funnybone

Hello Maurice, thanks for help, Note: for file extra.txt i have to click extra-registry - use SafeList checkbox here OTL files: with best regards funnybone OTL_20120825b.Txt Extras_20120825b.Txt

Hello Maurice avast antivir deactivated windows defender deactivated the Scan of this Website http://quickscan.bitdefender.com with IE 9 was running only with IE-addons, (otherwise no reaction by clicking start now button) I got following result: Herzlichen Glückwunsch! Es wurden keine Infektionen gefunden. Testen Sie den Testsieger: Bitdefender Internet Security 2013 Good news! We found no active infections on your PC Keep it clean with Bitdefender Internet Security 2013! id did not find a viewLog button. avast antivir activated windows defender activated sinscerly funnybonr

Hallo Maurice I tested, i am sorry the ie9 always have hiccough at different time intervals there are suddenly after 10 minutes ... (i have opened two Internet Explorer with some tabs) more message on the screen "Internet Explorer has stopped working - close program" and then i got at most tabs, for example before http://www.eset.com/home/products/online-scanner after res://ieframe.dll/acr_error.htm#http://www.eset.com/home/products/online-scanner,http://www.eset.com/home/products/online-scanner Do you have an Idea? funnybone

hi Maurice thanks for help avast antivir deactivated windows defender deactivated ESET-OnlinScanner used duration 4 Hrs log: 1 files infected 1 file moved in quarantine found this - (never used FreeVideoConverter.exe) and moved in quarantine: Favorites\software\softonic.de\videoconverter\Koyote Free Video Converter_2.7\setup_FreeVideoConverter.exe (I uninstalled ESET-onlinescanner (by clicking uninstall checkbox) so i missed the file C:\Program Files\ESET\ESET Online Scanner\log.txt, sorry) avast antivir activated windows defender activated If needed, I can repeat. best regards funnybone

Hallo Maurice, the program http://www.eset.com/onlinescan/ found Windows Defender i will start to disable and i got this message: Fehler bei Anwendungsinitialisierung 0x8001006ba. Der Dienst dieses Programms wurde aufgrund eines Problems angehalten. Führen Sie zum Start des Dienstes einen Neustart des Computers aus, oder suchen Sie unter Hilfe und Support Informatonen zu manuellen Start dieses Dienstes. Error in application initialization 0x8001006ba. The service of this program was stopped due to a problem. Run to start the service, restart your computer, or search Help and Support informaton to manually start the service. Notebook was restartet. Can I continue? ..

Hello Maurice I found in c:/users/user_1/DoctorWeb/Quarantine otl.exe pwdspy.exe I found in c:/users/user_1/DoctorWeb CureIt.log: OTL.exe infiziert mit Trojan.Siggen4.8915 nicht desinfizierbar pwdspy.exe ... C:\windows\System32\sc.exe gepackt von FLY-CODE >C:\windows\System32\sc.exe OK C:\windows\System32\SCP32.DLL gepackt von FLY-CODE >C:\windows\System32\SCP32.DLL OK and more ...

Hello Maurice Dr.Web CureIt finshed yet after 12 hrs found only 2 infected files otl.exe from oldtimer i found before i found malwarebytes.org sorry and some like passwordspy, i never used o this notebook i got it before 2006 i got bluescreen bofore saving: "Save the report to your desktop. The report will be called DrWeb.csv" notebook runs shell i repeat Dr.Web CureIt ?

