15:29:23.0754 0536 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/03/23 15:29:23.0770 0536 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/03/23 15:29:23.0832 0536 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/03/23 15:29:23.0910 0536 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/03/23 15:29:23.0988 0536 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/03/23 15:29:24.0051 0536 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/03/23 15:29:24.0113 0536 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/03/23 15:29:24.0144 0536 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/03/23 15:29:24.0175 0536 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/03/23 15:29:24.0238 0536 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/03/23 15:29:24.0285 0536 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/03/23 15:29:24.0581 0536 NETw5s64 (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys
2011/03/23 15:29:25.0065 0536 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
2011/03/23 15:29:25.0392 0536 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/03/23 15:29:25.0486 0536 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/03/23 15:29:25.0533 0536 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/03/23 15:29:25.0595 0536 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/03/23 15:29:25.0689 0536 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/03/23 15:29:25.0720 0536 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/03/23 15:29:25.0751 0536 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/03/23 15:29:25.0798 0536 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/03/23 15:29:25.0829 0536 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/03/23 15:29:25.0876 0536 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/03/23 15:29:25.0907 0536 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/03/23 15:29:26.0157 0536 PCDSRVC{127174DC-C366ED8B-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\pc-doctor\pcdsrvc_x64.pkms
2011/03/23 15:29:26.0313 0536 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/03/23 15:29:26.0359 0536 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/03/23 15:29:26.0406 0536 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/03/23 15:29:26.0437 0536 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/03/23 15:29:26.0484 0536 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/03/23 15:29:26.0656 0536 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/03/23 15:29:26.0687 0536 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/03/23 15:29:26.0749 0536 psadd (515a7c5a0886fcc60901916785efd549) C:\Windows\system32\DRIVERS\psadd.sys
2011/03/23 15:29:26.0812 0536 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/03/23 15:29:26.0890 0536 qcusbser (559ae75cc39b3240ed860c405bdff6b2) C:\Windows\system32\DRIVERS\qcusbser.sys
2011/03/23 15:29:26.0968 0536 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/03/23 15:29:27.0046 0536 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/03/23 15:29:27.0093 0536 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/03/23 15:29:27.0124 0536 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/03/23 15:29:27.0186 0536 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/03/23 15:29:27.0233 0536 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/03/23 15:29:27.0264 0536 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/03/23 15:29:27.0327 0536 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/03/23 15:29:27.0373 0536 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/03/23 15:29:27.0420 0536 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/03/23 15:29:27.0451 0536 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/03/23 15:29:27.0498 0536 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/03/23 15:29:27.0545 0536 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/03/23 15:29:27.0576 0536 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/03/23 15:29:27.0639 0536 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/03/23 15:29:27.0732 0536 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/03/23 15:29:27.0826 0536 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/03/23 15:29:27.0919 0536 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/03/23 15:29:27.0966 0536 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/03/23 15:29:27.0997 0536 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/03/23 15:29:28.0060 0536 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
2011/03/23 15:29:28.0122 0536 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/03/23 15:29:28.0200 0536 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/03/23 15:29:28.0263 0536 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/03/23 15:29:28.0309 0536 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/03/23 15:29:28.0372 0536 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/03/23 15:29:28.0403 0536 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/03/23 15:29:28.0450 0536 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/03/23 15:29:28.0512 0536 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/03/23 15:29:28.0590 0536 Shockprf (5a5346931ce61ea85f8338f7a03131f7) C:\Windows\system32\DRIVERS\Apsx64.sys
