View Full Version : vundo.gen.y & other trojans, (resolved)
hermannworth
2009-02-10, 07:19
Hello,
I just caught a number of trojans, starting with vundo.gen.y Noticed the browser becoming very slow, java acting up and then the firewall shutting down. Disconnected network immediately and ran a scan using McAfee, showing that i had this vundo and a few others that it cannot remove.
I would appreciate your help greatly.
Thanks!
Here is the HJT log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:12:25, on 10.02.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\McAfee\Common Framework\FrameworkService.exe
C:\Programme\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Programme\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe
c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Programme\Lenovo\Rescue and Recovery\UpdateMonitor.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
c:\programme\lenovo\system update\suservice.exe
C:\Programme\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Programme\Apoint2K\Apoint.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
C:\Programme\Lenovo\Zoom\TpScrex.exe
C:\Programme\Apoint2K\ApMsgFwd.exe
C:\Programme\Apoint2K\Apntex.exe
C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
C:\Programme\Lenovo\AwayTask\AwaySch.EXE
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\PROGRA~1\THINKV~1\AMSG\amsg.exe
C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe
C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Programme\McAfee\Common Framework\UdaterUI.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
C:\Programme\McAfee\Common Framework\McTray.exe
C:\Programme\Lenovo\Client Security Solution\cssauth.exe
C:\Programme\FreePDF_XP\fpassist.exe
C:\Programme\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe
C:\Programme\Digital Line Detect\DLG.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Mozilla Thunderbird\thunderbird.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE
C:\Programme\Lenovo\Client Security Solution\password_manager.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TPFNF7] C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [SoundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~1\AMSG\amsg.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programme\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programme\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [cssauth] "C:\Programme\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Programme\Gemeinsame Dateien\logishrd\WUApp32.exe -v 0x046d -p 0x09a1 -f video -m logitech -d 11.70.1196.0 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Programme\Gemeinsame Dateien\logishrd\WUApp32.exe -v 0x046d -p 0x09a1 -f video -m logitech -d 11.70.1196.0 (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Programme\Digital Line Detect\DLG.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Mozilla Firefox.lnk = C:\Programme\Mozilla Firefox\firefox.exe
O4 - Global Startup: Mozilla Thunderbird.lnk = C:\Programme\Mozilla Thunderbird\thunderbird.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programme\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1219593051703
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programme\Canon\CAL\CALMAIN.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IPS-Basisservice (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\Bluetooth\LBTServ.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Programme\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Programme\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Programme\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\programme\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: TSS Core Service (TSSCoreService) - Lenovo - C:\Programme\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe
O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Programme\Lenovo\Rescue and Recovery\UpdateMonitor.exe
--
End of file - 14510 bytes
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.
If you think you have similar problems, please post a log in the HJT forum and wait for help.
Hello and welcome to the forums
My name is Katana and I will be helping you to remove any infection(s) that you may have.
Please observe these rules while we work:
Please Read All Instructions Carefully
If you don't understand something, stop and ask! Don't keep going on.
Please do not run any other tools or scans whilst I am helping you
Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)
If you can do those few things, everything should go smoothly http://www.countingcows.de/laechel.gif
Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------
I apologize for the delay in responding, but as you can probably see the forums are quite busy.
Unfortunately there are far more people needing help than there are helpers.
If you still require help please do the following
Download and Run RSIT
Please download Random's System Information Tool by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:
log.txt will be opened maximized.
info.txt will be opened minimized.
Please post the contents of both log.txt and info.txt.
hermannworth
2009-02-22, 22:56
Hello and thank you for your answer
I apologize for going off and running some tools which may have made this harder for you. I was going on a two week trip where I would not have internet access and somewhat panicked.
log.txt
Logfile of random's system information tool 1.05 (written by random/random)
Run by Hermann Orth at 2009-02-22 15:49:04
Microsoft Windows XP Professional Service Pack 3
System drive C: has 47 GB (43%) free of 109 GB
Total RAM: 2046 MB (56% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:49:07, on 22.02.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\McAfee\Common Framework\FrameworkService.exe
C:\Programme\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Programme\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe
c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Programme\Lenovo\Rescue and Recovery\UpdateMonitor.exe
c:\programme\lenovo\system update\suservice.exe
C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Programme\Canon\CAL\CALMAIN.exe
C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Programme\Apoint2K\Apoint.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Programme\Lenovo\Zoom\TpScrex.exe
C:\Programme\Apoint2K\ApMsgFwd.exe
C:\Programme\Apoint2K\Apntex.exe
C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
C:\Programme\Lenovo\AwayTask\AwaySch.EXE
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\PROGRA~1\THINKV~1\AMSG\amsg.exe
C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe
C:\Programme\McAfee\Common Framework\UdaterUI.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Programme\Lenovo\Client Security Solution\cssauth.exe
C:\Programme\FreePDF_XP\fpassist.exe
C:\Programme\McAfee\Common Framework\McTray.exe
C:\Programme\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe
C:\Programme\Digital Line Detect\DLG.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Mozilla Thunderbird\thunderbird.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE
C:\Programme\Lenovo\Client Security Solution\password_manager.exe
C:\Programme\Gemeinsame Dateien\Lenovo\Logger\logmon.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\Skype\Plugin Manager\skypePM.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\spider.exe
C:\Dokumente und Einstellungen\Hermann Orth\Eigene Dateien\Programme\RSIT.exe
C:\Programme\Trend Micro\HijackThis\Hermann Orth.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TPFNF7] C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [SoundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~1\AMSG\amsg.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programme\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programme\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [cssauth] "C:\Programme\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Programme\Gemeinsame Dateien\logishrd\WUApp32.exe -v 0x046d -p 0x09a1 -f video -m logitech -d 11.70.1196.0 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Programme\Gemeinsame Dateien\logishrd\WUApp32.exe -v 0x046d -p 0x09a1 -f video -m logitech -d 11.70.1196.0 (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Programme\ERUNT\AUTOBACK.EXE
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Programme\Digital Line Detect\DLG.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Mozilla Firefox.lnk = C:\Programme\Mozilla Firefox\firefox.exe
O4 - Global Startup: Mozilla Thunderbird.lnk = C:\Programme\Mozilla Thunderbird\thunderbird.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programme\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1219593051703
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programme\Canon\CAL\CALMAIN.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IPS-Basisservice (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\Bluetooth\LBTServ.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Programme\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Programme\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Programme\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\programme\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: TSS Core Service (TSSCoreService) - Lenovo - C:\Programme\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe
O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Programme\Lenovo\Rescue and Recovery\UpdateMonitor.exe
--
End of file - 14802 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Auf Updates für Windows Live Toolbar prüfen.job
C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
C:\WINDOWS\tasks\PMTask.job
C:\WINDOWS\tasks\rlejkhcz.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2006-02-01 110652]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Programme\Java\jre6\bin\ssv.dll [2009-01-22 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Programme\McAfee\VirusScan Enterprise\scriptcl.dll [2008-01-24 66880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Programme\Windows Live Toolbar\msntb.dll [2007-02-12 546672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}]
IePasswordManagerHelper Class - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [2008-06-13 808248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-01-22 34816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-22 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Programme\Windows Live Toolbar\msntb.dll [2007-02-12 546672]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PWRMGRTR"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL []
"BLOG"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL []
"TPFNF7"=C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe [2008-07-31 60192]
"TPHOTKEY"=C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe [2008-09-30 68976]
"Apoint"=C:\Programme\Apoint2K\Apoint.exe [2008-03-07 167936]
""= []
"TpShocks"=C:\WINDOWS\system32\TpShocks.exe [2008-06-06 181536]
"EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [2007-03-28 243248]
"SoundMAX"=C:\Programme\Analog Devices\SoundMAX\Smax4.exe [2007-08-08 831488]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-12-05 13549568]
"nwiz"=nwiz.exe /installquiet /keeploaded /nodetect []
"TVT Scheduler Proxy"=C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe [2008-05-14 487424]
"SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-01-22 136600]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2006-02-01 122940]
"ISUSPM Startup"=C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
"ISUSScheduler"=C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
"AwaySch"=C:\Programme\Lenovo\AwayTask\AwaySch.EXE [2006-11-07 91688]
"LPManager"=C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe [2008-09-01 165208]
"AMSG"=C:\PROGRA~1\THINKV~1\AMSG\amsg.exe [2007-02-01 419376]
"DiskeeperSystray"=C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe [2006-05-18 196696]
"ACTray"=C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe [2008-10-27 425984]
"ShStatEXE"=C:\Programme\McAfee\VirusScan Enterprise\SHSTAT.EXE [2008-01-24 111952]
"McAfeeUpdaterUI"=C:\Programme\McAfee\Common Framework\UdaterUI.exe [2007-10-25 136512]
"Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"LPMailChecker"=C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe [2008-09-01 124248]
"cssauth"=C:\Programme\Lenovo\Client Security Solution\cssauth.exe [2008-06-13 3073336]
"FreePDF Assistant"=C:\Programme\FreePDF_XP\fpassist.exe [2008-07-22 357376]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-09-21 55824]
"QuickTime Task"=C:\Programme\QuickTime\QTTask.exe [2008-09-06 413696]
"SoundMAXPnP"=C:\Programme\Analog Devices\Core\smax4pnp.exe [2008-04-24 1036288]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-12-05 86016]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe [2008-03-24 218496]
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
BTTray.lnk - C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe
Digital Line Detect.lnk - C:\Programme\Digital Line Detect\DLG.exe
Logitech SetPoint.lnk - C:\Programme\Logitech\SetPoint\SetPoint.exe
Mozilla Firefox.lnk - C:\Programme\Mozilla Firefox\firefox.exe
Mozilla Thunderbird.lnk - C:\Programme\Mozilla Thunderbird\thunderbird.exe
C:\Dokumente und Einstellungen\Hermann Orth\Startmenü\Programme\Autostart
ERUNT AutoBackup.lnk - C:\Programme\ERUNT\AUTOBACK.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ACNotify]
C:\Programme\ThinkPad\ConnectUtilities\ACNotify.dll [2008-10-27 32768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll [2007-11-15 72208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll [2008-11-21 95496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2]
C:\Programme\Lenovo\HOTKEY\notifyf2.dll [2006-09-06 34344]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
C:\Programme\Lenovo\HOTKEY\tphklock.dll [2008-08-08 28672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\wvUlifdd
"notification packages"=scecli
ACGina
ACGina
psqlpwd
C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll
ACGina
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\McAfee\Common Framework\FrameworkService.exe"="C:\Programme\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\Programme\Trillian\trillian.exe"="C:\Programme\Trillian\trillian.exe:*:Enabled:Trillian"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2009-02-22 15:49:04 ----D---- C:\rsit
2009-02-10 10:27:54 ----D---- C:\WINDOWS\ERDNT
2009-02-10 00:20:42 ----D---- C:\Programme\ERUNT
2009-02-10 00:02:50 ----D---- C:\Programme\Trend Micro
2009-02-09 23:54:19 ----D---- C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Malwarebytes
2009-02-09 23:54:12 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2009-02-09 23:54:12 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-02-09 23:45:25 ----A---- C:\WINDOWS\system32\PerfStringBackup.TMP
2009-02-09 23:41:19 ----A---- C:\WINDOWS\system32\b7bc1cd3-.txt
2009-02-09 22:29:52 ----A---- C:\WINDOWS\ntbtlog.txt
2009-02-09 22:15:39 ----D---- C:\QUARANTINE
2009-02-07 21:36:14 ----D---- C:\WINDOWS\system32\IOSUBSYS
======List of files/folders modified in the last 1 months======
2009-02-22 15:39:49 ----D---- C:\WINDOWS\Prefetch
2009-02-22 15:35:20 ----D---- C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Skype
2009-02-22 11:49:06 ----D---- C:\Programme\Mozilla Firefox
2009-02-22 11:28:21 ----D---- C:\Programme\Mozilla Thunderbird
2009-02-22 11:24:09 ----D---- C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\skypePM
2009-02-22 00:00:48 ----D---- C:\WINDOWS\Temp
2009-02-22 00:00:48 ----D---- C:\SWSHARE
2009-02-22 00:00:17 ----A---- C:\sysiclog.txt
2009-02-21 12:47:52 ----D---- C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Move Networks
2009-02-21 09:01:04 ----D---- C:\WINDOWS\system32
2009-02-21 09:00:15 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-21 08:56:14 ----A---- C:\WINDOWS\system32\PROCDB.INI
2009-02-21 08:55:52 ----A---- C:\WINDOWS\system32\IPSCtrl.INI
2009-02-21 08:55:46 ----A---- C:\WINDOWS\system32\ICAutoUpdate.log.bak
2009-02-21 00:27:11 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-10 10:27:54 ----D---- C:\WINDOWS
2009-02-10 10:25:56 ----RD---- C:\Programme
2009-02-10 10:25:56 ----D---- C:\WINDOWS\system32\drivers
2009-02-09 23:42:29 ----HD---- C:\WINDOWS\inf
2009-02-09 23:35:35 ----D---- C:\Icons
2009-02-09 23:32:57 ----SHD---- C:\RECYCLER
2009-02-09 22:16:54 ----SD---- C:\WINDOWS\Tasks
2009-02-07 21:35:59 ----D---- C:\Programme\Google
2009-01-31 01:29:33 ----D---- C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\gtk-2.0
2009-01-29 00:53:47 ----D---- C:\Programme\Gemeinsame Dateien\Canon
2009-01-28 00:55:06 ----D---- C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\ZoomBrowser EX
2009-01-27 08:56:17 ----SHD---- C:\Config.Msi
2009-01-27 00:16:40 ----SHD---- C:\WINDOWS\Installer
2009-01-27 00:16:38 ----RSD---- C:\WINDOWS\assembly
2009-01-27 00:11:18 ----D---- C:\Programme\Lenovo
2009-01-26 23:46:25 ----D---- C:\WINDOWS\system32\CatRoot
2009-01-26 23:35:52 ----A---- C:\TPHKLOCK.TXT
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 ANC;ANC; C:\WINDOWS\System32\drivers\ANC.SYS [2008-10-24 11520]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-11-18 5660]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-11-18 22684]
R1 IBMTPCHK;IBMTPCHK; \??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys []
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40448]
R1 mferkdk;VSCore mferkdk; \??\C:\Programme\McAfee\VirusScan Enterprise\mferkdk.sys []
R1 mfetdik;McAfee Inc.; C:\WINDOWS\system32\drivers\mfetdik.sys [2008-01-24 52104]
R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys [2008-05-12 17844]
R1 TPPWRIF;TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [2007-04-12 4442]
R1 TSMAPIP;TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2008-07-31 4608]
R1 tvtumon;tvtumon; C:\WINDOWS\system32\DRIVERS\tvtumon.sys [2008-07-11 46144]
R1 WmiAcpi;Microsoft Windows-Verwaltungsschnittstelle für ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.4.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-08-24 21393]