Hello Maurice SystemLook operation done thanks funnybone SystemLook.txt

hello maurice, combofix done i am happy that notebook runs I am glad to present the log.txt. i changed username in user_1 if you see C:\A that is from beginning as new notebook and vanishes sometimes perhaps we can find why this notebook is sometimes slowly can you see success? funnybone ComboFix 12-08-17.03 - user_1 18.08.2012 18:54:00.1.2 - x86 Microsoft® Windows Vista™ Business 6.0.6002.2.1252.49.1031.18.2038.880 [GMT 2:00] ausgeführt von:: c:\users\user_1\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . C:\System c:\system\Flash_seltsam.jpg c:\users\user_1\Documents\DriveInfo.jpg c:\windows\system32\AF15BDAEX.dll c:\windows\system32\TPAPSLOG.LOG c:\windows\system32\TPHDLOG0.LOG c:\windows\system32\URTTemp c:\windows\system32\URTTemp\regtlib.exe . c:\windows\System32\sc.exe . . . ist infiziert!! ~emphasis added by moderator . . ((((((((((((((((((((((( Dateien erstellt von 2012-07-18 bis 2012-08-18 )))))))))))))))))))))))))))))) . . 2012-08-18 17:42 . 2012-08-18 17:42 -------- d--h--we C:\A 2012-08-18 17:37 . 2012-08-18 17:37 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-14 22:21 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll 2012-08-14 22:21 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll 2012-08-14 22:20 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll 2012-08-14 22:20 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll 2012-08-14 22:20 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-08-14 22:20 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll 2012-08-14 22:20 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll 2012-08-14 17:34 . 2012-08-14 17:34 -------- d-----w- C:\found.002 2012-08-14 06:00 . 2012-08-14 16:44 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-08-12 12:18 . 2012-08-12 12:18 -------- d-----w- c:\program files\Common Files\Java 2012-08-12 12:17 . 2012-08-12 12:15 772592 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-08-12 12:14 . 2012-08-12 12:14 -------- d-----w- c:\program files\Java 2012-08-05 12:25 . 2012-08-05 12:35 -------- d-----w- c:\program files\trend micro 2012-08-05 12:25 . 2012-08-05 12:48 -------- d-----w- C:\rsit 2012-08-04 12:15 . 2012-08-04 12:15 -------- d-----w- C:\found.001 2012-08-04 10:34 . 2012-08-04 10:49 28488 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2012-08-04 10:30 . 2012-08-04 10:30 -------- d-----w- c:\program files\ERUNT . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-14 21:45 . 2012-04-05 19:33 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-14 21:45 . 2011-06-18 07:27 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-12 12:15 . 2010-05-16 08:35 687600 ----a-w- c:\windows\system32\deployJava1.dll 2012-07-03 16:21 . 2012-01-31 22:02 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-07-03 16:21 . 2012-01-31 22:02 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-07-03 16:21 . 2012-01-31 22:02 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-07-03 16:21 . 2012-01-31 22:02 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2012-07-03 16:21 . 2012-01-31 22:02 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-07-03 16:21 . 2012-01-31 22:02 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-07-03 16:21 . 2012-01-31 22:00 41224 ----a-w- c:\windows\avastSS.scr 2012-07-03 16:21 . 2012-01-31 22:00 227648 ----a-w- c:\windows\system32\aswBoot.exe 2012-07-03 11:46 . 2012-07-08 09:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-02 22:19 . 2012-06-24 06:08 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-24 06:08 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-24 06:07 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-24 06:07 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:19 . 2012-06-24 06:08 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:12 . 2012-06-24 06:08 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:12 . 2012-06-24 06:07 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 13:19 . 2012-06-24 06:06 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 13:12 . 2012-06-24 06:06 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-05-31 10:25 . 2009-10-02 16:50 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-06-18 09:12 . 2012-01-03 04:21 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472] "NPDTRAY"="c:\progra~1\Lenovo\NPDIRECT\NPDTray.exe" [2007-11-29 218400] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-11-29 59168] "PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2007-12-06 324896] "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BTVLogEx.DLL" [2007-12-06 214576] "TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176] "TpShocks"="TpShocks.exe" [2007-11-22 181536] "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-28 243248] "LenovoOobeOffers"="c:\swtools\LenovoWelcome\LenovoOobeOffers.exe" [2007-09-25 28672] "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424] "DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-11-15 217176] "AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688] "LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2007-04-26 120368] "AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2009-03-06 458752] "ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 419112] "ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 124200] "cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2007-08-09 2630968] "Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-27 49976] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-07 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-07 178712] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-07 154136] "vspdfprsrv.exe"="c:\program files\Visagesoft\eXPert PDF 6\vspdfprsrv.exe" [2008-11-18 1199616] "TrackPointSrv"="c:\program files\Lenovo\TrackPoint\tp4serv.exe" [2009-11-24 93032] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712] . c:\users\user_1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632] OneNote Inhaltsverzeichnis.onetoc2 [2009-7-14 3656] xampp-control.lnk - c:\xampplite\xampp-control.exe [2010-1-26 148112] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhalt des "geplante Tasks" Ordners . 2012-08-18 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 21:45] . 2012-08-18 c:\windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 13:54] . 2012-08-18 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-21 04:27] . 2012-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-26 11:59] . 2012-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-26 11:59] . 2010-11-07 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\PC-Doctor\uaclauncher.exe [2010-05-07 19:46] . 2012-08-18 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\PC-Doctor\pcdrcui.exe [2010-05-08 21:08] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = about:blank IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\user_1\AppData\Roaming\Mozilla\Firefox\Profiles\e16jyvc0.default\ . . ************************************************************************** Scanne versteckte Prozesse... . c:\windows\System32\SearchProtocolHost.exe [5740] 0x849A57A0 . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCDSRVC{3037D694-FD904ACA-06020000}_0] "ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc.pkms" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- . - - - - - - - > 'Explorer.exe'(4564) c:\windows\system32\btncopy.dll c:\program files\Lenovo\Drag-to-Disc\Shellex.dll c:\windows\system32\DLAAPI_W.DLL c:\program files\Lenovo\Drag-to-Disc\ShellRes.dll c:\program files\WinSCP\DragExt.dll . ------------------------ Weitere laufende Prozesse ------------------------ . c:\windows\system32\ibmpmsvc.exe c:\program files\AVAST Software\Avast\AvastSvc.exe c:\windows\System32\lpksetup.exe c:\windows\system32\IPSSVC.EXE c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe c:\windows\System32\TPHDEXLG.exe c:\program files\LENOVO\HOTKEY\TPHKSVC.exe c:\program files\Lenovo\Client Security Solution\tvttcsd.exe c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe c:\program files\Lenovo\Rescue and Recovery\rrservice.exe c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe c:\windows\system32\DRIVERS\xaudio.exe c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe c:\program files\lenovo\system update\suservice.exe c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe c:\windows\servicing\TrustedInstaller.exe c:\windows\system32\conime.exe c:\windows\System32\rundll32.exe c:\windows\System32\TpShocks.exe c:\program files\ThinkPad\Utilities\EZEJMNAP.EXE c:\program files\ThinkVantage\PrdCtr\LPMGR.EXE c:\windows\system32\wbem\unsecapp.exe c:\windows\system32\igfxsrvc.exe c:\program files\Lenovo\NPDIRECT\NPDTRAY.EXE c:\program files\Lenovo\HOTKEY\TPONSCR.exe c:\program files\Lenovo\Zoom\TpScrex.exe c:\program files\Lenovo\Client Security Solution\tvtpwm_tray.exe c:\windows\System32\wsqmcons.exe . ************************************************************************** . Zeit der Fertigstellung: 2012-08-18 19:52:31 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2012-08-18 17:51 . Vor Suchlauf: 6.422.609.920 Bytes frei Nach Suchlauf: 5.928.927.232 Bytes frei . - - End Of File - - 91C5E48A20E5DAB9DD19B4531A654C1D