2011/03/23 15:29:28.0668 0536 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/03/23 15:29:28.0699 0536 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/03/23 15:29:28.0746 0536 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/03/23 15:29:28.0840 0536 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/03/23 15:29:28.0918 0536 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2011/03/23 15:29:28.0949 0536 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2011/03/23 15:29:28.0996 0536 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
2011/03/23 15:29:29.0105 0536 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/03/23 15:29:29.0183 0536 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/03/23 15:29:29.0261 0536 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/03/23 15:29:29.0339 0536 SynTP (311012779af2704350adee3b4fe848ba) C:\Windows\system32\DRIVERS\SynTP.sys
2011/03/23 15:29:29.0479 0536 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/03/23 15:29:29.0604 0536 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/03/23 15:29:29.0745 0536 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/03/23 15:29:29.0885 0536 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/03/23 15:29:29.0963 0536 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/03/23 15:29:30.0025 0536 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/03/23 15:29:30.0057 0536 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/03/23 15:29:30.0135 0536 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
2011/03/23 15:29:30.0213 0536 TPPWRIF (2c067e01d6bbccc88b233b868e210907) C:\Windows\system32\drivers\Tppwr64v.sys
2011/03/23 15:29:30.0306 0536 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/03/23 15:29:30.0369 0536 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/03/23 15:29:30.0431 0536 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/03/23 15:29:30.0478 0536 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/03/23 15:29:30.0556 0536 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/03/23 15:29:30.0634 0536 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/03/23 15:29:30.0696 0536 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/03/23 15:29:30.0805 0536 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
2011/03/23 15:29:30.0837 0536 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/03/23 15:29:30.0868 0536 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/03/23 15:29:30.0899 0536 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/03/23 15:29:30.0993 0536 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/03/23 15:29:31.0024 0536 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/03/23 15:29:31.0086 0536 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/03/23 15:29:31.0133 0536 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/03/23 15:29:31.0180 0536 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/03/23 15:29:31.0211 0536 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/03/23 15:29:31.0273 0536 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
2011/03/23 15:29:31.0383 0536 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/03/23 15:29:31.0429 0536 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/03/23 15:29:31.0476 0536 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/03/23 15:29:31.0523 0536 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/03/23 15:29:31.0570 0536 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/03/23 15:29:31.0648 0536 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/03/23 15:29:31.0695 0536 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/03/23 15:29:31.0757 0536 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/03/23 15:29:31.0819 0536 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/03/23 15:29:31.0866 0536 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/03/23 15:29:31.0897 0536 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/03/23 15:29:31.0960 0536 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/03/23 15:29:32.0022 0536 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/23 15:29:32.0053 0536 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/23 15:29:32.0116 0536 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/03/23 15:29:32.0194 0536 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/03/23 15:29:32.0303 0536 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/03/23 15:29:32.0350 0536 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/03/23 15:29:32.0459 0536 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/03/23 15:29:32.0506 0536 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/03/23 15:29:32.0599 0536 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/03/23 15:29:32.0662 0536 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/03/23 15:29:32.0709 0536 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/03/23 15:29:32.0802 0536 ZTEusbmdm6k (31db70a61814e4f33181d48190d46845) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
2011/03/23 15:29:32.0880 0536 ZTEusbnmea (c9ada887bf326d8413e81fe80b1be7eb) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
2011/03/23 15:29:32.0911 0536 ZTEusbser6k (31db70a61814e4f33181d48190d46845) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
2011/03/23 15:29:33.0005 0536 ================================================================================
2011/03/23 15:29:33.0005 0536 Scan finished
2011/03/23 15:29:33.0005 0536 ================================================================================