R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2006-02-01 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2006-02-01 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2006-02-01 86652]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2006-02-01 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2006-02-01 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2006-02-01 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2006-02-01 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-11-17 40544]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-18 12672]
R2 pmem;pmem; \??\C:\WINDOWS\System32\drivers\pmemnt.sys []
R2 PROCDD;IPS-Helper-Treiber; C:\WINDOWS\system32\DRIVERS\PROCDD.SYS [2006-11-06 12080]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
R2 s24trans;WLAN-Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-03-29 12416]
R2 smihlp2;SMI Helper Driver (smihlp2); \??\C:\Programme\Gemeinsame Dateien\ThinkVantage Fingerprint Software\Drivers\smihlp.sys []
R2 tvtfilter;tvtfilter; C:\WINDOWS\system32\DRIVERS\tvtfilter.sys [2009-01-22 33536]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2008-04-24 308736]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2008-04-24 103424]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2008-03-07 154672]
R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 atmeltpm;atmeltpm; C:\WINDOWS\system32\DRIVERS\atmeltpm.sys [2005-05-17 15872]
R3 btaudio;Bluetooth-Audiogerät; C:\WINDOWS\system32\drivers\btaudio.sys [2007-01-24 530861]
R3 BTDriver;Virtueller Bluetooth-Kommunikationstreiber; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-10-09 30459]
R3 BTKRNL;Bluetooth-Bus-Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-02-27 868042]
R3 BTWDNDIS;Bluetooth-LAN-Zugangsserver; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-10-15 149123]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-01-24 67960]
R3 CmBatt;Microsoft-Netzteiltreiber; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2008-03-29 125328]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2008-01-02 252048]
R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-12-21 988800]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-12-21 209664]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2008-09-29 23848]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-09-21 35088]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-09-21 36240]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2007-09-21 28432]
R3 mfeapfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeapfk.sys [2008-01-24 64232]
R3 mfeavfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeavfk.sys [2008-01-24 72936]
R3 mfebopk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfebopk.sys [2008-01-24 33960]
R3 mfehidk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfehidk.sys [2008-01-24 171400]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]
R3 NETw4x32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-04-29 2206976]
R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-12-05 6620096]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\WINDOWS\system32\DRIVERS\psadd.sys [2008-08-24 30144]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 TcUsb;TC USB Kernel Driver; C:\WINDOWS\System32\Drivers\tcusb.sys [2008-08-08 50704]
R3 TVTI2C;Lenovo SM bus driver; C:\WINDOWS\system32\DRIVERS\Tvti2c.sys [2008-02-22 37312]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2007-09-15 501800]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-12-21 730112]
S3 ac97intc;Intel(r) 82801 Audiotreiber-Installationsdienst (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 E100B;Intel(R) PRO-Adaptertreiber; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2008-02-05 23832]
S3 G400;G400; C:\WINDOWS\system32\DRIVERS\G400m.sys [2001-08-17 322432]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]
S3 LVRS;Logitech RightSound Filter Driver; C:\WINDOWS\system32\DRIVERS\lvrs.sys [2008-02-05 628760]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2008-02-05 41752]
S3 LVUVC;Logitech QuickCam S5500(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2008-02-05 4658456]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 TVTPktFilter;TVT Packet Filter Service; C:\WINDOWS\system32\DRIVERS\tvtpktfilter.sys []
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 agp440;Intel AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP-Bus-Filtertreiber; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AcPrfMgrSvc;Ac Profile Manager Service; C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [2008-10-27 90112]
R2 AcSvc;Access Connections Main Service; C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe [2008-10-27 217088]
R2 btwdins;Bluetooth Service; C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe [2007-02-27 266295]
R2 CCALib8;Canon Camera Access Library 8; C:\Programme\Canon\CAL\CALMAIN.exe [2006-03-30 96341]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Programme\Cisco Systems\VPN Client\cvpnd.exe [2008-06-19 1528608]
R2 Diskeeper;Diskeeper; C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe [2006-05-23 622700]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Programme\Intel\Wireless\Bin\EvtEng.exe [2007-04-16 647168]
R2 IBMPMSVC;ThinkPad PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2008-09-29 38176]
R2 IPSSVC;IPS-Basisservice; C:\WINDOWS\system32\IPSSVC.EXE [2007-01-29 108080]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-01-22 152984]
R2 McAfeeFramework;McAfee Framework Service; C:\Programme\McAfee\Common Framework\FrameworkService.exe [2007-10-25 103744]
R2 McShield;McAfee McShield; C:\Programme\McAfee\VirusScan Enterprise\Mcshield.exe [2008-01-24 144704]
R2 McTaskManager;McAfee Task Manager; C:\Programme\McAfee\VirusScan Enterprise\VsTskMgr.exe [2008-01-24 54608]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-12-05 168004]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Programme\Intel\Wireless\Bin\RegSrvc.exe [2007-04-16 327680]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Programme\Intel\Wireless\Bin\S24EvMon.exe [2007-04-16 983040]
R2 SUService;System Update; c:\programme\lenovo\system update\suservice.exe [2008-05-16 32768]
R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe [2008-06-13 746808]
R2 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\WINDOWS\System32\TPHDEXLG.exe [2008-05-14 37416]
R2 TSSCoreService;TSS Core Service; C:\Programme\Lenovo\Client Security Solution\tvttcsd.exe [2008-06-13 779576]
R2 TVT Backup Protection Service;TVT Backup Protection Service; C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe [2008-05-14 520192]
R2 TVT Backup Service;TVT Backup Service; C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe [2008-05-14 950272]
R2 TVT Scheduler;TVT Scheduler; c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe [2008-05-14 1155072]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor; C:\Programme\Lenovo\Rescue and Recovery\UpdateMonitor.exe [2008-10-09 360448]
R2 tvtnetwk;tvtnetwk; C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe [2007-02-08 45056]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 gusvc;Google Updater Service; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-03 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-13 69632]
S3 LBTServ;Logitech Bluetooth Service; C:\Programme\Gemeinsame Dateien\LogiShrd\Bluetooth\LBTServ.exe [2007-11-15 121360]
S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Programme\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S3 WMConnectCDS;Windows Media Connect-Dienst; C:\Programme\Windows Media Connect 2\wmccds.exe [2005-10-06 856064]
-----------------EOF-----------------
hermannworth
2009-02-22, 22:57
info.txt
info.txt logfile of random's system information tool 1.05 2009-02-22 15:49:10
======Uninstall list======
-->C:\Programme\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\SETUP.exe -l0x0007 -removeonly
-->C:\Programme\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\SETUP.exe -l0x0007 -removeonly
-->C:\WINDOWS\IsUn0407.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.60 beta-->"C:\Programme\7-Zip\Uninstall.exe"
Access Help-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C6FA39A7-26B1-480A-BC74-6D17531AC222}\Setup.exe" -l0x7 UNINSTALL
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81200000003}
Canon Camera Access Library-->"C:\Programme\Gemeinsame Dateien\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Programme\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library-->"C:\Programme\Gemeinsame Dateien\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Programme\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX-->"C:\Programme\Gemeinsame Dateien\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Programme\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX-->"C:\Programme\Gemeinsame Dateien\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Programme\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX-->"C:\Programme\Gemeinsame Dateien\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Programme\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon G.726 WMP-Decoder-->"C:\Programme\Gemeinsame Dateien\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Programme\Canon\G726Decoder\G726DecUnInstall.ini"
CANON iMAGE GATEWAY Task for ZoomBrowser EX-->"C:\Programme\Gemeinsame Dateien\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Programme\Canon\ZoomBrowser EX\Program\CRWUnInstall.ini"
Canon Internet Library for ZoomBrowser EX-->"C:\Programme\Gemeinsame Dateien\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Programme\Canon\ZoomBrowser EX\Program\CIGUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX-->"C:\Programme\Gemeinsame Dateien\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Programme\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX-->"C:\Programme\Gemeinsame Dateien\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Programme\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX-->"C:\Programme\Gemeinsame Dateien\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Programme\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities EOS Utility-->"C:\Programme\Gemeinsame Dateien\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Programme\Canon\EOS Utility\Uninst.ini"
Canon Utilities ZoomBrowser EX-->"C:\Programme\Gemeinsame Dateien\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Programme\Canon\ZoomBrowser EX\Program\Uninst.ini"
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
Cisco Systems VPN Client 5.0.03.0560-->MsiExec.exe /X{A7091E1D-36A4-47F1-A739-173CC341414F}
Client Security - Password Manager-->MsiExec.exe /I{44E9D4C2-946C-4378-9354-558803C47A68}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0407-0000-0000000FF1CE}
Dienstprogramm "ThinkPad UltraNav"-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{17CBC505-D1AE-459D-B445-3D2000A85842}\setup.exe" -l0x7 UNINSTALL
Diskeeper Lite-->MsiExec.exe /X{796E076A-82F7-4D49-98C8-DEC0C3BC733A}
Ergänzung zu Productivity Center für ThinkPad-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D728E945-256D-4477-B377-6BBA693714AC}\setup.exe" -l0x7 -AddRemove
erLT-->MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
ERUNT 1.1j-->C:\Programme\ERUNT\unins000.exe
FreePDF XP (Remove only)-->C:\Programme\FreePDF_XP\fpsetup.exe /r
GIMP 2.4.7-->"C:\Programme\GIMP-2.0\setup\unins000.exe"
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
GPL Ghostscript 8.62-->C:\Programme\gs\uninstgs.exe "C:\Programme\gs\gs8.62\uninstal.txt"
GPL Ghostscript Fonts-->C:\Programme\gs\uninstgs.exe "C:\Programme\gs\fonts\uninstal.txt"
Help Center-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{986F64DC-FF15-449D-998F-EE3BCEC6666A}\SETUP.EXE" -l0x7 -AddRemove
HijackThis 2.0.2-->"C:\Programme\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel(R) PRO Network Connections Drivers-->Prounstl.exe
Intel(R) PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
Lenovo Registration-->C:\Programme\Lenovo Registration\uninstall.exe
Lenovo System Toolbox-->C:\Programme\PCDR5\uninst.exe
Logitech High Quality Video-->MsiExec.exe /X{281D28EC-1357-4778-B2D7-DEA56D70EF96}
Logitech QuickCam-Treiberpaket-->"C:\Programme\Gemeinsame Dateien\LogiShrd\LogiDriverStore\lvdrivers\11.70.1196\LgDrvInst.exe" -remove -instdir"C:\Programme\Gemeinsame Dateien\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_11.70" /clone_wait /hide_progress
Logitech SetPoint-->C:\Programme\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0009 -removeonly
Maintenance Manager-->Rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\AWAYTASK.INF
Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
McAfee VirusScan Enterprise-->MsiExec.exe /I{35C03C04-3F1F-42C2-A989-A757EE691F65}
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
Message Center-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}\Setup.exe" -l0x7 -AddRemove
Microsoft .NET Framework 1.1 German Language Pack-->MsiExec.exe /X{E78BFA60-5393-4C38-82AB-E8019E464EB4}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU-->MsiExec.exe /I{9309DD7E-EBFE-3C95-8B47-30D3A012F606}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120407-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (3.0.1)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.19)-->C:\Programme\Mozilla Thunderbird\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser-->MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
Nokia Connectivity Cable Driver-->MsiExec.exe /X{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}
Nokia PC Suite-->C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Nokia_PC_Suite_7_1_18_0_ger.exe
Nokia PC Suite-->MsiExec.exe /I{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
On Screen Display-->rundll32.exe "C:\Programme\Lenovo\HOTKEY\cleanup.dll",InfUninstall DefaultUninstall.XP 132 C:\Programme\Lenovo\HOTKEY\tphk_tp.inf
PC Connectivity Solution-->MsiExec.exe /I{D848D140-41C3-4A53-86D8-E866A100B4CD}
Picasa 3-->"C:\Programme\Google\Picasa3\Uninstall.exe"
Präsentationsdirektor-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{65706020-7B6F-41F2-8047-FC69579E386A}\Setup.exe" -l0x7 -AddRemove
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
RedMon - Redirection Port Monitor-->C:\WINDOWS\system32\unredmon.exe
Remove Multimedia Center-->C:\swtools\apps\MMCfTO\customiz\sequencer.exe -fc:\swtools\apps\MMCfTO\customiz\uninst.seq
Rescue and Recovery-->MsiExec.exe /I{F151F2B3-0C32-44D3-90E2-E639B8024622}
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x7 anything
Sicherheitsupdate für Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Skype™ Beta 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic Icons for Lenovo-->MsiExec.exe /I{B334D9AE-1393-423E-97C0-3BDC3360E692}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SoundMAX-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x7 -removeonly
System Migration Assistant-->MsiExec.exe /X{F705E3E1-A471-426B-9A09-73429F3418EE}
System Requirements Lab-->C:\Programme\SystemRequirementsLab\Uninstall.exe
System Update-->MsiExec.exe /X{8675339C-128C-44DD-83BF-0A5D6ABD8297}
ThinkPad Bluetooth with Enhanced Data Rate Software-->MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}
ThinkPad Energie-Manager-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}\SETUP.EXE" -l0x7 -AddRemove
ThinkPad FullScreen Magnifier-->rundll32.exe "C:\Programme\Lenovo\ZOOM\cleanup.dll",InfUninstall DefaultUninstall 132 C:\Programme\Lenovo\Zoom\TpScrex.inf
ThinkPad Modem-->C:\Programme\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588\UIU32m.exe -U -ITkp0588k.inf
ThinkPad PC Card Power Policy-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUnInstall 132 C:\SWTOOLS\OSFIXES\PCMCIAPW\pcmciapw.inf
ThinkPad Power Management Driver-->RunDll32.exe tpinspm.dll,Uninstall
ThinkPad UltraNav Driver-->C:\Programme\Apoint2K\Uninstap.exe ADDREMOVE
ThinkPad-Dienstprogramm 'EasyEject'-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{1297C681-92D7-40EF-93BF-03F66EC5105C}\SETUP.EXE" -l0x7 -AddRemove
ThinkVantage Access Connections-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{7EB114D8-207F-45AE-BABD-1669715F2630}\setup.exe" -l0x7 anything
ThinkVantage Fingerprint Software 5.8-->MsiExec.exe /I{9F98C9F8-9B49-411C-AFB9-AF633249FA7C}
ThinkVantage Productivity Center-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}\setup.exe" -l0x7 -AddRemove
ThinkVantage System für aktiven Festplattenschutz-->MsiExec.exe /X{46A84694-59EC-48F0-964C-7E76E9F8A2ED}
ThinkVantage Technologies Welcome Message-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{1007F41F-7D69-468E-8017-3849A5A973C2}\Setup.exe" -l0x7 anything
Trillian-->C:\Programme\Trillian\trillian.exe /uninstall
Update für Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update für Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update für Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Wallpapers-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}\Setup.exe" -l0x7 UNINSTALL
Winamp-->"C:\Programme\Winamp\UninstWA.exe"
Windows Live Toolbar-->"C:\Programme\Windows Live Toolbar\UnInstall.exe" {10DDCDDD-9A59-4496-9371-C17F1668D433}
Windows Live Toolbar-->MsiExec.exe /X{10DDCDDD-9A59-4496-9371-C17F1668D433}
Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Windows-Treiberpaket - Nokia Modem (05/22/2008 3.8)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_6F90B0F4A73A2F780A1010B5D6CB5DDFB098181E\nokia_bluetooth.inf
Windows-Treiberpaket - Nokia Modem (05/22/2008 7.00.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_E68D50F7E25BFE399D47C864C3B52557346242A9\nokbtmdm.inf
Windows-Treiberpaket - Nokia Modem (10/27/2008 3.9)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_79486EC6AA0D1732FB17E5167077C07ECAE1B870\nokia_bluetooth.inf
Windows-Treiberpaket - Nokia Modem (10/27/2008 7.01.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_247189AEBF39EB69A7C75429610DFED2F2EDC1B6\nokbtmdm.inf
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
XP Themes-->MsiExec.exe /I{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}
======Security center information======
AV: McAfee VirusScan Enterprise
System event log
Computer Name: ORTH
Event Code: 59
Message: Resolve Partial Assembly ist für Microsoft.VC80.MFCLOC fehlgeschlagen.