Hello Maurice sorry for question befor starting combofix: i found this link http://www.bleepingcomputer.com/combofix/de/wie-combofix-benutzt-wird http://www.bleepingcomputer.com/combofix/how-to-use-combofix i have disconnected the notebook from internet and i disabeled avast antivir and i can disable also windows firewall, shall I? thanks for the patience funnybone

Hello mauric, thanks for help: SecurityCehck is doing this i got some messages in the DOS-Box: C:\Windows\system32\sc.exe ist keine win32 Anwendung C:\Windows\system32\sc.exe is not a win32 application Datei ist gesperrt file is locked and here is the logfile, but what is the meaning of that? Windows Security Center service is not running! This report may not be accurate! I have combofix downloaded yet, I am starting soon funnybone Results of screen317's Security Check version 0.99.46 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.61.0.1400 Java 7 Update 5 Java version out of Date! Adobe Flash Player 11.3.300.271 Adobe Reader X 10.1.3 Adobe Reader out of Date! Mozilla Firefox 13.0.1 Firefox out of Date! ````````Process Check: objlist.exe by Laurent```````` Windows Defender MSASCui.exe Windows Defender MSASCui.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log``````````````````````

hello maurice yes do, (recommended i think? risk?) i checked out that ie browser is giving me hiccups often by microsoft-sites ... first at next i am doing Security Check one moment please ....