Alt 23.03.2011, 15:41   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Internet Explorer startet ohne Grund automatisch - Standard

Internet Explorer startet ohne Grund automatisch



Bitte nun Logs mit GMER und mbrcheck erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg

Anleitung zu mbrcheck:
Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.03.2011, 00:59   #15
LolaLo
 
Internet Explorer startet ohne Grund automatisch - Standard

Internet Explorer startet ohne Grund automatisch



Ich habe meine Aufgaben erfüllt:
1)
GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-03-24 00:54:16
Windows 6.1.7600  
Running: oqrcr3vf.exe


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f3ad3f74a                      
Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\78dd08b68271                      
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f3ad3f74a (not active ControlSet)  
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\78dd08b68271 (not active ControlSet)  

---- EOF - GMER 1.0.15 ----
         
--- --- ---

2)
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: LENOVO
BIOS Manufacturer: LENOVO
System Manufacturer: LENOVO
System Product Name: 28477QG
Logical Drives Mask: 0x00010005

Kernel Drivers (total 187):
0x02E5E000 \SystemRoot\system32\ntoskrnl.exe
0x02E15000 \SystemRoot\system32\hal.dll
0x00BA2000 \SystemRoot\system32\kdcom.dll
0x00C74000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CB8000 \SystemRoot\system32\PSHED.dll
0x00CCC000 \SystemRoot\system32\CLFS.SYS
0x00D2A000 \SystemRoot\system32\CI.dll
0x00E7A000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F1E000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F2D000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F84000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F8D000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F97000 \SystemRoot\system32\DRIVERS\pci.sys
0x00FCA000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00FD7000 \SystemRoot\System32\drivers\partmgr.sys
0x00FEC000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00E00000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00E0C000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E21000 \SystemRoot\System32\drivers\mountmgr.sys
0x01065000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x01181000 \SystemRoot\system32\DRIVERS\atapi.sys
0x0118A000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x011B4000 \SystemRoot\system32\DRIVERS\msahci.sys
0x011BF000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x011CF000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01000000 \SystemRoot\system32\drivers\fltmgr.sys
0x0104C000 \SystemRoot\system32\drivers\fileinfo.sys
0x01231000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0144B000 \SystemRoot\System32\Drivers\msrpc.sys
0x014A9000 \SystemRoot\System32\Drivers\ksecdd.sys
0x014C3000 \SystemRoot\System32\Drivers\cng.sys
0x01536000 \SystemRoot\System32\drivers\pcw.sys
0x01547000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0163D000 \SystemRoot\system32\drivers\ndis.sys
0x0172F000 \SystemRoot\system32\drivers\NETIO.SYS
0x0178F000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01803000 \SystemRoot\System32\drivers\tcpip.sys
0x01551000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0159B000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x017BA000 \SystemRoot\System32\Drivers\spldr.sys
0x017C2000 \SystemRoot\System32\drivers\rdyboost.sys
0x01600000 \SystemRoot\System32\DRIVERS\Apsx64.sys
0x01625000 \SystemRoot\System32\Drivers\mup.sys
0x015E7000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01400000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x013D4000 \SystemRoot\system32\DRIVERS\disk.sys
0x01200000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x03B85000 \SystemRoot\System32\Drivers\Null.SYS
0x03B8E000 \SystemRoot\System32\Drivers\Beep.SYS
0x03B95000 \SystemRoot\System32\drivers\vga.sys
0x03BA3000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x03BC8000 \SystemRoot\System32\drivers\watchdog.sys
0x03BD8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x03BE1000 \SystemRoot\system32\drivers\rdpencdd.sys
0x03BEA000 \SystemRoot\system32\drivers\rdprefmp.sys
0x03BF3000 \SystemRoot\System32\Drivers\Msfs.SYS
0x03A00000 \SystemRoot\System32\Drivers\Npfs.SYS
0x03B5B000 \SystemRoot\system32\DRIVERS\tdx.sys
0x03A11000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03C13000 \SystemRoot\system32\drivers\afd.sys
0x03C9D000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03CE2000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03CEB000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03D11000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x03D27000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03D36000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03D51000 \SystemRoot\System32\drivers\Tppwr64v.sys
0x03D57000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03D6B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03DBC000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03DC8000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03DD3000 \SystemRoot\system32\DRIVERS\smiifx64.sys
0x03DDA000 \SystemRoot\System32\drivers\discache.sys
0x011DA000 \SystemRoot\System32\Drivers\dfsc.sys