Referenzfehlermeldung: Die referenzierte Assemblierung ist nicht auf dem Computer installiert.
.
Record Number: 1172
Source Name: SideBySide
Time Written: 20080906090030.000000-300
Event Type: error
User:
Computer Name: ORTH
Event Code: 32
Message: Abhängige Assemblierung "Microsoft.VC80.MFCLOC" konnte nicht gefunden werden. "Last Error": Die referenzierte Assemblierung ist nicht auf dem Computer installiert.
Record Number: 1171
Source Name: SideBySide
Time Written: 20080906090030.000000-300
Event Type: error
User:
Computer Name: ORTH
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "RAS-Verbindungsverwaltung" gesendet.
Record Number: 1170
Source Name: Service Control Manager
Time Written: 20080906090014.000000-300
Event Type: information
User: NT-AUTORITÄT\SYSTEM
Computer Name: ORTH
Event Code: 4201
Message: Netzwerkadapter "Intel(R)...WiFi Link 4965AGN - Paketplaner-Miniport" wurde mit dem Netzwerk verbunden, und das
System wurde über das Netzwerk im normalen Zustand gestartet.
Record Number: 1169
Source Name: Tcpip
Time Written: 20080906090011.000000-300
Event Type: information
User:
Computer Name: ORTH
Event Code: 7036
Message: Dienst "IMAPI-CD-Brenn-COM-Dienste" befindet sich jetzt im Status "Beendet".
Record Number: 1168
Source Name: Service Control Manager
Time Written: 20080906085959.000000-300
Event Type: information
User:
Application event log
Computer Name: ORTH
Event Code: 0
Message:
Record Number: 5
Source Name: ThinkVantage Registry Monitor Service
Time Written: 20080904174131.000000-300
Event Type: information
User:
Computer Name: ORTH
Event Code: 0
Message:
Record Number: 4
Source Name: RegSrvc
Time Written: 20080904174130.000000-300
Event Type: information
User:
Computer Name: ORTH
Event Code: 2
Message: Das Diskeeper-Control Center wurde gestartet.
Diskeeper-Dienst wurde gestartet
Record Number: 3
Source Name: Diskeeper
Time Written: 20080904174130.000000-300
Event Type: information
User:
Computer Name: ORTH
Event Code: 0
Message:
Record Number: 2
Source Name: EvtEng
Time Written: 20080904174128.000000-300
Event Type: information
User:
Computer Name: ORTH
Event Code: 0
Message:
Record Number: 1
Source Name: btwdins
Time Written: 20080904174126.000000-300
Event Type: information
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Programme\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\Intel\Wireless\Bin\;C:\Programme\Diskeeper Corporation\Diskeeper\;C:\Programme\ThinkPad\ConnectUtilities;C:\Programme\Gemeinsame Dateien\Lenovo;C:\Programme\Intel\Wireless\Bin\;C:\Programme\Intel\Wireless\Bin\;C:\Programme\Intel\Wireless\Bin\;C:\Programme\Lenovo\Client Security Solution;C:\Programme\QuickTime\QTSystem\;C:\Programme\Intel\Wireless\Bin\;C:\Programme\Intel\Wireless\Bin\;C:\Programme\Intel\Wireless\Bin\;C:\Programme\Intel\Wireless\Bin\;C:\Programme\Intel\Wireless\Bin\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Programme\Gemeinsame Dateien\Sonic Shared\Sonic Central\
"TPCCommon"=C:\PROGRA~1\THINKV~1\PrdCtr
"SMA"=C:\Programme\ThinkVantage\SMA\
"TVT"=C:\Programme\Lenovo
"TVTCOMMON"=C:\Programme\Gemeinsame Dateien\Lenovo
"SWSHARE"=C:\SWSHARE
"RR"=C:\Programme\Lenovo\Rescue and Recovery
"TVTPYDIR"=C:\Programme\Gemeinsame Dateien\Lenovo\Python24
"VSEDEFLOGDIR"=C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\McAfee\DesktopProtection
"DEFLOGDIR"=C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\McAfee\DesktopProtection
"CLASSPATH"=.;C:\Programme\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Programme\Java\jre1.5.0_06\lib\ext\QTJava.zip
-----------------EOF-----------------
Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:
Bleeping Computer ComboFix Tutorial (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply
Re-enable all the programs that were disabled during the running of ComboFix..
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
hermannworth
2009-02-22, 23:46
Here is the ComboFix Log. A note: After ComboFix restarted the computer, McAfee came back on as it is in autorun and ComboFix gave a warning message. Disabled all McAfee services and let ComboFix resume, but it gave a new warning message and then continued and posted the log.
Here is the Log:
ComboFix 09-02-21.01 - Hermann Orth 2009-02-22 16:33:56.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1031.18.2046.1409 [GMT -6:00]
Running from: c:\dokumente und einstellungen\Hermann Orth\Eigene Dateien\Programme\ComboFix.exe
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated)
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Tasks\rlejkhcz.job
.
((((((((((((((((((((((((( Files Created from 2009-01-22 to 2009-02-22 )))))))))))))))))))))))))))))))
.
2009-02-22 15:49 . 2009-02-22 15:49 <DIR> d-------- C:\rsit
2009-02-10 00:20 . 2009-02-10 00:20 <DIR> d-------- c:\programme\ERUNT
2009-02-10 00:02 . 2009-02-10 00:02 <DIR> d-------- c:\programme\Trend Micro
2009-02-09 23:54 . 2009-02-09 23:54 <DIR> d-------- c:\programme\Malwarebytes' Anti-Malware
2009-02-09 23:54 . 2009-02-09 23:54 <DIR> d-------- c:\dokumente und einstellungen\Hermann Orth\Anwendungsdaten\Malwarebytes
2009-02-09 23:54 . 2009-02-09 23:54 <DIR> d-------- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-02-09 23:54 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-09 23:54 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-09 23:45 . 2009-02-21 09:01 3,420 --a------ c:\windows\system32\PerfStringBackup.TMP
2009-02-09 23:40 . 2009-02-22 16:38 53,912 --a------ c:\windows\system32\nvModes.001
2009-02-09 23:40 . 2009-02-22 16:37 2,148 --a------ c:\windows\system32\wpa.dbl
2009-02-09 22:22 . 2009-02-10 00:07 2,204 --a------ c:\windows\tgytmkkl
2009-02-09 22:15 . 2009-02-09 23:29 <DIR> d-------- C:\QUARANTINE
2009-02-07 21:36 . 2009-02-07 21:36 <DIR> d-------- c:\windows\system32\IOSUBSYS
2009-01-27 08:59 . 2009-01-27 08:59 <DIR> d-------- c:\dokumente und einstellungen\LocalService\Anwendungsdaten\Avaya
2009-01-26 23:47 . 2009-01-26 23:47 188 --a------ c:\windows\x
2009-01-22 17:39 . 2009-02-22 16:36 3,120 --a------ c:\windows\system32\ICAutoUpdate.log.bak
2009-01-22 13:38 . 2009-01-22 13:38 <DIR> d-------- c:\dokumente und einstellungen\All Users\Anwendungsdaten\PCDr
2009-01-22 13:12 . 2009-01-22 13:12 <DIR> d-------- c:\programme\Gemeinsame Dateien\PCSuite
2009-01-22 13:12 . 2009-01-22 13:12 <DIR> d-------- c:\programme\Gemeinsame Dateien\Nokia
2009-01-22 13:11 . 2009-01-22 13:11 <DIR> d-------- c:\programme\PC Connectivity Solution
2009-01-22 13:11 . 2008-12-05 09:05 190,706 --a------ c:\windows\system32\nvapps.nvb
2009-01-22 13:11 . 2009-02-20 09:54 53,912 --a------ c:\windows\system32\nvModes.dat
2009-01-22 12:50 . 2009-01-22 12:50 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-01-22 12:50 . 2009-01-22 12:50 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01007.Wdf
2009-01-22 12:48 . 2007-09-15 09:40 1,450,856 --a------ c:\windows\system32\WdfCoinstaller01007.dll
2009-01-22 12:46 . 2009-01-22 12:46 <DIR> d-------- c:\programme\Gemeinsame Dateien\ThinkVantage Fingerprint Software
2009-01-22 12:46 . 2009-01-22 12:46 <DIR> d-------- c:\programme\Gemeinsame Dateien\SPBA
2009-01-22 01:02 . 2009-01-22 01:02 <DIR> d-------- c:\dokumente und einstellungen\Hermann Orth\Anwendungsdaten\Rockwell Software
2009-01-22 01:02 . 2009-02-21 12:47 <DIR> d-------- c:\dokumente und einstellungen\Hermann Orth\Anwendungsdaten\Move Networks
2009-01-22 00:11 . 2008-12-11 04:57 333,952 --a------ c:\windows\system32\dllcache\srv.sys
2009-01-22 00:10 . 2008-10-24 05:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2009-01-22 00:10 . 2008-10-03 04:03 247,326 --a------ c:\windows\system32\dllcache\strmdll.dll
2009-01-22 00:09 . 2008-08-14 07:19 2,191,488 --------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-22 00:09 . 2008-08-14 07:19 2,147,840 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-22 00:09 . 2008-08-14 07:19 2,068,352 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-22 00:09 . 2008-08-14 07:19 2,026,496 --------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-01-22 00:09 . 2008-09-15 09:24 1,846,528 --------- c:\windows\system32\dllcache\win32k.sys
2009-01-22 00:09 . 2008-09-04 11:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2009-01-22 00:09 . 2008-10-15 10:35 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
2009-01-22 00:05 . 2009-01-22 00:05 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-22 00:05 . 2009-01-22 00:05 73,728 --a------ c:\windows\system32\javacpl.cpl
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-22 22:39 --------- d-----w c:\programme\Mozilla Thunderbird
2009-02-22 22:30 --------- d-----w c:\dokumente und einstellungen\Hermann Orth\Anwendungsdaten\Skype
2009-02-22 22:00 --------- d-----w c:\dokumente und einstellungen\Hermann Orth\Anwendungsdaten\skypePM
2009-02-08 13:06 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
2009-02-08 13:06 0 ----a-w c:\windows\system32\drivers\logiflt.iad
2009-02-08 03:35 --------- d-----w c:\programme\Google
2009-01-31 07:29 --------- d-----w c:\dokumente und einstellungen\Hermann Orth\Anwendungsdaten\gtk-2.0
2009-01-29 06:53 --------- d-----w c:\programme\Gemeinsame Dateien\Canon
2009-01-28 06:55 --------- d-----w c:\dokumente und einstellungen\Hermann Orth\Anwendungsdaten\ZoomBrowser EX
2009-01-27 06:11 --------- d-----w c:\programme\Lenovo
2009-01-22 23:49 --------- d-----w c:\programme\Gemeinsame Dateien\Lenovo
2009-01-22 23:35 --------- d-----w c:\programme\PCDR5
2009-01-22 19:42 33,536 ----a-w c:\windows\system32\drivers\tvtfilter.sys
2009-01-22 19:12 --------- d-----w c:\programme\Nokia
2009-01-22 19:09 --------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\Installations
2009-01-22 19:03 --------- d-----w c:\programme\Apoint2K
2009-01-22 18:47 --------- d-----w c:\programme\ThinkVantage Fingerprint Software
2009-01-22 06:57 --------- d-----w c:\dokumente und einstellungen\Hermann Orth\Anwendungsdaten\Winamp
2009-01-22 06:05 --------- d-----w c:\programme\Java
2009-01-22 06:00 --------- d-----w c:\programme\HP
2009-01-22 05:57 --------- d-----w c:\programme\Gemeinsame Dateien\Apple
2009-01-22 05:05 --------- d-----w c:\dokumente und einstellungen\Hermann Orth\Anwendungsdaten\Lenovo
2009-01-22 05:05 --------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lenovo
2009-01-22 05:03 --------- d-----w c:\windows\system32\config\systemprofile\Anwendungsdaten\Lenovo
2009-01-22 05:03 --------- d-----w c:\windows\system32\config\systemprofile\Anwendungsdaten\InstallShield
2009-01-22 04:56 --------- d-----w c:\programme\Windows Media Connect 2
2009-01-22 04:56 --------- d-----w c:\programme\Windows Live Toolbar
2009-01-22 04:55 --------- d-----w c:\programme\Trillian
2009-01-22 04:55 --------- d-----w c:\programme\ThinkVantage
2009-01-22 04:55 --------- d-----w c:\programme\ThinkPad
2009-01-22 04:55 --------- d-----w c:\programme\SystemRequirementsLab
2009-01-22 04:55 --------- d-----w c:\programme\Sonic Icons for Lenovo
2009-01-22 04:55 --------- d-----w c:\programme\Sonic
2009-01-22 04:55 --------- d-----w c:\programme\QuickTime
2009-01-22 04:55 --------- d-----w c:\programme\Online-Dienste
2009-01-22 04:55 --------- d-----w c:\programme\NetWaiting
2009-01-22 04:55 --------- d-----w c:\programme\Multimedia Center for Think Offerings
2009-01-22 04:55 --------- d-----w c:\programme\MSECache
2009-01-22 04:55 --------- d-----r c:\programme\Skype
2009-01-22 04:54 --------- d-----w c:\programme\Microsoft.NET
2009-01-22 04:54 --------- d-----w c:\programme\microsoft frontpage
2009-01-22 04:54 --------- d-----w c:\programme\McAfee
2009-01-22 04:54 --------- d-----w c:\programme\Logitech
2009-01-22 04:54 --------- d-----w c:\programme\Lenovo Registration
2009-01-22 04:53 --------- d--h--w c:\programme\InstallShield Installation Information
2009-01-22 04:53 --------- d-----w c:\programme\Intel
2009-01-22 04:53 --------- d-----w c:\programme\gs
2009-01-22 04:51 --------- d-----w c:\programme\Analog Devices
2009-01-22 04:51 --------- d-----w c:\programme\7-Zip
2009-01-22 04:50 --------- d-----w c:\dokumente und einstellungen\LocalService\Anwendungsdaten\Intel
2009-01-22 04:39 --------- d-----w c:\dokumente und einstellungen\Hermann Orth\Anwendungsdaten\Thunderbird
2009-01-22 04:37 --------- d-----w c:\dokumente und einstellungen\Hermann Orth\Anwendungsdaten\Talkback
2009-01-22 04:37 --------- d-----w c:\dokumente und einstellungen\Hermann Orth\Anwendungsdaten\PC Suite
2009-01-22 04:37 --------- d-----w c:\dokumente und einstellungen\Hermann Orth\Anwendungsdaten\OfficeUpdate12
2009-01-22 04:37 --------- d-----w c:\dokumente und einstellungen\Hermann Orth\Anwendungsdaten\Nokia
2008-08-24 17:02 32,768 --sh--w c:\windows\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\MSHist012008082420080825\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-04-12 196608]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-04-12 208896]
"TPFNF7"="c:\progra~1\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-07-31 60192]
"TPHOTKEY"="c:\programme\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-09-30 68976]
"Apoint"="c:\programme\Apoint2K\Apoint.exe" [2008-03-07 167936]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-28 243248]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-05 13549568]
"TVT Scheduler Proxy"="c:\programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-14 487424]
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-01-22 136600]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-01 122940]
"ISUSPM Startup"="c:\progra~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"AwaySch"="c:\programme\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2008-09-01 165208]
"AMSG"="c:\progra~1\THINKV~1\AMSG\amsg.exe" [2007-02-01 419376]
"DiskeeperSystray"="c:\programme\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 196696]
"ACTray"="c:\programme\ThinkPad\ConnectUtilities\ACTray.exe" [2008-10-27 425984]
"ShStatEXE"="c:\programme\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-01-24 111952]
"McAfeeUpdaterUI"="c:\programme\McAfee\Common Framework\UdaterUI.exe" [2007-10-25 136512]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2008-09-01 124248]
"cssauth"="c:\programme\Lenovo\Client Security Solution\cssauth.exe" [2008-06-13 3073336]
"FreePDF Assistant"="c:\programme\FreePDF_XP\fpassist.exe" [2008-07-22 357376]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2008-09-06 413696]
"SoundMAXPnP"="c:\programme\Analog Devices\Core\smax4pnp.exe" [2008-04-24 1036288]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-05 86016]
"TpShocks"="TpShocks.exe" [2008-06-06 c:\windows\system32\TpShocks.exe]
"nwiz"="nwiz.exe" [2008-12-05 c:\windows\system32\nwiz.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 c:\windows\KHALMNPR.Exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="c:\programme\Gemeinsame Dateien\logishrd\WUApp32.exe" [2008-02-05 439568]
c:\dokumente und einstellungen\Hermann Orth\Startmen\Programme\Autostart\
ERUNT AutoBackup.lnk - c:\programme\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
BTTray.lnk - c:\programme\ThinkPad\Bluetooth Software\BTTray.exe [2007-02-27 561213]
Digital Line Detect.lnk - c:\programme\Digital Line Detect\DLG.exe [2008-08-24 50688]
Logitech SetPoint.lnk - c:\programme\Logitech\SetPoint\SetPoint.exe [2008-09-10 784912]
Mozilla Firefox.lnk - c:\programme\Mozilla Firefox\firefox.exe [2008-08-24 307712]
Mozilla Thunderbird.lnk - c:\programme\Mozilla Thunderbird\thunderbird.exe [2008-08-24 8504936]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 09:10 72208 c:\programme\Gemeinsame Dateien\LogiShrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2008-11-21 00:35 95496 c:\programme\ThinkVantage Fingerprint Software\psqlpwd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 16:37 34344 c:\programme\Lenovo\HOTKEY\notifyf2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2008-08-08 19:14 28672 c:\programme\Lenovo\HOTKEY\tphklock.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
2008-10-27 09:57 32768 c:\programme\ThinkPad\ConnectUtilities\ACNotify.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ACGina psqlpwd c:\programme\ThinkVantage Fingerprint Software\psqlpwd.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Programme\\Trillian\\trillian.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [2008-05-14 114728]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2008-05-14 19496]
R1 ANC;ANC;c:\windows\system32\drivers\ANC.sys [2008-08-24 11520]
R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.sys [2008-08-24 4224]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [2008-08-24 4442]
R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2008-05-09 46144]
R2 smihlp2;SMI Helper Driver (smihlp2);c:\programme\Gemeinsame Dateien\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2008-11-21 12560]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\programme\Lenovo\Rescue and Recovery\rrpservice.exe [2008-05-14 520192]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\programme\Lenovo\Rescue and Recovery\UpdateMonitor.exe [2008-05-09 360448]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2006-09-13 37312]
.