Dear Maurice ... here is a first abstract It could be indeed a internal problem with my notebook and malwarebytes, because i have a slowly notebook (i don't know why). I didn't found any other error except beeing slowly. Malwarebytes runs properly on other systems with xp and same antivirus scanner. so i forgot to deactivate the virus scanner But this notebook: scanning with malwarebytes in windows normal mode: Sometimes systems hangs only. Sometimes I got a bluescreen and dump message. I have to turn off and to turn on. After that by restart chkdsk is running. turn off avast antivirus: scanning with malwarebytes in windows normal mode: malwarebytes tells no response but nothing happens, notebook no response causes reboot Running in windows save mode: no problems. see above, first blog: avast antivir found nothing mbaw found in save mode infected files: 1 C:\Windows\Temp\TMP00000004DD0CB990557B4247 (Trojan.Dropper) -> Successfully removed and placed in quarantine. This is only Internet Explorer: I watched that the errors occurs after 10 minutes res://ieframe.dll/acr_error.htm#about:Tabs,http://about:Tabs res://ieframe.dll/acr_error.htm#google.de,http://google.de This is only Internet Explorer This error occured after standard windows update (automatic update)! and the message on the IE is "Internet Explorer has stopped working - close program" appears starting Internet Explorer with iexplore -extoff no problems seems to be some add-ons? Firefox runs properly. No other problems found yet. Word, excel, vnc, windows-mail runs properly sound ist properly. with best regards funnybone

hello Maurice the backup hd with docs, favorites, xmls, jpgs has been checked on a new clean isolatet PC with new malwarebytes and stinger look here http://downloads.netmediaeurope.de/2598/mcafee-fake-alert-avert-stinger-de0dqz/ NO INFECTED FILES FOUND The program tfc elapsed time was 3 hrs. I think my notebook is slow. java update ok adobereader update ok Using IE (only!) to http://support.microsoft.com/kb/923737 i got this error: When installing the package, an unexpected error has occurred. This may indicate a problem with this package. The error code is 2378 malwarebytes runs but hangs by searching in normal mode. At this point, I watched that the errors occurs after 10 minutes res://ieframe.dll/acr_error.htm#about:Tabs,http://about:Tabs res://ieframe.dll/acr_error.htm#google.de,http://google.de here your link http://support.microsoft.com/kb/923737/de: and now my link in IE: res://ieframe.dll/acr_error.htm#,res://ieframe.dll/acr_error.htm#,res://ieframe.dll/acr_error.htm#,res://ieframe.dll/acr_error.htm#,res://ieframe.dll/acr_error.htm#,res://ieframe.dll/acr_error.htm#microsoft.com,http://support.microsoft.com/kb/923737/de sincerly funnybone