0x03DE9000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x00E3B000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x02CC6000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04839000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x02CEC000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04F41000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04F87000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x04F94000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04FEA000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04800000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x02C00000 \SystemRoot\system32\DRIVERS\jmcr.sys
0x02C26000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x05601000 \SystemRoot\system32\DRIVERS\NETw5s64.sys
0x05CAE000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x05CBB000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x05CF4000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x05D12000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x05D21000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x05D70000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x05D72000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x05D81000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys
0x05D8C000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x05DA2000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x05DA7000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x05DB0000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x05DC0000 \SystemRoot\system32\DRIVERS\dne64x.sys
0x02C55000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x02C6B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x05DEC000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x02C8F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x02DE0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04020000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04041000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0405B000 \SystemRoot\system32\DRIVERS\psadd.sys
0x04069000 \SystemRoot\system32\DRIVERS\swenum.sys
0x0406B000 \SystemRoot\system32\DRIVERS\ks.sys
0x040AE000 \SystemRoot\system32\DRIVERS\umbus.sys
0x040C0000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0411A000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05E24000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x0412F000 \SystemRoot\system32\drivers\portcls.sys
0x05E00000 \SystemRoot\system32\drivers\drmk.sys
0x05FE2000 \SystemRoot\system32\drivers\ksthunk.sys
0x0416C000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x00060000 \SystemRoot\System32\win32k.sys
0x05FE8000 \SystemRoot\System32\drivers\Dxapi.sys
0x04193000 \SystemRoot\System32\Drivers\crashdmp.sys
0x03A1E000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x041A1000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x041B4000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x041D1000 \SystemRoot\System32\Drivers\usbvideo.sys
0x04000000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00460000 \SystemRoot\System32\TSDDD.dll
0x00650000 \SystemRoot\System32\cdd.dll
0x02413000 \SystemRoot\system32\drivers\luafv.sys
0x02436000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x02453000 \SystemRoot\system32\drivers\WudfPf.sys
0x02474000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02489000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x024DC000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x024EF000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x02507000 \SystemRoot\system32\drivers\HTTP.sys
0x025CF000 \SystemRoot\system32\DRIVERS\bowser.sys
0x0227A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x022A7000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x022F5000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x02318000 \SystemRoot\system32\drivers\peauth.sys
0x023BE000 \SystemRoot\System32\Drivers\secdrv.SYS
0x023C9000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x02200000 \SystemRoot\System32\drivers\tcpipreg.sys
0x02212000 \SystemRoot\System32\DRIVERS\srv2.sys
0x06833000 \SystemRoot\System32\DRIVERS\srv.sys
0x77AE0000 \Windows\System32\ntdll.dll
0x47930000 \Windows\System32\smss.exe
0xFFE00000 \Windows\System32\apisetschema.dll
0xFF950000 \Windows\System32\autochk.exe
0xFFD10000 \Windows\System32\advapi32.dll
0xFFBE0000 \Windows\System32\rpcrt4.dll
0xFFBC0000 \Windows\System32\sechost.dll
0xFFA40000 \Windows\System32\urlmon.dll
0xFFA10000 \Windows\System32\imm32.dll
0xFF930000 \Windows\System32\oleaut32.dll
0xFF820000 \Windows\System32\msctf.dll
0xFF7A0000 \Windows\System32\difxapi.dll
0x77CB0000 \Windows\System32\normaliz.dll
0xFF780000 \Windows\System32\imagehlp.dll
0xFF6E0000 \Windows\System32\msvcrt.dll
0xFF6D0000 \Windows\System32\nsi.dll
0xFF4C0000 \Windows\System32\ole32.dll
0xFF390000 \Windows\System32\wininet.dll
0xFF340000 \Windows\System32\Wldap32.dll
0xFF2A0000 \Windows\System32\clbcatq.dll
0x779E0000 \Windows\System32\user32.dll
0xFF220000 \Windows\System32\shlwapi.dll
0xFEFC0000 \Windows\System32\iertutil.dll
0x77CA0000 \Windows\System32\psapi.dll
0xFEEF0000 \Windows\System32\usp10.dll
0xFEE80000 \Windows\System32\gdi32.dll
0xFECA0000 \Windows\System32\setupapi.dll
0xFEC50000 \Windows\System32\ws2_32.dll
0xFEC40000 \Windows\System32\lpk.dll
0x778C0000 \Windows\System32\kernel32.dll
0xFEBA0000 \Windows\System32\comdlg32.dll
0xFDE10000 \Windows\System32\shell32.dll
0xFDD70000 \Windows\System32\comctl32.dll
0xFDD50000 \Windows\System32\devobj.dll
0xFDCE0000 \Windows\System32\KernelBase.dll
0xFDB70000 \Windows\System32\crypt32.dll
0xFDB30000 \Windows\System32\wintrust.dll
0xFDAF0000 \Windows\System32\cfgmgr32.dll
0xFDAE0000 \Windows\System32\msasn1.dll
0x77C90000 \Windows\SysWOW64\normaliz.dll