Contents of the 'Scheduled Tasks' folder
2009-02-22 c:\windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job
- c:\programme\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 07:54]
2009-01-22 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\programme\PCDR5\pcdr5cuiw32.exe [2008-10-31 12:14]
2009-02-22 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2007-04-12 10:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://lenovo.live.com
IE: &Windows Live Search - c:\programme\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Senden an &Bluetooth-Gerät... - c:\programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
FF - ProfilePath - c:\dokumente und einstellungen\Hermann Orth\Anwendungsdaten\Mozilla\Firefox\Profiles\2m51y7ki.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.faz.net/s/homepage.html
FF - component: c:\programme\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\dokumente und einstellungen\Hermann Orth\Anwendungsdaten\Mozilla\Firefox\Profiles\2m51y7ki.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\programme\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\programme\Google\Picasa3\npPicasa3.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-22 16:40:26
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~�*]
"7040211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1568)
c:\programme\ThinkPad\ConnectUtilities\ACNotify.dll
c:\programme\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\programme\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\programme\ThinkPad\ConnectUtilities\ACHelper.dll
c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll
c:\programme\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTServ.dll
c:\programme\ThinkVantage Fingerprint Software\homefus2.dll
c:\programme\ThinkVantage Fingerprint Software\infql2.dll
c:\programme\ThinkVantage Fingerprint Software\homepass.dll
c:\programme\ThinkVantage Fingerprint Software\bio.dll
c:\programme\ThinkVantage Fingerprint Software\qlbase.dll
c:\programme\ThinkVantage Fingerprint Software\ps2css.dll
c:\programme\Lenovo\HOTKEY\tphklock.dll
c:\programme\ThinkVantage Fingerprint Software\pscssint.dll
c:\programme\ThinkVantage Fingerprint Software\vti.dll
- - - - - - - > 'lsass.exe'(1624)
c:\programme\ThinkPad\ConnectUtilities\ACGina.dll
c:\programme\ThinkPad\ConnectUtilities\ACHelper.dll
c:\programme\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\programme\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\programme\ThinkPad\ConnectUtilities\ACON.dll
c:\programme\ThinkPad\ConnectUtilities\AcPrfMgr.dll
c:\programme\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
c:\programme\ThinkPad\ConnectUtilities\ACTurinSupport.dll
c:\programme\ThinkPad\ConnectUtilities\AcSmBiosHelper.dll
c:\programme\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll
c:\programme\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\programme\ThinkVantage Fingerprint Software\homefus2.dll
c:\programme\ThinkVantage Fingerprint Software\infql2.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\programme\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\IPSSVC.EXE
c:\programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\programme\Cisco Systems\VPN Client\cvpnd.exe
c:\programme\Diskeeper Corporation\Diskeeper\DkService.exe
c:\programme\Intel\Wireless\Bin\EvtEng.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\McAfee\Common Framework\FrameworkService.exe
c:\programme\McAfee\VirusScan Enterprise\Mcshield.exe
c:\programme\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\programme\Intel\Wireless\Bin\RegSrvc.exe
c:\programme\McAfee\Common Framework\naPrdMgr.exe
c:\programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\system32\TPHDEXLG.exe
c:\programme\Lenovo\Client Security Solution\tvttcsd.exe
c:\programme\Lenovo\Rescue and Recovery\rrservice.exe
c:\programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
c:\programme\Lenovo\Rescue and Recovery\ADM\IUService.exe
c:\windows\system32\wdfmgr.exe
c:\programme\ThinkPad\ConnectUtilities\AcSvc.exe
c:\programme\Lenovo\System Update\SUService.exe
c:\programme\Canon\CAL\CALMAIN.exe
c:\programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\rundll32.exe
c:\programme\Lenovo\HOTKEY\TPONSCR.exe
c:\programme\Lenovo\ZOOM\TpScrex.exe
c:\programme\Apoint2K\ApMsgFwd.exe
c:\programme\Apoint2K\ApntEx.exe
c:\programme\Intel\Wireless\Bin\Dot1XCfg.exe
c:\programme\McAfee\Common Framework\Mctray.exe
c:\windows\system32\rundll32.exe
c:\progra~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
c:\programme\Gemeinsame Dateien\LogiShrd\KHAL2\KHALMNPR.exe
c:\programme\Gemeinsame Dateien\Lenovo\Logger\logmon.exe
.
**************************************************************************
.
Completion time: 2009-02-22 16:42:22 - machine was rebooted [Hermann Orth]
ComboFix-quarantined-files.txt 2009-02-22 22:42:19
Pre-Run: 21 Verzeichnis(se), 48.758.591.488 Bytes frei
Post-Run: 21 Verzeichnis(se), 48,766,660,608 Bytes frei
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
328 --- E O F --- 2009-01-22 18:23:48
Step 1
Custom CFScript
Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
File::
C:\WINDOWS\system32\b7bc1cd3-.txt
c:\windows\tgytmkkl
c:\windows\x
RegNull::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h-?|˜˜˜˜Ï�?|—�6~�*]
ADS::
Save this as CFScript.txt and place it on your desktop.
http://i51.photobucket.com/albums/f387/Katana_1970/CFScriptb.gif
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
----------------------------------------------------------- -----------------------------------------------------------
Step 2
Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html
Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
**Note**
To optimize scanning time and produce a more sensible report for review: Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.
----------------------------------------------------------- -----------------------------------------------------------
Step 3
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Combofix Log
Kaspersky Log
How are things running now ?
----------------------------------------------------------- -----------------------------------------------------------
Additional Notes
Your Adobe Acrobat Reader is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Adobe Reader is a large program and uses unnecessary space.
If you prefer a smaller program you can get Foxit 3.0 from http://www.foxitsoftware.com/pdf/rd_intro.php << Recommended
There is a newer version of Adobe Acrobat Reader available.
Please go to this link Adobe Acrobat Reader Download Link (http://www.adobe.com/products/acrobat/readstep2.html)
Click Download
On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
Click the Continue button
Click Run, and click Run again
Next click the Install Now button and follow the on screen prompts
When the installation is complete go to Add/Remove Programs and uninstall the following ( if still there )
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Reader 8.1.2 - Deutsch
J2SE Runtime Environment 5.0 Update 6
hermannworth
2009-02-23, 18:21
I think I am lacking some character encoding mapds on my machine - the lne I am supposed to post ends in what I assume is nonsense. Here is a screenshot of how it looks.
http://picasaweb.google.com/lh/photo/3rCcn16C4EufAWKijJ-sTA?feat=directlink
Do I need to install anything do get this working?
hermannworth
2009-02-23, 18:22
The img link didnt work so here is the direct link to the pic
http://picasaweb.google.com/lh/photo/3rCcn16C4EufAWKijJ-sTA?feat=directlink
That's fine,
just drag the CFscript.txt on to Combofix,
The Cat will know how to eat it :)
hermannworth
2009-02-24, 05:51
Yep, the cat ate it and then we both waited for the scanner ;)
It seems I have tons of malware on my machine..
CF Log:
ComboFix 09-02-21.01 - Hermann Orth 2009-02-23 18:01:22.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1031.18.2046.1506 [GMT -6:00]
Running from: c:\dokumente und einstellungen\Hermann Orth\Eigene Dateien\Programme\ComboFix.exe
Command switches used :: c:\dokumente und einstellungen\Hermann Orth\Eigene Dateien\Programme\CFScript.txt
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated)
* Created a new restore point
FILE ::
c:\windows\system32\b7bc1cd3-.txt
c:\windows\tgytmkkl
c:\windows\x
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\b7bc1cd3-.txt
c:\windows\tgytmkkl
c:\windows\x
.
((((((((((((((((((((((((( Files Created from 2009-01-24 to 2009-02-24 )))))))))))))))))))))))))))))))
.
2009-02-22 15:49 . 2009-02-22 15:49 <DIR> d-------- C:\rsit
2009-02-10 00:20 . 2009-02-10 00:20 <DIR> d-------- c:\programme\ERUNT
2009-02-10 00:02 . 2009-02-10 00:02 <DIR> d-------- c:\programme\Trend Micro
2009-02-09 23:54 . 2009-02-09 23:54 <DIR> d-------- c:\programme\Malwarebytes' Anti-Malware
2009-02-09 23:54 . 2009-02-09 23:54 <DIR> d-------- c:\dokumente und einstellungen\Hermann Orth\Anwendungsdaten\Malwarebytes
2009-02-09 23:54 . 2009-02-09 23:54 <DIR> d-------- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-02-09 23:54 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-09 23:54 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-09 23:45 . 2009-02-23 18:09 3,420 --a------ c:\windows\system32\PerfStringBackup.TMP
2009-02-09 23:40 . 2009-02-23 18:06 53,912 --a------ c:\windows\system32\nvModes.001
2009-02-09 23:40 . 2009-02-23 18:06 2,148 --a------ c:\windows\system32\wpa.dbl
2009-02-09 22:15 . 2009-02-09 23:29 <DIR> d-------- C:\QUARANTINE
2009-02-07 21:36 . 2009-02-07 21:36 <DIR> d-------- c:\windows\system32\IOSUBSYS
2009-01-27 08:59 . 2009-01-27 08:59 <DIR> d-------- c:\dokumente und einstellungen\LocalService\Anwendungsdaten\Avaya
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-24 00:07 --------- d-----w c:\programme\Mozilla Thunderbird
2009-02-22 22:30 --------- d-----w c:\dokumente und einstellungen\Hermann Orth\Anwendungsdaten\Skype
2009-02-22 22:00 --------- d-----w c:\dokumente und einstellungen\Hermann Orth\Anwendungsdaten\skypePM
2009-02-21 18:47 --------- d-----w c:\dokumente und einstellungen\Hermann Orth\Anwendungsdaten\Move Networks
2009-02-08 13:06 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
2009-02-08 13:06 0 ----a-w c:\windows\system32\drivers\logiflt.iad
2009-02-08 03:35 --------- d-----w c:\programme\Google
2009-01-31 07:29 --------- d-----w c:\dokumente und einstellungen\Hermann Orth\Anwendungsdaten\gtk-2.0
2009-01-29 06:53 --------- d-----w c:\programme\Gemeinsame Dateien\Canon
2009-01-28 06:55 --------- d-----w c:\dokumente und einstellungen\Hermann Orth\Anwendungsdaten\ZoomBrowser EX
2009-01-27 06:11 --------- d-----w c:\programme\Lenovo
2009-01-22 23:49 --------- d-----w c:\programme\Gemeinsame Dateien\Lenovo
2009-01-22 23:35 --------- d-----w c:\programme\PCDR5
2009-01-22 19:42 33,536 ----a-w c:\windows\system32\drivers\tvtfilter.sys
2009-01-22 19:38 --------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\PCDr
2009-01-22 19:12 --------- d-----w c:\programme\Nokia
2009-01-22 19:12 --------- d-----w c:\programme\Gemeinsame Dateien\PCSuite
2009-01-22 19:12 --------- d-----w c:\programme\Gemeinsame Dateien\Nokia
2009-01-22 19:11 --------- d-----w c:\programme\PC Connectivity Solution
2009-01-22 19:09 --------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\Installations
2009-01-22 19:03 --------- d-----w c:\programme\Apoint2K
2009-01-22 18:50 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-01-22 18:50 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01007.Wdf
2009-01-22 18:47 --------- d-----w c:\programme\ThinkVantage Fingerprint Software
2009-01-22 18:46 --------- d-----w c:\programme\Gemeinsame Dateien\ThinkVantage Fingerprint Software
2009-01-22 18:46 --------- d-----w c:\programme\Gemeinsame Dateien\SPBA
2009-01-22 07:02 --------- d-----w c:\dokumente und einstellungen\Hermann Orth\Anwendungsdaten\Rockwell Software
2009-01-22 06:57 --------- d-----w c:\dokumente und einstellungen\Hermann Orth\Anwendungsdaten\Winamp
2009-01-22 06:05 --------- d-----w c:\programme\Java
2009-01-22 06:00 --------- d-----w c:\programme\HP
2009-01-22 05:57 --------- d-----w c:\programme\Gemeinsame Dateien\Apple
2009-01-22 05:05 --------- d-----w c:\dokumente und einstellungen\Hermann Orth\Anwendungsdaten\Lenovo
2009-01-22 05:05 --------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lenovo
2009-01-22 05:03 --------- d-----w c:\windows\system32\config\systemprofile\Anwendungsdaten\Lenovo
2009-01-22 05:03 --------- d-----w c:\windows\system32\config\systemprofile\Anwendungsdaten\InstallShield
2009-01-22 04:56 --------- d-----w c:\programme\Windows Media Connect 2
2009-01-22 04:56 --------- d-----w c:\programme\Windows Live Toolbar
2009-01-22 04:55 --------- d-----w c:\programme\Trillian
2009-01-22 04:55 --------- d-----w c:\programme\ThinkVantage
2009-01-22 04:55 --------- d-----w c:\programme\ThinkPad
2009-01-22 04:55 --------- d-----w c:\programme\SystemRequirementsLab
2009-01-22 04:55 --------- d-----w c:\programme\Sonic Icons for Lenovo
2009-01-22 04:55 --------- d-----w c:\programme\Sonic
2009-01-22 04:55 --------- d-----w c:\programme\QuickTime
2009-01-22 04:55 --------- d-----w c:\programme\Online-Dienste
2009-01-22 04:55 --------- d-----w c:\programme\NetWaiting
2009-01-22 04:55 --------- d-----w c:\programme\Multimedia Center for Think Offerings
2009-01-22 04:55 --------- d-----w c:\programme\MSECache
2009-01-22 04:55 --------- d-----r c:\programme\Skype
2009-01-22 04:54 --------- d-----w c:\programme\Microsoft.NET
2009-01-22 04:54 --------- d-----w c:\programme\microsoft frontpage
2009-01-22 04:54 --------- d-----w c:\programme\McAfee
2009-01-22 04:54 --------- d-----w c:\programme\Logitech
2009-01-22 04:54 --------- d-----w c:\programme\Lenovo Registration
2009-01-22 04:53 --------- d--h--w c:\programme\InstallShield Installation Information
2009-01-22 04:53 --------- d-----w c:\programme\Intel
2009-01-22 04:53 --------- d-----w c:\programme\gs
2009-01-22 04:51 --------- d-----w c:\programme\Analog Devices
2009-01-22 04:51 --------- d-----w c:\programme\7-Zip
2009-01-22 04:50 --------- d-----w c:\dokumente und einstellungen\LocalService\Anwendungsdaten\Intel
2009-01-22 04:39 --------- d-----w c:\dokumente und einstellungen\Hermann Orth\Anwendungsdaten\Thunderbird
2009-01-22 04:37 --------- d-----w c:\dokumente und einstellungen\Hermann Orth\Anwendungsdaten\Talkback
2009-01-22 04:37 --------- d-----w c:\dokumente und einstellungen\Hermann Orth\Anwendungsdaten\PC Suite
2009-01-22 04:37 --------- d-----w c:\dokumente und einstellungen\Hermann Orth\Anwendungsdaten\OfficeUpdate12
2009-01-22 04:37 --------- d-----w c:\dokumente und einstellungen\Hermann Orth\Anwendungsdaten\Nokia
2008-08-24 17:02 32,768 --sh--w c:\windows\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\MSHist012008082420080825\index.dat
.