Hello Maurice and thanks very much for support. I was busy on job and so i am answering today. I am glad that the Notebook runs. I m using it as stand-alone pc only for look up. And files like emails, docs, xls and jpgs i saved meanwhile on an external hd. This hd i can also check with malwarebytes if it is recommended. In the last post i forgot to say, that the program Lenovo rescue and recovery was automatically started 2 times while booting and the notebeook was running properly after that, as i wrote. Unfortunately 1 times chkdsk was running after booting before I got support from you. and i don't know why. And chkdsk was also running after booting automatically by the last operation i wrote. Therefore I found 2 folders found.000 from July 11. and found.001 from August 04th. Both folders are empty I don't miss some files yet, but I am looking further. So i have to remove the bug with IE and perhaps something to get malwarebytes doesn't stop while running in search mode. In windows safe mode malwarebyte runs properly. I am using meanwhile firefox-browser. with very best regards gerd Logfile of random's system information tool 1.09 (written by random/random) Run by User_1 at 2012-08-05 14:35:16 Microsoft® Windows Vista™ Business Service Pack 2 System drive C: has 6 GB (4%) free of 146 GB Total RAM: 2038 MB (45% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:35:32, on 05.08.2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16446) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe C:\Windows\System32\rundll32.exe C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe C:\Windows\System32\TpShocks.exe C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe C:\Program Files\Lenovo\AwayTask\AwaySch.EXE C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe C:\Program Files\Lenovo\Client Security Solution\cssauth.exe C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe C:\Program Files\Visagesoft\eXPert PDF 6\vspdfprsrv.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe C:\Program Files\Lenovo\Zoom\TpScrex.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Lenovo\NPDIRECT\NPDTRAY.EXE C:\xampplite\xampp-control.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\Explorer.exe C:\Users\User_1\Downloads\RSIT.exe C:\Program Files\trend micro\User_1.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: [bLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL,StartBattLog O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [LenovoOobeOffers] c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe /filePath="c:\swshare\firstrun.txt" O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent O4 - HKLM\..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /start O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [vspdfprsrv.exe] C:\Program Files\Visagesoft\eXPert PDF 6\vspdfprsrv.exe --background O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [TrackPointSrv] C:\Program Files\Lenovo\TrackPoint\tp4serv.exe O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [NPDTRAY] C:\PROGRA~1\Lenovo\NPDIRECT\NPDTray.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Startup: OneNote Inhaltsverzeichnis.onetoc2 O4 - Startup: xampp-control.lnk = C:\xampplite\xampp-control.exe O8 - Extra context menu item: &Windows Live Search - res://c:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: IPS-Basisservice (IPSSVC) - Lenovo Group Limited - C:\Windows\system32\IPSSVC.EXE O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe O23 - Service: Anzeige am Bildschirm (TPHKSVC) - Unknown owner - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 11891 bytes ======Scheduled tasks folder====== C:\Windows\tasks\Adobe Flash Player Updater.job C:\Windows\tasks\Auf Updates für Windows Live Toolbar prüfen.job C:\Windows\tasks\Google Software Updater.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job C:\Windows\tasks\SystemToolsDailyTest.job =========Mozilla firefox========= ProfilePath - C:\Users\User_1\AppData\Roaming\Mozilla\Firefox\Profiles\e16jyvc0.default prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11, {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13, {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}:6.0.19, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, LogMeInClient@logmein.com:1.0.0.652, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.19" "{20a82645-c095-46ed-80e3-08825760534b}"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ "wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer] "Description"=Adobe® Flash® Player 11.3.300.270 Plugin "Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin] "Description"=Google Earth in your browser "Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa2,version=2.0.0] "Description"=Picasa2 plugin "Path"=C:\Program Files\Picasa2\npPicasa2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0] "Description"=Picasa3 plugin "Path"=C:\Program Files\Google\Picasa3\npPicasa3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin] "Description"=Oracle® Next Generation Java™ Plug-In "Path"=C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5] "Description"=Windows Presentation Foundation plug-in for Mozilla browsers "Path"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pack.google.com/Google Updater;version=14] "Description"=Google Updater "Path"=C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3] "Description"=Google Update "Path"=C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9] "Description"=Google Update "Path"=C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.1] "Description"=VLC Multimedia Plugin "Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll C:\Program Files\Mozilla Firefox\extensions\ {972ce4c6-7e08-4474-a285-3208198ce6fd} C:\Program Files\Mozilla Firefox\components\ binary.manifest