Processes (total 84):
0 System Idle Process
4 System
292 C:\Windows\System32\smss.exe
440 csrss.exe
496 C:\Windows\System32\wininit.exe
512 csrss.exe
544 C:\Windows\System32\services.exe
568 C:\Windows\System32\lsass.exe
576 C:\Windows\System32\lsm.exe
684 C:\Windows\System32\svchost.exe
752 C:\Windows\System32\winlogon.exe
808 C:\Windows\System32\ibmpmsvc.exe
864 C:\Windows\System32\svchost.exe
932 C:\Windows\System32\svchost.exe
968 C:\Windows\System32\svchost.exe
1012 C:\Windows\System32\svchost.exe
344 C:\Windows\System32\svchost.exe
492 C:\Windows\System32\svchost.exe
1108 C:\Windows\System32\wlanext.exe
1120 C:\Windows\System32\conhost.exe
1244 C:\Windows\System32\taskeng.exe
1272 C:\Windows\System32\spoolsv.exe
1316 C:\Windows\System32\rundll32.exe
1328 C:\Windows\SysWOW64\rundll32.exe
1336 C:\Windows\System32\svchost.exe
1424 C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
1592 C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
1600 C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
1664 C:\Program Files (x86)\Common Files\DeviceHelper\DeviceManager.exe
1724 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
1756 C:\Windows\System32\svchost.exe
1804 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
2044 C:\Program Files\Lenovo\HOTKEY\micmute.exe
1220 C:\Program Files\T-Online\NMInfraIS2\Netzmanager_Service.exe
1888 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
1940 C:\Windows\System32\svchost.exe
1996 C:\Program Files (x86)\Join Air\AssistantServices.exe
2124 C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
2276 unsecapp.exe
2348 WmiPrvSE.exe
2488 C:\Windows\System32\taskhost.exe
2528 C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
2588 C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
2616 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2912 C:\Windows\System32\svchost.exe
3024 C:\Windows\System32\rundll32.exe
1348 C:\Windows\System32\dwm.exe
3020 C:\Windows\explorer.exe
3068 C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
3084 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
3096 C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
3104 C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
3112 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
3124 C:\Windows\System32\TpShocks.exe
3140 C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
3180 C:\Windows\System32\hkcmd.exe
3188 C:\Program Files\Lenovo\ZOOM\TpScrex.exe
3196 C:\Windows\System32\igfxpers.exe
3268 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3276 C:\Windows\System32\igfxsrvc.exe
3364 C:\Program Files\Windows Sidebar\sidebar.exe
3444 C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
3596 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
3632 C:\Program Files (x86)\HSPA USB MODEM\ModemListener.exe
3716 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
3740 C:\Program Files (x86)\Join Air\UIExec.exe
3752 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
3868 C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
4032 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3464 C:\Windows\System32\SearchIndexer.exe
444 C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
3844 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
3360 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
3736 C:\Program Files (x86)\Lenovo\System Update\SUService.exe
3828 C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
4144 C:\Program Files\Windows Media Player\wmpnetwk.exe
3352 C:\Windows\System32\audiodg.exe
4532 C:\Windows\System32\SearchProtocolHost.exe
3136 C:\Windows\System32\SearchFilterHost.exe
4644 C:\Windows\explorer.exe
3064 dllhost.exe
4204 dllhost.exe
4164 C:\Users\***\Desktop\MBRCheck.exe
4716 C:\Windows\System32\conhost.exe