((((((((((((((((((((((((((((( SnapShot@2009-02-22_16.41.45.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 18:02:28 163,328 ----a-w c:\windows\ERDNT\AutoBackup\2009-02-23\ERDNT.EXE
+ 2009-02-24 00:07:15 2,818,048 ----a-w c:\windows\ERDNT\AutoBackup\2009-02-23\Users\00000001\NTUSER.DAT
+ 2009-02-24 00:07:15 196,608 ----a-w c:\windows\ERDNT\AutoBackup\2009-02-23\Users\00000002\UsrClass.dat
+ 2005-10-20 18:02:28 163,328 ----a-w c:\windows\ERDNT\AutoBackup\23.02.2009\ERDNT.EXE
+ 2009-02-23 06:40:08 2,818,048 ----a-w c:\windows\ERDNT\AutoBackup\23.02.2009\Users\00000001\NTUSER.DAT
+ 2009-02-23 06:40:08 196,608 ----a-w c:\windows\ERDNT\AutoBackup\23.02.2009\Users\00000002\UsrClass.dat
- 2005-05-05 09:41:06 1,077,312 ------w c:\windows\Help\SBSI\Training\orun32.exe
+ 2006-08-21 22:02:24 1,077,321 ------w c:\windows\Help\SBSI\Training\orun32.exe
+ 2008-10-16 20:04:07 124,928 -c----w c:\windows\ie7updates\KB961260-IE7\advpack.dll
+ 2008-10-16 20:04:07 347,136 -c----w c:\windows\ie7updates\KB961260-IE7\dxtmsft.dll
+ 2008-10-16 20:04:07 214,528 -c----w c:\windows\ie7updates\KB961260-IE7\dxtrans.dll
+ 2008-10-16 20:04:08 133,120 -c----w c:\windows\ie7updates\KB961260-IE7\extmgr.dll
+ 2008-10-16 20:04:08 63,488 -c----w c:\windows\ie7updates\KB961260-IE7\icardie.dll
+ 2008-10-16 13:10:46 70,656 -c----w c:\windows\ie7updates\KB961260-IE7\ie4uinit.exe
+ 2008-10-16 20:04:08 153,088 -c----w c:\windows\ie7updates\KB961260-IE7\ieakeng.dll
+ 2008-10-16 20:04:08 230,400 -c----w c:\windows\ie7updates\KB961260-IE7\ieaksie.dll
+ 2008-10-15 07:04:53 161,792 -c----w c:\windows\ie7updates\KB961260-IE7\ieakui.dll
+ 2008-10-16 20:04:09 383,488 -c----w c:\windows\ie7updates\KB961260-IE7\ieapfltr.dll
+ 2008-10-16 20:04:09 384,512 -c----w c:\windows\ie7updates\KB961260-IE7\iedkcs32.dll
+ 2008-10-16 20:04:12 6,066,176 -c----w c:\windows\ie7updates\KB961260-IE7\ieframe.dll
+ 2008-10-16 20:04:12 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\iernonce.dll
+ 2008-10-16 20:04:12 267,776 -c----w c:\windows\ie7updates\KB961260-IE7\iertutil.dll
+ 2008-10-16 13:11:09 13,824 -c----w c:\windows\ie7updates\KB961260-IE7\ieudinit.exe
+ 2008-10-15 07:06:26 633,632 -c----w c:\windows\ie7updates\KB961260-IE7\iexplore.exe
+ 2008-10-16 20:04:13 27,648 -c----w c:\windows\ie7updates\KB961260-IE7\jsproxy.dll
+ 2008-10-16 20:04:14 459,264 -c----w c:\windows\ie7updates\KB961260-IE7\msfeeds.dll
+ 2008-10-16 20:04:14 52,224 -c----w c:\windows\ie7updates\KB961260-IE7\msfeedsbs.dll
+ 2008-12-13 06:36:44 3,593,216 -c----w c:\windows\ie7updates\KB961260-IE7\mshtml.dll
+ 2008-10-16 20:04:17 477,696 -c----w c:\windows\ie7updates\KB961260-IE7\mshtmled.dll
+ 2008-10-16 20:04:17 193,024 -c----w c:\windows\ie7updates\KB961260-IE7\msrating.dll
+ 2008-10-16 20:04:18 671,232 -c----w c:\windows\ie7updates\KB961260-IE7\mstime.dll
+ 2008-10-16 20:04:18 102,912 -c----w c:\windows\ie7updates\KB961260-IE7\occache.dll
+ 2008-10-16 20:04:18 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\pngfilt.dll
+ 2007-03-06 01:14:17 217,312 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:15:25 377,568 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\updspapi.dll
+ 2008-10-16 20:04:18 105,984 -c----w c:\windows\ie7updates\KB961260-IE7\url.dll
+ 2008-10-16 20:04:19 1,160,192 -c----w c:\windows\ie7updates\KB961260-IE7\urlmon.dll
+ 2008-10-16 20:04:19 233,472 -c----w c:\windows\ie7updates\KB961260-IE7\webcheck.dll
+ 2008-10-16 20:04:20 826,368 -c----w c:\windows\ie7updates\KB961260-IE7\wininet.dll
- 2008-10-16 20:04:07 124,928 ----a-w c:\windows\system32\advpack.dll
+ 2008-12-20 22:30:52 124,928 ----a-w c:\windows\system32\advpack.dll
- 2008-10-16 20:04:07 124,928 ----a-w c:\windows\system32\dllcache\advpack.dll
+ 2008-12-20 22:30:52 124,928 ----a-w c:\windows\system32\dllcache\advpack.dll
- 2008-10-16 20:04:07 347,136 ----a-w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-12-20 22:30:52 347,136 ----a-w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-10-16 20:04:07 214,528 ----a-w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-12-20 22:30:52 214,528 ----a-w c:\windows\system32\dllcache\dxtrans.dll
- 2008-10-16 20:04:08 133,120 ----a-w c:\windows\system32\dllcache\extmgr.dll
+ 2008-12-20 22:30:52 133,120 ----a-w c:\windows\system32\dllcache\extmgr.dll
- 2008-10-16 20:04:08 63,488 ----a-w c:\windows\system32\dllcache\icardie.dll
+ 2008-12-20 22:30:52 63,488 ----a-w c:\windows\system32\dllcache\icardie.dll
- 2008-10-16 13:10:46 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-12-19 09:09:51 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
- 2008-10-16 20:04:08 153,088 ----a-w c:\windows\system32\dllcache\ieakeng.dll
+ 2008-12-20 22:30:53 153,088 ----a-w c:\windows\system32\dllcache\ieakeng.dll
- 2008-10-16 20:04:08 230,400 ----a-w c:\windows\system32\dllcache\ieaksie.dll
+ 2008-12-20 22:30:53 230,400 ----a-w c:\windows\system32\dllcache\ieaksie.dll
- 2008-10-15 07:04:53 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
+ 2008-12-19 05:23:56 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
- 2008-10-16 20:04:09 383,488 ----a-w c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-12-20 22:30:53 383,488 ----a-w c:\windows\system32\dllcache\ieapfltr.dll
- 2008-10-16 20:04:09 384,512 ----a-w c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-12-20 22:30:54 384,512 ----a-w c:\windows\system32\dllcache\iedkcs32.dll
- 2008-10-16 20:04:12 6,066,176 ----a-w c:\windows\system32\dllcache\ieframe.dll
+ 2008-12-20 22:30:57 6,066,688 ----a-w c:\windows\system32\dllcache\ieframe.dll
- 2008-10-16 20:04:12 44,544 ----a-w c:\windows\system32\dllcache\iernonce.dll
+ 2008-12-20 22:30:57 44,544 ----a-w c:\windows\system32\dllcache\iernonce.dll
- 2008-10-16 20:04:12 267,776 ----a-w c:\windows\system32\dllcache\iertutil.dll
+ 2008-12-20 22:30:58 267,776 ----a-w c:\windows\system32\dllcache\iertutil.dll
- 2008-10-16 13:11:09 13,824 ----a-w c:\windows\system32\dllcache\ieudinit.exe
+ 2008-12-19 09:10:15 13,824 ----a-w c:\windows\system32\dllcache\ieudinit.exe
- 2008-10-15 07:06:26 633,632 ----a-w c:\windows\system32\dllcache\iexplore.exe
+ 2008-12-19 05:25:25 634,024 ----a-w c:\windows\system32\dllcache\iexplore.exe
- 2008-10-16 20:04:13 27,648 ----a-w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-12-20 22:30:59 27,648 ----a-w c:\windows\system32\dllcache\jsproxy.dll
- 2008-10-16 20:04:14 459,264 ----a-w c:\windows\system32\dllcache\msfeeds.dll
+ 2008-12-20 22:31:00 459,264 ----a-w c:\windows\system32\dllcache\msfeeds.dll
- 2008-10-16 20:04:14 52,224 ----a-w c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-12-20 22:31:00 52,224 ----a-w c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-12-13 06:36:44 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
+ 2009-01-17 03:01:34 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
- 2008-10-16 20:04:17 477,696 ----a-w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-12-20 22:31:05 477,696 ----a-w c:\windows\system32\dllcache\mshtmled.dll
- 2008-10-16 20:04:17 193,024 ----a-w c:\windows\system32\dllcache\msrating.dll
+ 2008-12-20 22:31:05 193,024 ----a-w c:\windows\system32\dllcache\msrating.dll
- 2008-10-16 20:04:18 671,232 ----a-w c:\windows\system32\dllcache\mstime.dll
+ 2008-12-20 22:31:06 671,232 ----a-w c:\windows\system32\dllcache\mstime.dll
- 2008-10-16 20:04:18 102,912 ----a-w c:\windows\system32\dllcache\occache.dll
+ 2008-12-20 22:31:06 102,912 ----a-w c:\windows\system32\dllcache\occache.dll
- 2008-10-16 20:04:18 44,544 ----a-w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-12-20 22:31:06 44,544 ----a-w c:\windows\system32\dllcache\pngfilt.dll
- 2008-10-16 20:04:18 105,984 ----a-w c:\windows\system32\dllcache\url.dll
+ 2008-12-20 22:31:06 105,984 ----a-w c:\windows\system32\dllcache\url.dll
- 2008-10-16 20:04:19 1,160,192 ----a-w c:\windows\system32\dllcache\urlmon.dll
+ 2008-12-20 22:31:07 1,160,192 ----a-w c:\windows\system32\dllcache\urlmon.dll
- 2008-10-16 20:04:19 233,472 ----a-w c:\windows\system32\dllcache\webcheck.dll
+ 2008-12-20 22:31:08 233,472 ----a-w c:\windows\system32\dllcache\webcheck.dll
- 2008-10-16 20:04:20 826,368 ----a-w c:\windows\system32\dllcache\wininet.dll
+ 2008-12-20 22:31:09 826,368 ----a-w c:\windows\system32\dllcache\wininet.dll
- 2008-10-16 20:04:07 347,136 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-12-20 22:30:52 347,136 ----a-w c:\windows\system32\dxtmsft.dll
- 2008-10-16 20:04:07 214,528 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-12-20 22:30:52 214,528 ----a-w c:\windows\system32\dxtrans.dll
- 2008-10-16 20:04:08 133,120 ----a-w c:\windows\system32\extmgr.dll
+ 2008-12-20 22:30:52 133,120 ----a-w c:\windows\system32\extmgr.dll
- 2009-02-21 14:55:46 131,688 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-02-24 00:05:09 131,688 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2008-10-16 20:04:08 63,488 ----a-w c:\windows\system32\icardie.dll
+ 2008-12-20 22:30:52 63,488 ----a-w c:\windows\system32\icardie.dll
- 2008-10-16 13:10:46 70,656 ----a-w c:\windows\system32\ie4uinit.exe
+ 2008-12-19 09:09:51 70,656 ----a-w c:\windows\system32\ie4uinit.exe
- 2008-10-16 20:04:08 153,088 ----a-w c:\windows\system32\ieakeng.dll
+ 2008-12-20 22:30:53 153,088 ----a-w c:\windows\system32\ieakeng.dll
- 2008-10-16 20:04:08 230,400 ----a-w c:\windows\system32\ieaksie.dll
+ 2008-12-20 22:30:53 230,400 ----a-w c:\windows\system32\ieaksie.dll
- 2008-10-15 07:04:53 161,792 ----a-w c:\windows\system32\ieakui.dll
+ 2008-12-19 05:23:56 161,792 ----a-w c:\windows\system32\ieakui.dll
- 2008-10-16 20:04:09 383,488 ----a-w c:\windows\system32\ieapfltr.dll
+ 2008-12-20 22:30:53 383,488 ----a-w c:\windows\system32\ieapfltr.dll
- 2008-10-16 20:04:09 384,512 ----a-w c:\windows\system32\iedkcs32.dll
+ 2008-12-20 22:30:54 384,512 ----a-w c:\windows\system32\iedkcs32.dll
- 2008-10-16 20:04:12 6,066,176 ----a-w c:\windows\system32\ieframe.dll
+ 2008-12-20 22:30:57 6,066,688 ----a-w c:\windows\system32\ieframe.dll
- 2008-10-16 20:04:12 44,544 ----a-w c:\windows\system32\iernonce.dll
+ 2008-12-20 22:30:57 44,544 ----a-w c:\windows\system32\iernonce.dll
- 2008-10-16 20:04:12 267,776 ----a-w c:\windows\system32\iertutil.dll
+ 2008-12-20 22:30:58 267,776 ----a-w c:\windows\system32\iertutil.dll
- 2008-10-16 13:11:09 13,824 ----a-w c:\windows\system32\ieudinit.exe
+ 2008-12-19 09:10:15 13,824 ----a-w c:\windows\system32\ieudinit.exe
- 2008-10-16 20:04:13 27,648 ----a-w c:\windows\system32\jsproxy.dll
+ 2008-12-20 22:30:59 27,648 ----a-w c:\windows\system32\jsproxy.dll
- 2009-01-09 23:35:30 20,853,704 ----a-w c:\windows\system32\MRT.exe
+ 2009-02-12 04:56:17 21,244,872 ----a-w c:\windows\system32\MRT.exe
- 2008-10-16 20:04:14 459,264 ----a-w c:\windows\system32\msfeeds.dll
+ 2008-12-20 22:31:00 459,264 ----a-w c:\windows\system32\msfeeds.dll
- 2008-10-16 20:04:14 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
+ 2008-12-20 22:31:00 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
- 2008-12-13 06:36:44 3,593,216 ----a-w c:\windows\system32\mshtml.dll
+ 2009-01-17 03:01:34 3,594,752 ----a-w c:\windows\system32\mshtml.dll
- 2008-10-16 20:04:17 477,696 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-12-20 22:31:05 477,696 ----a-w c:\windows\system32\mshtmled.dll
- 2008-10-16 20:04:17 193,024 ----a-w c:\windows\system32\msrating.dll
+ 2008-12-20 22:31:05 193,024 ----a-w c:\windows\system32\msrating.dll
- 2008-10-16 20:04:18 671,232 ----a-w c:\windows\system32\mstime.dll
+ 2008-12-20 22:31:06 671,232 ----a-w c:\windows\system32\mstime.dll
- 2008-10-16 20:04:18 102,912 ----a-w c:\windows\system32\occache.dll
+ 2008-12-20 22:31:06 102,912 ----a-w c:\windows\system32\occache.dll
- 2008-10-16 20:04:18 44,544 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-12-20 22:31:06 44,544 ----a-w c:\windows\system32\pngfilt.dll
- 2007-11-30 12:39:14 18,808 ----a-w c:\windows\system32\spmsg.dll
+ 2008-07-09 07:37:05 18,808 ------w c:\windows\system32\spmsg.dll
- 2008-10-16 20:04:18 105,984 ----a-w c:\windows\system32\url.dll
+ 2008-12-20 22:31:06 105,984 ----a-w c:\windows\system32\url.dll
- 2008-10-16 20:04:19 1,160,192 ----a-w c:\windows\system32\urlmon.dll
+ 2008-12-20 22:31:07 1,160,192 ----a-w c:\windows\system32\urlmon.dll
- 2008-10-16 20:04:19 233,472 ----a-w c:\windows\system32\webcheck.dll
+ 2008-12-20 22:31:08 233,472 ----a-w c:\windows\system32\webcheck.dll
- 2008-10-16 20:04:20 826,368 ----a-w c:\windows\system32\wininet.dll