\\.\A: --> \\.\PhysicalDrive0 at offset 0x00000026`b6f00000 (NTFS)
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`4b100000 (NTFS)
\\.\Q: --> \\.\PhysicalDrive0 at offset 0x00000037`c7a00000 (NTFS)

PhysicalDrive0 Model Number: WDCWD2500BEVS-08VAT2, Rev: 14.01A14

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: DBC2C5592A9D5560E5F469B4B2D491CF63511C3E


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Antwort

Themen zu Internet Explorer startet ohne Grund automatisch
64-bit, adblock, alcatel, angst, automatisch, avgntflt.sys, c:\windows\system32\rundll32.exe, computer, explorer, gefunde, geschenkt, gestern, grund, heute, iastor.sys, install.exe, interne, internet, internet explorer, internetexplorer, ip-adresse, kaputt, kunde, lenovo, liebe, location, merkwürdig, microsoft office word, nicht mehr, nichts, office 2007, oldtimer, olympus, problem, programdata, saver, saving, searchplugins, security update, shell32.dll, shortcut, start menu, starte, startet, syswow64, tracker, troja, uiexec.exe, vodafone, webcheck, weiterhelfen, werbung, wirklich



Ähnliche Themen: Internet Explorer startet ohne Grund automatisch


  1. Internet Explorer startet/läuft im Hintergrund automatisch beim Hochfahren
    Plagegeister aller Art und deren Bekämpfung - 07.08.2014 (11)
  2. Internet Explorer startet automatisch, Malware?
    Plagegeister aller Art und deren Bekämpfung - 07.05.2014 (9)
  3. 2x Internet Explorer startet automatisch und lässt Laptop abstürzen
    Mülltonne - 18.11.2013 (4)
  4. XP startet ohne Grund von Neu
    Alles rund um Windows - 27.12.2011 (2)
  5. Internet Explorer startet automatisch werbung und lautstärke verstellt sich
    Log-Analyse und Auswertung - 20.07.2010 (5)
  6. Internet Explorer startet, ohne dass ich das will und ruft irgendwelche Seiten auf
    Log-Analyse und Auswertung - 21.06.2010 (1)
  7. mein Internet Explorer startet automatisch
    Plagegeister aller Art und deren Bekämpfung - 13.05.2010 (6)
  8. Internet Explorer startet automatisch nach Virenattacke
    Log-Analyse und Auswertung - 01.05.2010 (9)
  9. Internet Explorer startet automatisch mit Werbung
    Log-Analyse und Auswertung - 07.04.2010 (16)
  10. Internet Explorer startet automatisch
    Log-Analyse und Auswertung - 26.03.2010 (11)
  11. Internet Explorer startet ohne Aufforderung
    Log-Analyse und Auswertung - 20.10.2009 (14)
  12. Internet Explorer startet nach jedem Windows-Start automatisch.
    Plagegeister aller Art und deren Bekämpfung - 27.06.2008 (2)
  13. Internet Explorer startet beim Start von Firefox automatisch
    Log-Analyse und Auswertung - 02.10.2007 (2)
  14. Internet Explorer startet automatisch.
    Log-Analyse und Auswertung - 13.04.2007 (3)
  15. Mein Pc startet ohne Grund neu
    Plagegeister aller Art und deren Bekämpfung - 10.11.2006 (19)
  16. Internet explorer startet automatisch, brauche bitte Hilfe!
    Plagegeister aller Art und deren Bekämpfung - 14.06.2005 (18)
  17. Internet Explorer startet nicht mehr automatisch
    Plagegeister aller Art und deren Bekämpfung - 17.02.2004 (9)

Zum Thema Internet Explorer startet ohne Grund automatisch - Liebe Alle, seit heute verhält sich mein Computer merkwürdig: ohne ersichtlichen Grund startet der Internetexplorer automatisch mit Werbung als Startseite. Ca. alle Stunde. Ich verwende für gewöhnlichen Firefox. Gestern habe - Internet Explorer startet ohne Grund automatisch...
Archiv
Du betrachtest: Internet Explorer startet ohne Grund automatisch auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.