+ 2008-12-20 22:31:09 826,368 ----a-w c:\windows\system32\wininet.dll
+ 2009-02-24 00:05:16 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_424.dat
+ 2009-02-24 00:05:16 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_4d4.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-04-12 196608]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-04-12 208896]
"TPFNF7"="c:\progra~1\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-07-31 60192]
"TPHOTKEY"="c:\programme\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-09-30 68976]
"Apoint"="c:\programme\Apoint2K\Apoint.exe" [2008-03-07 167936]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-28 243248]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-05 13549568]
"TVT Scheduler Proxy"="c:\programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-14 487424]
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-01-22 136600]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-01 122940]
"ISUSPM Startup"="c:\progra~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"AwaySch"="c:\programme\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2008-09-01 165208]
"AMSG"="c:\progra~1\THINKV~1\AMSG\amsg.exe" [2007-02-01 419376]
"DiskeeperSystray"="c:\programme\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 196696]
"ACTray"="c:\programme\ThinkPad\ConnectUtilities\ACTray.exe" [2008-10-27 425984]
"ShStatEXE"="c:\programme\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-01-24 111952]
"McAfeeUpdaterUI"="c:\programme\McAfee\Common Framework\UdaterUI.exe" [2007-10-25 136512]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2008-09-01 124248]
"cssauth"="c:\programme\Lenovo\Client Security Solution\cssauth.exe" [2008-06-13 3073336]
"FreePDF Assistant"="c:\programme\FreePDF_XP\fpassist.exe" [2008-07-22 357376]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2008-09-06 413696]
"SoundMAXPnP"="c:\programme\Analog Devices\Core\smax4pnp.exe" [2008-04-24 1036288]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-05 86016]
"TpShocks"="TpShocks.exe" [2008-06-06 c:\windows\system32\TpShocks.exe]
"nwiz"="nwiz.exe" [2008-12-05 c:\windows\system32\nwiz.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 c:\windows\KHALMNPR.Exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="c:\programme\Gemeinsame Dateien\logishrd\WUApp32.exe" [2008-02-05 439568]
c:\dokumente und einstellungen\Hermann Orth\Startmen\Programme\Autostart\
ERUNT AutoBackup.lnk - c:\programme\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
BTTray.lnk - c:\programme\ThinkPad\Bluetooth Software\BTTray.exe [2007-02-27 561213]
Digital Line Detect.lnk - c:\programme\Digital Line Detect\DLG.exe [2008-08-24 50688]
Logitech SetPoint.lnk - c:\programme\Logitech\SetPoint\SetPoint.exe [2008-09-10 784912]
Mozilla Firefox.lnk - c:\programme\Mozilla Firefox\firefox.exe [2008-08-24 307712]
Mozilla Thunderbird.lnk - c:\programme\Mozilla Thunderbird\thunderbird.exe [2008-08-24 8504936]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 09:10 72208 c:\programme\Gemeinsame Dateien\LogiShrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2008-11-21 00:35 95496 c:\programme\ThinkVantage Fingerprint Software\psqlpwd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 16:37 34344 c:\programme\Lenovo\HOTKEY\notifyf2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2008-08-08 19:14 28672 c:\programme\Lenovo\HOTKEY\tphklock.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
2008-10-27 09:57 32768 c:\programme\ThinkPad\ConnectUtilities\ACNotify.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ACGina psqlpwd c:\programme\ThinkVantage Fingerprint Software\psqlpwd.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Programme\\Trillian\\trillian.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [2008-05-14 114728]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2008-05-14 19496]
R1 ANC;ANC;c:\windows\system32\drivers\ANC.sys [2008-08-24 11520]
R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.sys [2008-08-24 4224]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [2008-08-24 4442]
R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2008-05-09 46144]
R2 smihlp2;SMI Helper Driver (smihlp2);c:\programme\Gemeinsame Dateien\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2008-11-21 12560]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\programme\Lenovo\Rescue and Recovery\rrpservice.exe [2008-05-14 520192]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\programme\Lenovo\Rescue and Recovery\UpdateMonitor.exe [2008-05-09 360448]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2006-09-13 37312]
.
Contents of the 'Scheduled Tasks' folder
2009-02-24 c:\windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job
- c:\programme\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 07:54]
2009-01-22 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\programme\PCDR5\pcdr5cuiw32.exe [2008-10-31 12:14]
2009-02-24 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2007-04-12 10:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://lenovo.live.com
IE: &Windows Live Search - c:\programme\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Senden an &Bluetooth-Gerät... - c:\programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
FF - ProfilePath - c:\dokumente und einstellungen\Hermann Orth\Anwendungsdaten\Mozilla\Firefox\Profiles\2m51y7ki.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.faz.net/s/homepage.html
FF - component: c:\programme\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\dokumente und einstellungen\Hermann Orth\Anwendungsdaten\Mozilla\Firefox\Profiles\2m51y7ki.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\programme\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\programme\Google\Picasa3\npPicasa3.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-23 18:12:03
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~�*]
"7040211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1408)
c:\programme\ThinkPad\ConnectUtilities\ACNotify.dll
c:\programme\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\programme\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\programme\ThinkPad\ConnectUtilities\ACHelper.dll
c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll
c:\programme\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTServ.dll
c:\programme\ThinkVantage Fingerprint Software\homefus2.dll
c:\programme\ThinkVantage Fingerprint Software\infql2.dll
c:\programme\ThinkVantage Fingerprint Software\homepass.dll
c:\programme\ThinkVantage Fingerprint Software\bio.dll
c:\programme\ThinkVantage Fingerprint Software\qlbase.dll
c:\programme\ThinkVantage Fingerprint Software\ps2css.dll
c:\programme\Lenovo\HOTKEY\tphklock.dll
c:\programme\ThinkVantage Fingerprint Software\pscssint.dll
c:\programme\ThinkVantage Fingerprint Software\vti.dll
- - - - - - - > 'lsass.exe'(1464)
c:\programme\ThinkPad\ConnectUtilities\ACGina.dll
c:\programme\ThinkPad\ConnectUtilities\ACHelper.dll
c:\programme\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\programme\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\programme\ThinkPad\ConnectUtilities\ACON.dll
c:\programme\ThinkPad\ConnectUtilities\AcPrfMgr.dll
c:\programme\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
c:\programme\ThinkPad\ConnectUtilities\ACTurinSupport.dll
c:\programme\ThinkPad\ConnectUtilities\AcSmBiosHelper.dll
c:\programme\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll
c:\programme\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\programme\ThinkVantage Fingerprint Software\homefus2.dll
c:\programme\ThinkVantage Fingerprint Software\infql2.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\programme\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\IPSSVC.EXE
c:\programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\programme\Cisco Systems\VPN Client\cvpnd.exe
c:\programme\Diskeeper Corporation\Diskeeper\DkService.exe
c:\programme\Intel\Wireless\Bin\EvtEng.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\McAfee\Common Framework\FrameworkService.exe
c:\programme\McAfee\VirusScan Enterprise\Mcshield.exe
c:\programme\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\programme\Intel\Wireless\Bin\RegSrvc.exe
c:\programme\McAfee\Common Framework\naPrdMgr.exe
c:\programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\system32\TPHDEXLG.exe
c:\programme\Lenovo\Client Security Solution\tvttcsd.exe
c:\programme\Lenovo\Rescue and Recovery\rrservice.exe
c:\programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
c:\programme\Lenovo\Rescue and Recovery\ADM\IUService.exe
c:\windows\system32\wdfmgr.exe
c:\programme\ThinkPad\ConnectUtilities\AcSvc.exe
c:\programme\Lenovo\System Update\SUService.exe
c:\programme\Canon\CAL\CALMAIN.exe
c:\programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\rundll32.exe
c:\programme\Lenovo\HOTKEY\TPONSCR.exe
c:\programme\Lenovo\ZOOM\TpScrex.exe
c:\programme\Apoint2K\ApMsgFwd.exe
c:\programme\Apoint2K\ApntEx.exe
c:\programme\McAfee\Common Framework\Mctray.exe
c:\windows\system32\rundll32.exe
c:\programme\Gemeinsame Dateien\LogiShrd\KHAL2\KHALMNPR.exe
c:\programme\Gemeinsame Dateien\Lenovo\Logger\logmon.exe
.
**************************************************************************
.
Completion time: 2009-02-23 18:13:54 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-24 00:13:51
ComboFix2.txt 2009-02-22 22:42:24
Pre-Run: 21 Verzeichnis(se), 48.570.122.240 Bytes frei
Post-Run: 21 Verzeichnis(se), 48,520,757,248 Bytes frei
475 --- E O F --- 2009-02-23 15:35:17
Kapersky Log
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, February 23, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, February 24, 2009 02:13:50
Records in database: 1836499
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
Scan statistics:
Files scanned: 75007
Threat name: 14
Infected objects: 94
Suspicious objects: 2
Duration of the scan: 01:52:32
File name / Threat name / Threats count
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\9\46b81009-37271404 Infected: Exploit.Java.Gimsh.a 1
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-5286af48-53a817fc.zip Infected: Exploit.Java.Gimsh.a 1
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Thunderbird\Profiles\1gbpap86.default\Mail\pop.mail.yahoo.com\Inbox Suspicious: Exploit.HTML.Iframe.FileDownload 2
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Thunderbird\Profiles\1gbpap86.default\Mail\pop.mail.yahoo.com\Inbox Infected: Email-Worm.Win32.Klez.h 1
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Thunderbird\Profiles\1gbpap86.default\Mail\pop.mail.yahoo.com\Inbox Infected: Email-Worm.Win32.Dumaru.a 3
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Thunderbird\Profiles\1gbpap86.default\Mail\pop.mail.yahoo.com\Inbox Infected: Email-Worm.Win32.NetSky.c 3
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Thunderbird\Profiles\1gbpap86.default\Mail\pop.mail.yahoo.com\Inbox Infected: Email-Worm.Win32.NetSky.z 48
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Thunderbird\Profiles\1gbpap86.default\Mail\pop.mail.yahoo.com\Inbox Infected: Email-Worm.Win32.NetSky.q 2
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Thunderbird\Profiles\1gbpap86.default\Mail\pop.mail.yahoo.com\Inbox Infected: Email-Worm.Win32.NetSky.d 10
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Thunderbird\Profiles\1gbpap86.default\Mail\pop.mail.yahoo.com\Inbox Infected: Email-Worm.Win32.Sober.g 6
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Thunderbird\Profiles\1gbpap86.default\Mail\pop.mail.yahoo.com\Inbox Infected: Email-Worm.Win32.NetSky.b 12
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Thunderbird\Profiles\1gbpap86.default\Mail\pop.mail.yahoo.com\Inbox Infected: Email-Worm.Win32.Bagle.g 1
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Thunderbird\Profiles\1gbpap86.default\Mail\pop.mail.yahoo.com\Inbox Infected: Email-Worm.Win32.Bagle.z 3
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Thunderbird\Profiles\1gbpap86.default\Mail\pop.mail.yahoo.com\Inbox Infected: Email-Worm.Win32.Sober.i 1
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Thunderbird\Profiles\1gbpap86.default\Mail\pop.mail.yahoo.com\Inbox Infected: Email-Worm.Win32.Warezov.pk 2
The selected area was scanned.
Information
Nothing too dramatic showing there, mainly infected E-Mails in your Thunderbird Inbox. Empty your Inbox of all the mail you don't need and run the scan again.
----------------------------------------------------------- -----------------------------------------------------------
Step 1
OTMoveIt
Please download OTMoveIt3 by OldTimer (http://oldtimer.geekstogo.com/OTMoveIt3.exe) and save it to your desktop
Double-click OTMoveIt3.exe to run it.
Copy the lines in the codebox below. ( Make sure you include :Processes )
:Processes
:Files
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\javapi
:Commands
[Purity]
[EmptyTemp]
Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
- Close ALL open windows (especially Internet Explorer!)-
Click the red Moveit! button.
Copy everything in the Results window (under the green bar), and paste it in your next reply.
Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
----------------------------------------------------------- -----------------------------------------------------------
Step 2
Your Adobe Acrobat Reader is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Adobe Reader is a large program and uses unnecessary space.
If you prefer a smaller program you can get Foxit 3.0 from http://www.foxitsoftware.com/pdf/rd_intro.php << Recommended
There is a newer version of Adobe Acrobat Reader available.
Please go to this link Adobe Acrobat Reader Download Link (http://www.adobe.com/products/acrobat/readstep2.html)
Click Download
On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
Click the Continue button
Click Run, and click Run again
Next click the Install Now button and follow the on screen prompts
When the installation is complete go to Add/Remove Programs and uninstall all previous versions.
----------------------------------------------------------- -----------------------------------------------------------
Step 3
Remove Programs
Older versions of some programs have vulnerabilities that malware can use to infect your system.
Now click Start---Control Panel. Double click Add or Remove Programs (XP) / Programs and Features (Vista) . If any of the following programs are listed there,
click on the program to highlight it, and click on remove.
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Reader 8.1.2 - Deutsch
J2SE Runtime Environment 5.0 Update 6
Now close the Control Panel.
----------------------------------------------------------- -----------------------------------------------------------
Step 4
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
OTMI Log
A fresh RSIT log
How are things running now ?
hermannworth
2009-02-24, 23:17
Installed the new Adobe Reader but could not find the older version in the Add/Remove Programs - I assume the new version took care of it?
RSIT does not give me the info file after it ran through. I tried downloading it again and restarting the computer, didnt help.
I tried around a bit and some of my Google searches still get redicrected when I click the link. The site I get to is always different and after the 5th or so click on the link I get where it actually pointed, ater which the does not get redirected again (tried 10 more clicks or so). I noticed a site http://clickfraudmanager.com in the the statusbar upon clicking before redirection. Overall it seems that I encounter less redirections.
Here are the logs from OTMI and the RSIT log:
OTMI Log
========== PROCESSES ==========
========== FILES ==========
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\tmp moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\muffin moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\host moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\9 moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\8 moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\7 moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\63 moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\62 moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\61 moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\60 moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\6 moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\59\252441bb-776d6879-n moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\59 moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\58 moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\57 moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\56 moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\55\35fdae37-1d66194a-n moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\55 moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\54 moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\53\5e8cbb75-1fd4d729-n moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\53 moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\52 moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\51 moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\50 moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\5 moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\49 moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\48 moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\47 moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\46 moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\45 moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\44 moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\43 moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\42 moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\41 moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\40 moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\4 moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\39 moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\38 moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\37 moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\36 moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\35 moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\34 moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\33 moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\32 moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\31 moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\30 moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\3 moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\29 moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\28 moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\27 moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\26 moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\25 moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\24 moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\23 moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\22 moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\21 moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\20 moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\2 moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\19 moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\18 moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\17 moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\16 moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\15 moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\14 moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\13 moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\12 moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\11\4b13650b-65c44293-n moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\11 moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\10\6bc65f4a-6e7903f6-n moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\10 moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\1 moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\0 moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\6.0 moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\tmp moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\file moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\ext moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0 moved successfully.
C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Sun\Java\Deployment\cache\javapi moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOKUME~1\HERMAN~1\LOKALE~1\Temp\NAILogs\UpdaterUI_ORTH.log scheduled to be deleted on reboot.
File delete failed. C:\DOKUME~1\HERMAN~1\LOKALE~1\Temp\etilqs_sd7T1Yx2FAHLOrilkZYs scheduled to be deleted on reboot.
File delete failed. C:\DOKUME~1\HERMAN~1\LOKALE~1\Temp\etilqs_sd7T1Yx2FAHLOrilkZYs-journal scheduled to be deleted on reboot.
File delete failed. C:\DOKUME~1\HERMAN~1\LOKALE~1\Temp\~DF92C8.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_424.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_4d4.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\WFV1D5.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02242009_153518
Files moved on Reboot...
C:\DOKUME~1\HERMAN~1\LOKALE~1\Temp\NAILogs\UpdaterUI_ORTH.log moved successfully.
File C:\DOKUME~1\HERMAN~1\LOKALE~1\Temp\etilqs_sd7T1Yx2FAHLOrilkZYs not found!
File C:\DOKUME~1\HERMAN~1\LOKALE~1\Temp\etilqs_sd7T1Yx2FAHLOrilkZYs-journal not found!
C:\DOKUME~1\HERMAN~1\LOKALE~1\Temp\~DF92C8.tmp moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_424.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_4d4.dat not found!
File C:\WINDOWS\temp\WFV1D5.tmp not found!
RSIT log
Logfile of random's system information tool 1.05 (written by random/random)
Run by Hermann Orth at 2009-02-24 15:59:59
Microsoft Windows XP Professional Service Pack 3
System drive C: has 46 GB (42%) free of 109 GB
Total RAM: 2046 MB (72% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:00:00, on 24.02.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\McAfee\Common Framework\FrameworkService.exe
C:\Programme\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Programme\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe
c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Programme\Lenovo\Rescue and Recovery\UpdateMonitor.exe
C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
c:\programme\lenovo\system update\suservice.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Canon\CAL\CALMAIN.exe
C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Programme\Apoint2K\Apoint.exe
C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Programme\Lenovo\Zoom\TpScrex.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Programme\Apoint2K\ApMsgFwd.exe
C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
C:\Programme\Apoint2K\Apntex.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
C:\Programme\Lenovo\AwayTask\AwaySch.EXE
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\PROGRA~1\THINKV~1\AMSG\amsg.exe
C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe
C:\Programme\McAfee\Common Framework\UdaterUI.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
C:\Programme\McAfee\Common Framework\McTray.exe
C:\Programme\Lenovo\Client Security Solution\cssauth.exe
C:\Programme\FreePDF_XP\fpassist.exe
C:\Programme\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe
C:\Programme\Digital Line Detect\DLG.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE
C:\Programme\Lenovo\Client Security Solution\password_manager.exe
C:\Programme\Gemeinsame Dateien\Lenovo\Logger\logmon.exe
C:\Dokumente und Einstellungen\Hermann Orth\Eigene Dateien\Programme\RSIT.exe
C:\Programme\Trend Micro\HijackThis\Hermann Orth.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TPFNF7] C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~1\AMSG\amsg.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programme\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programme\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [cssauth] "C:\Programme\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Programme\Gemeinsame Dateien\logishrd\WUApp32.exe -v 0x046d -p 0x09a1 -f video -m logitech -d 11.70.1196.0 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Programme\Gemeinsame Dateien\logishrd\WUApp32.exe -v 0x046d -p 0x09a1 -f video -m logitech -d 11.70.1196.0 (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Programme\ERUNT\AUTOBACK.EXE
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Programme\Digital Line Detect\DLG.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Mozilla Firefox.lnk = C:\Programme\Mozilla Firefox\firefox.exe
O4 - Global Startup: Mozilla Thunderbird.lnk = C:\Programme\Mozilla Thunderbird\thunderbird.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programme\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1219593051703
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programme\Canon\CAL\CALMAIN.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IPS-Basisservice (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\Bluetooth\LBTServ.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Programme\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Programme\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Programme\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\programme\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: TSS Core Service (TSSCoreService) - Lenovo - C:\Programme\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe
O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Programme\Lenovo\Rescue and Recovery\UpdateMonitor.exe
--
End of file - 14153 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Auf Updates für Windows Live Toolbar prüfen.job
C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
C:\WINDOWS\tasks\PMTask.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2006-02-01 110652]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Programme\Java\jre6\bin\ssv.dll [2009-01-22 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Programme\McAfee\VirusScan Enterprise\scriptcl.dll [2008-01-24 66880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Programme\Windows Live Toolbar\msntb.dll [2007-02-12 546672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}]
IePasswordManagerHelper Class - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [2008-06-13 808248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-01-22 34816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-22 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Programme\Windows Live Toolbar\msntb.dll [2007-02-12 546672]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PWRMGRTR"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL []
"BLOG"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL []
"TPFNF7"=C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe [2008-07-31 60192]
"TPHOTKEY"=C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe [2008-09-30 68976]
"Apoint"=C:\Programme\Apoint2K\Apoint.exe [2008-03-07 167936]
"TpShocks"=C:\WINDOWS\system32\TpShocks.exe [2008-06-06 181536]
"EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [2007-03-28 243248]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-12-05 13549568]
"nwiz"=nwiz.exe /installquiet /keeploaded /nodetect []
"TVT Scheduler Proxy"=C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe [2008-05-14 487424]
"SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-01-22 136600]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2006-02-01 122940]
"ISUSPM Startup"=C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
"ISUSScheduler"=C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
"AwaySch"=C:\Programme\Lenovo\AwayTask\AwaySch.EXE [2006-11-07 91688]
"LPManager"=C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe [2008-09-01 165208]
"AMSG"=C:\PROGRA~1\THINKV~1\AMSG\amsg.exe [2007-02-01 419376]
"DiskeeperSystray"=C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe [2006-05-18 196696]
"ACTray"=C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe [2008-10-27 425984]
"ShStatEXE"=C:\Programme\McAfee\VirusScan Enterprise\SHSTAT.EXE [2008-01-24 111952]
"McAfeeUpdaterUI"=C:\Programme\McAfee\Common Framework\UdaterUI.exe [2007-10-25 136512]
"LPMailChecker"=C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe [2008-09-01 124248]
"cssauth"=C:\Programme\Lenovo\Client Security Solution\cssauth.exe [2008-06-13 3073336]
"FreePDF Assistant"=C:\Programme\FreePDF_XP\fpassist.exe [2008-07-22 357376]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-09-21 55824]
"QuickTime Task"=C:\Programme\QuickTime\QTTask.exe [2008-09-06 413696]
"SoundMAXPnP"=C:\Programme\Analog Devices\Core\smax4pnp.exe [2008-04-24 1036288]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-12-05 86016]
"Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
BTTray.lnk - C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe
Digital Line Detect.lnk - C:\Programme\Digital Line Detect\DLG.exe
Logitech SetPoint.lnk - C:\Programme\Logitech\SetPoint\SetPoint.exe
Mozilla Firefox.lnk - C:\Programme\Mozilla Firefox\firefox.exe
Mozilla Thunderbird.lnk - C:\Programme\Mozilla Thunderbird\thunderbird.exe
C:\Dokumente und Einstellungen\Hermann Orth\Startmenü\Programme\Autostart
ERUNT AutoBackup.lnk - C:\Programme\ERUNT\AUTOBACK.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ACNotify]
C:\Programme\ThinkPad\ConnectUtilities\ACNotify.dll [2008-10-27 32768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll [2007-11-15 72208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll [2008-11-21 95496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2]
C:\Programme\Lenovo\HOTKEY\notifyf2.dll [2006-09-06 34344]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
C:\Programme\Lenovo\HOTKEY\tphklock.dll [2008-08-08 28672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
ACGina
psqlpwd
C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\McAfee\Common Framework\FrameworkService.exe"="C:\Programme\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\Programme\Trillian\trillian.exe"="C:\Programme\Trillian\trillian.exe:*:Enabled:Trillian"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2009-02-24 15:35:25 ----SHD---- C:\RECYCLER
2009-02-24 15:35:18 ----D---- C:\_OTMoveIt
2009-02-23 22:57:28 ----D---- C:\Programme\Adobe
2009-02-23 18:13:55 ----A---- C:\ComboFix.txt
2009-02-23 09:33:34 ----HDC---- C:\WINDOWS\$NtUninstallKB923723$
2009-02-23 09:33:25 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-02-22 16:32:33 ----A---- C:\Boot.bak
2009-02-22 16:32:24 ----RASHD---- C:\cmdcons
2009-02-22 16:31:26 ----A---- C:\WINDOWS\zip.exe
2009-02-22 16:31:26 ----A---- C:\WINDOWS\VFIND.exe
2009-02-22 16:31:26 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-02-22 16:31:26 ----A---- C:\WINDOWS\SWSC.exe
2009-02-22 16:31:26 ----A---- C:\WINDOWS\SWREG.exe
2009-02-22 16:31:26 ----A---- C:\WINDOWS\sed.exe
2009-02-22 16:31:26 ----A---- C:\WINDOWS\NIRCMD.exe
2009-02-22 16:31:26 ----A---- C:\WINDOWS\grep.exe
2009-02-22 16:31:26 ----A---- C:\WINDOWS\fdsv.exe
2009-02-22 16:28:34 ----D---- C:\Qoobox
2009-02-22 15:49:04 ----D---- C:\rsit
2009-02-10 10:27:54 ----D---- C:\WINDOWS\ERDNT
2009-02-10 00:20:42 ----D---- C:\Programme\ERUNT
2009-02-10 00:02:50 ----D---- C:\Programme\Trend Micro
2009-02-09 23:54:19 ----D---- C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Malwarebytes
2009-02-09 23:54:12 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2009-02-09 23:54:12 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-02-09 23:45:25 ----A---- C:\WINDOWS\system32\PerfStringBackup.TMP
2009-02-09 22:29:52 ----A---- C:\WINDOWS\ntbtlog.txt
2009-02-09 22:15:39 ----D---- C:\QUARANTINE
2009-02-07 21:36:14 ----D---- C:\WINDOWS\system32\IOSUBSYS
======List of files/folders modified in the last 1 months======
2009-02-24 15:59:11 ----D---- C:\WINDOWS\Prefetch
2009-02-24 15:58:40 ----A---- C:\sysiclog.txt
2009-02-24 15:50:34 ----D---- C:\Programme\Mozilla Firefox
2009-02-24 15:45:07 ----D---- C:\WINDOWS
2009-02-24 15:42:34 ----D---- C:\WINDOWS\system32
2009-02-24 15:40:36 ----D---- C:\Programme\Mozilla Thunderbird
2009-02-24 15:39:34 ----D---- C:\WINDOWS\Temp
2009-02-24 15:38:55 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-24 15:38:22 ----A---- C:\WINDOWS\system32\PROCDB.INI
2009-02-24 15:37:52 ----A---- C:\WINDOWS\system32\IPSCtrl.INI
2009-02-24 15:37:47 ----A---- C:\WINDOWS\system32\ICAutoUpdate.log.bak
2009-02-24 15:37:45 ----SHD---- C:\Config.Msi
2009-02-24 15:36:38 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-24 15:28:58 ----D---- C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Skype
2009-02-23 23:00:20 ----SHD---- C:\WINDOWS\Installer
2009-02-23 22:58:37 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe
2009-02-23 22:57:54 ----D---- C:\Programme\Gemeinsame Dateien\Adobe
2009-02-23 22:57:28 ----RD---- C:\Programme
2009-02-23 22:57:17 ----D---- C:\WINDOWS\WinSxS
2009-02-23 20:29:00 ----D---- C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\skypePM
2009-02-23 18:13:57 ----D---- C:\WINDOWS\system32\drivers
2009-02-23 18:12:04 ----A---- C:\WINDOWS\system.ini
2009-02-23 18:03:56 ----D---- C:\WINDOWS\system32\config
2009-02-23 18:03:10 ----D---- C:\WINDOWS\AppPatch
2009-02-23 18:03:08 ----D---- C:\Programme\Gemeinsame Dateien
2009-02-23 10:51:10 ----HD---- C:\WINDOWS\inf
2009-02-23 09:33:37 ----A---- C:\WINDOWS\imsins.BAK
2009-02-23 09:33:24 ----HD---- C:\WINDOWS\$hf_mig$
2009-02-23 09:33:11 ----SHD---- C:\WINDOWS\system32\dllcache
2009-02-23 09:33:09 ----D---- C:\Programme\Internet Explorer
2009-02-22 16:34:27 ----SD---- C:\WINDOWS\Tasks
2009-02-22 16:32:33 ----RASH---- C:\boot.ini
2009-02-22 00:00:48 ----D---- C:\SWSHARE
2009-02-21 12:47:52 ----D---- C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\Move Networks
2009-02-11 22:56:17 ----A---- C:\WINDOWS\system32\MRT.exe
2009-02-09 23:35:35 ----D---- C:\Icons
2009-02-07 21:35:59 ----D---- C:\Programme\Google
2009-01-31 01:29:33 ----D---- C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\gtk-2.0
2009-01-29 00:53:47 ----D---- C:\Programme\Gemeinsame Dateien\Canon
2009-01-28 00:55:06 ----D---- C:\Dokumente und Einstellungen\Hermann Orth\Anwendungsdaten\ZoomBrowser EX
2009-01-27 00:16:38 ----RSD---- C:\WINDOWS\assembly
2009-01-27 00:11:18 ----D---- C:\Programme\Lenovo
2009-01-26 23:46:25 ----D---- C:\WINDOWS\system32\CatRoot
2009-01-26 23:35:52 ----A---- C:\TPHKLOCK.TXT
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 ANC;ANC; C:\WINDOWS\System32\drivers\ANC.SYS [2008-10-24 11520]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-11-18 5660]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-11-18 22684]
R1 IBMTPCHK;IBMTPCHK; \??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys []
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40448]
R1 mferkdk;VSCore mferkdk; \??\C:\Programme\McAfee\VirusScan Enterprise\mferkdk.sys []
R1 mfetdik;McAfee Inc.; C:\WINDOWS\system32\drivers\mfetdik.sys [2008-01-24 52104]
R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys [2008-05-12 17844]
R1 TPPWRIF;TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [2007-04-12 4442]
R1 TSMAPIP;TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2008-07-31 4608]
R1 tvtumon;tvtumon; C:\WINDOWS\system32\DRIVERS\tvtumon.sys [2008-07-11 46144]
R1 WmiAcpi;Microsoft Windows-Verwaltungsschnittstelle für ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.4.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-08-24 21393]
R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2006-02-01 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2006-02-01 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2006-02-01 86652]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2006-02-01 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2006-02-01 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2006-02-01 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2006-02-01 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-11-17 40544]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-18 12672]
R2 pmem;pmem; \??\C:\WINDOWS\System32\drivers\pmemnt.sys []
R2 PROCDD;IPS-Helper-Treiber; C:\WINDOWS\system32\DRIVERS\PROCDD.SYS [2006-11-06 12080]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
R2 s24trans;WLAN-Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-03-29 12416]
R2 smihlp2;SMI Helper Driver (smihlp2); \??\C:\Programme\Gemeinsame Dateien\ThinkVantage Fingerprint Software\Drivers\smihlp.sys []
R2 tvtfilter;tvtfilter; C:\WINDOWS\system32\DRIVERS\tvtfilter.sys [2009-01-22 33536]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2008-04-24 308736]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2008-04-24 103424]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2008-03-07 154672]
R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 atmeltpm;atmeltpm; C:\WINDOWS\system32\DRIVERS\atmeltpm.sys [2005-05-17 15872]
R3 btaudio;Bluetooth-Audiogerät; C:\WINDOWS\system32\drivers\btaudio.sys [2007-01-24 530861]
R3 BTDriver;Virtueller Bluetooth-Kommunikationstreiber; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-10-09 30459]
R3 BTKRNL;Bluetooth-Bus-Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-02-27 868042]
R3 CmBatt;Microsoft-Netzteiltreiber; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2008-03-29 125328]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2008-01-02 252048]
R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-12-21 988800]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-12-21 209664]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2008-09-29 23848]
R3 mfeapfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeapfk.sys [2008-01-24 64232]
R3 mfeavfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeavfk.sys [2008-01-24 72936]
R3 mfebopk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfebopk.sys [2008-01-24 33960]
R3 mfehidk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfehidk.sys [2008-01-24 171400]
R3 NETw4x32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-04-29 2206976]
R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-12-05 6620096]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\WINDOWS\system32\DRIVERS\psadd.sys [2008-08-24 30144]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 TcUsb;TC USB Kernel Driver; C:\WINDOWS\System32\Drivers\tcusb.sys [2008-08-08 50704]
R3 TVTI2C;Lenovo SM bus driver; C:\WINDOWS\system32\DRIVERS\Tvti2c.sys [2008-02-22 37312]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2007-09-15 501800]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-12-21 730112]
S3 ac97intc;Intel(r) 82801 Audiotreiber-Installationsdienst (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 BTWDNDIS;Bluetooth-LAN-Zugangsserver; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-10-15 149123]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-01-24 67960]
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 E100B;Intel(R) PRO-Adaptertreiber; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2008-02-05 23832]
S3 G400;G400; C:\WINDOWS\system32\DRIVERS\G400m.sys [2001-08-17 322432]
S3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-09-21 35088]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-09-21 36240]
S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2007-09-21 28432]
S3 LVRS;Logitech RightSound Filter Driver; C:\WINDOWS\system32\DRIVERS\lvrs.sys [2008-02-05 628760]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2008-02-05 41752]
S3 LVUVC;Logitech QuickCam S5500(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2008-02-05 4658456]
S3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 TVTPktFilter;TVT Packet Filter Service; C:\WINDOWS\system32\DRIVERS\tvtpktfilter.sys []
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 agp440;Intel AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP-Bus-Filtertreiber; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AcPrfMgrSvc;Ac Profile Manager Service; C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [2008-10-27 90112]
R2 AcSvc;Access Connections Main Service; C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe [2008-10-27 217088]
R2 btwdins;Bluetooth Service; C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe [2007-02-27 266295]
R2 CCALib8;Canon Camera Access Library 8; C:\Programme\Canon\CAL\CALMAIN.exe [2006-03-30 96341]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Programme\Cisco Systems\VPN Client\cvpnd.exe [2008-06-19 1528608]
R2 Diskeeper;Diskeeper; C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe [2006-05-23 622700]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Programme\Intel\Wireless\Bin\EvtEng.exe [2007-04-16 647168]
R2 IBMPMSVC;ThinkPad PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2008-09-29 38176]
R2 IPSSVC;IPS-Basisservice; C:\WINDOWS\system32\IPSSVC.EXE [2007-01-29 108080]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-01-22 152984]
R2 McAfeeFramework;McAfee Framework Service; C:\Programme\McAfee\Common Framework\FrameworkService.exe [2007-10-25 103744]
R2 McShield;McAfee McShield; C:\Programme\McAfee\VirusScan Enterprise\Mcshield.exe [2008-01-24 144704]
R2 McTaskManager;McAfee Task Manager; C:\Programme\McAfee\VirusScan Enterprise\VsTskMgr.exe [2008-01-24 54608]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-12-05 168004]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Programme\Intel\Wireless\Bin\RegSrvc.exe [2007-04-16 327680]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Programme\Intel\Wireless\Bin\S24EvMon.exe [2007-04-16 983040]
R2 SUService;System Update; c:\programme\lenovo\system update\suservice.exe [2008-05-16 32768]
R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe [2008-06-13 746808]
R2 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\WINDOWS\System32\TPHDEXLG.exe [2008-05-14 37416]
R2 TSSCoreService;TSS Core Service; C:\Programme\Lenovo\Client Security Solution\tvttcsd.exe [2008-06-13 779576]
R2 TVT Backup Protection Service;TVT Backup Protection Service; C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe [2008-05-14 520192]
R2 TVT Backup Service;TVT Backup Service; C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe [2008-05-14 950272]
R2 TVT Scheduler;TVT Scheduler; c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe [2008-05-14 1155072]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor; C:\Programme\Lenovo\Rescue and Recovery\UpdateMonitor.exe [2008-10-09 360448]
R2 tvtnetwk;tvtnetwk; C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe [2007-02-08 45056]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 gusvc;Google Updater Service; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-03 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-13 69632]
S3 LBTServ;Logitech Bluetooth Service; C:\Programme\Gemeinsame Dateien\LogiShrd\Bluetooth\LBTServ.exe [2007-11-15 121360]
S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Programme\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S3 WMConnectCDS;Windows Media Connect-Dienst; C:\Programme\Windows Media Connect 2\wmccds.exe [2005-10-06 856064]
-----------------EOF-----------------
Please download GooredFix (http://jpshortstuff.247fixes.com/GooredFix.exe) and save it to your Desktop.
Double-click Goored.exe to run it.
Select 1. Find Goored (no fix) by typing 1 and pressing Enter.
A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt).
Note: Do not run Option #2 yet.
hermannworth
2009-02-26, 05:39
So it seems something installed itself as extension?
About the infected stuff in my mailbox. I deleted all mail in the infected folder, but kapersky finds the same results, plus I notices size of the inbox file did not decrease although thunderbird now shows it to be emtpy..
Here is the log from Goored.
GooredFix v1.91 by jpshortstuff
Log created at 22:10 on 25/02/2009 running Option #1 (Hermann Orth)
Firefox version 3.0.1 (de)
=====Suspect Goored Entries=====
C:\Programme\Mozilla Firefox\extensions\{0CE9C79C-AC62-4A63-8216-45B278308043}
=====Dumping Registry Values=====
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.1\extensions]
"Plugins"="C:\Programme\Mozilla Firefox\plugins"
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.1\extensions]
"Components"="C:\Programme\Mozilla Firefox\components"
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"bkmrksync@nokia.com"="C:\Programme\Nokia\Nokia PC Suite 7\bkmrksync\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="C:\Programme\Java\jre6\lib\deploy\jqs\ff"
RE. E-mail ...
Did you empty the deleted folder as well ?
Please run Goored.exe again, this time select option 2 and then type Y at the prompt.
Try Google again, and see if it is OK now.
hermannworth
2009-02-27, 07:13
For the Email: Had to delte Inbox.msf and let it be recreated by TB.
Tried a number of Google searches and all links went where they should go. Ill keep an eye on this.
Thanks! Is my system clean now?
Here is the Goored Log in case you want another look:
GooredFix v1.91 by jpshortstuff
Log created at 00:09 on 27/02/2009 running Option #2 (Hermann Orth)
Firefox version 3.0.1 (de)
=====Goored Deletions=====
C:\Programme\Mozilla Firefox\extensions\{0CE9C79C-AC62-4A63-8216-45B278308043}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.
=====Dumping Registry Values=====
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.1\extensions]
"Plugins"="C:\Programme\Mozilla Firefox\plugins"
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.1\extensions]
"Components"="C:\Programme\Mozilla Firefox\components"
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"bkmrksync@nokia.com"="C:\Programme\Nokia\Nokia PC Suite 7\bkmrksync\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="C:\Programme\Java\jre6\lib\deploy\jqs\ff"
Congratulations your logs look clean :)
Let's see if I can help you keep it that way
First lets tidy up
Please delete RSIT.exe, Gooredfix.exe and C:\RSIT (entire folder)
You can also delete any logs we have produced, and empty your Recycle bin.
Uninstall Combofix
This will clear your System Volume Information restore points and remove all the infected files that were quarantined
Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png
Uninstall OTMoveIt
Open OTMoveIt Click Cleanup,
When a box pops up click YES.
----------------------------------------------------------- -----------------------------------------------------------
The following is some info to help you stay safe and clean.
You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )
Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.
http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/partner/71706/kavwebscan.html
!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE (http://secunia.com/software_inspector/) for details
AntiSpyware
AntiSpyware is not the same thing as Antivirus.
Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
Most of the programs in this list have a free (for Home Users ) and paid versions,
it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
Spybot - Search & Destroy (http://www.safer-networking.org/) <<< A must have program It includes host protection and registry protection A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
MalwareBytes Anti-malware (http://www.malwarebytes.org/mbam.php) <<< A New and effective program
a-squared Free (http://www.emsisoft.com/en/software/free/) <<< A good "realtime" or "on demand" scanner
superantispyware (http://www.superantispyware.com/) <<< A good "realtime" or "on demand" scanner
Prevention
These programs don't detect malware, they help stop it getting on your machine in the first place.
Each does a different job, so you can have more than one
Winpatrol (http://www.winpatrol.com) An excellent startup manager and then some !! Notifies you if programs are added to startup Allows delayed startup A must have addition
SpywareBlaster 4.0 (http://www.javacoolsoftware.com/spywareblaster.html) SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
SpywareGuard 2.2 (http://www.javacoolsoftware.com/spywareguard.html) SpywareGuard provides real-time protection against spyware. Not required if you have other "realtime" antispyware or Winpatrol
ZonedOut (http://www.funkytoad.com/index.php?option=com_content&view=article&id=15&Itemid=33) Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
MVPS HOSTS (http://www.mvps.org/winhelp2002/hosts.zip) This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial (http://www.mvps.org/winhelp2002/hosts.htm) by WinHelp2002. Not required if you are using other host file protections
Internet Browsers
Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
Using a different web browser can help stop malware getting on your machine.
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
If you are still using IE6 then either update, or get one of the following.
FireFox (http://www.mozilla.com/en-US/firefox/) With many addons available that make customization easy this is a very popular choice NoScript and AdBlockPlus addons are essential
Opera (http://www.opera.com/) Another popular alternative
Netscape (http://browser.netscape.com/addons) Another popular alternative Also has Addons available
Cleaning Temporary Internet Files and Tracking Cookies
Temporary Internet Files are mainly the files that are downloaded when you open a web page.
Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
It is a good idea to empty the Temporary Internet Files folder on a regular basis.
Tracking Cookies are files that websites use to monitor which sites you visit and how often.
A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords
Both of these can be cleaned manually, but a quicker option is to use a program
ATF Cleaner (http://www.atribune.org/index.php?option=com_content&task=view&id=25&Itemid=25) Free and very simple to use
CCleaner (http://www.ccleaner.com/) Free and very flexible, you can chose which cookies to keep
Also PLEASE read this article.....So How Did I Get Infected In The First Place (http://forum.malwareremoval.com/viewtopic.php?t=4959)
The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.
If you follow this advice then (with a bit of luck) you will never have to hear from me again :D
If you could post back one more time to let me know everything is OK, then I can have this thread archived.
Happy surfing K'
hermannworth
2009-02-28, 04:53
Thank you a lot for your help! You saved a great deal of trouble and time. I´ve already put some of the tools you recommend on and just to let you know, I´m about to make a donation :)
just to let you know, I´m about to make a donation :)
Much appreciated :D:
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.
Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.