browsercomps.dll C:\Program Files\Mozilla Firefox\plugins\ np-mswmp.dll npdeployJava1.dll NPOFF12.DLL nppdf32.DEU nppdf32.dll WMP Firefox Plugin License.rtf WMP Firefox Plugin RelNotes.txt C:\Program Files\Mozilla Firefox\searchplugins\ amazondotcom-de.xml bing.xml eBay-de.xml google.xml leo_ende_de.xml wikipedia-de.xml yahoo-de.xml C:\Users\User_1\AppData\Roaming\Mozilla\Firefox\Profiles\e16jyvc0.default\extensions\ LogMeInClient@logmein.com {20a82645-c095-46ed-80e3-08825760534b} ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-04-02 61888] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-02-19 325408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-07-03 1160792] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2011-09-09 761840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}] Windows Live Toolbar Helper - c:\Program Files\Windows Live Toolbar\msntb.dll [2007-02-12 546672] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-02-19 42272] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F040E541-A427-4CF7-85D8-75E3E0F476C5}] CPwmIEBrowserHelper Object - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [2007-08-09 795960] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - c:\Program Files\Windows Live Toolbar\msntb.dll [2007-02-12 546672] {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-07-03 1160792] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184] "TPFNF7"=C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe [2007-11-29 59168] "PWMTRV"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor [] "BLOG"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL,StartBattLog [] "TPHOTKEY"=C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [2007-03-09 66176] ""= [] "TpShocks"=C:\Windows\system32\TpShocks.exe [2007-11-22 181536] "EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [2007-03-28 243248] "LenovoOobeOffers"=c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe [2007-09-25 28672] "TVT Scheduler Proxy"=C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2008-03-04 487424] "DiskeeperSystray"=C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe [2006-11-15 217176] "AwaySch"=C:\Program Files\Lenovo\AwayTask\AwaySch.EXE [2006-11-07 91688] "LPManager"=C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe [2007-04-26 120368] "AMSG"=C:\Program Files\ThinkVantage\AMSG\Amsg.exe [2009-03-06 458752] "ACTray"=C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [2007-07-05 419112] "ACWLIcon"=C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [2007-07-05 124200] "cssauth"=C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [2007-08-09 2630968] "Message Center Plus"=C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-27 49976] "IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-10-07 150040] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-10-07 178712] "Persistence"=C:\Windows\system32\igfxpers.exe [2008-10-07 154136] "vspdfprsrv.exe"=C:\Program Files\Visagesoft\eXPert PDF 6\vspdfprsrv.exe [2008-11-18 1199616] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2010-04-02 40368] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768] "TrackPointSrv"=C:\Program Files\Lenovo\TrackPoint\tp4serv.exe [2009-11-24 93032] "avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-07-03 4273976] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"=oobefldr.dll,ShowWelcomeCenter [] "NPDTRAY"=C:\PROGRA~1\Lenovo\NPDIRECT\NPDTray.exe [2007-11-29 218400] C:\Users\User_1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE OneNote Inhaltsverzeichnis.onetoc2 xampp-control.lnk - C:\xampplite\xampp-control.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2008-10-07 221184] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "notification packages"=scecli ACGina [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "BindDirectlyToPropertySetStorage"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "VIDC.UYVY"=msyuv.dll "VIDC.YUY2"=msyuv.dll "VIDC.YVYU"=msyuv.dll "VIDC.IYUV"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "VIDC.YVU9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "vidc.cvid"=iccvid.dll "MSVideo8"=VfWWDM32.dll "wave2"=wdmaud.drv "midi2"=wdmaud.drv "mixer2"=wdmaud.drv "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv "wave3"=wdmaud.drv "midi3"=wdmaud.drv "mixer3"=wdmaud.drv "aux1"=wdmaud.drv ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 month====== 2012-08-05 14:25:06 ----D---- C:\Program Files\trend micro 2012-08-05 14:25:04 ----D---- C:\rsit 2012-08-04 14:15:15 ----SHD---- C:\found.001 2012-08-04 12:34:53 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys 2012-08-04 12:32:01 ----D---- C:\Windows\ERDNT 2012-08-04 12:30:30 ----D---- C:\Program Files\ERUNT 2012-07-11 18:29:36 ----SHD---- C:\found.000 2012-07-08 13:15:15 ----A---- C:\Windows\ntbtlog.txt 2012-07-08 11:46:24 ----D---- C:\Users\User_1\AppData\Roaming\Malwarebytes 2012-07-08 11:46:11 ----D---- C:\ProgramData\Malwarebytes 2012-07-08 11:46:08 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2012-07-08 11:46:08 ----A---- C:\Windows\system32\drivers\mbam.sys 2012-07-06 23:38:15 ----D---- C:\HiJackThis ======List of files/folders modified in the last 1 month====== 2012-08-05 14:35:33 ----D---- C:\Windows\Temp 2012-08-05 14:25:19 ----D---- C:\Windows\Prefetch 2012-08-05 14:25:06 ----RD---- C:\Program Files 2012-08-05 09:22:33 ----SHD---- C:\System Volume Information 2012-08-04 17:21:43 ----D---- C:\Windows\system32\drivers 2012-08-04 15:31:46 ----D---- C:\Windows\system32\catroot2 2012-08-04 14:34:28 ----A---- C:\Windows\system32\PROCDB.INI 2012-08-04 14:32:23 ----D---- C:\Windows\System32 2012-08-04 14:32:23 ----A---- C:\Windows\system32\IPSCtrl.INI 2012-08-04 14:26:21 ----D---- C:\Windows\system32\CodeIntegrity 2012-08-04 12:46:53 ----A---- C:\Windows\system32\FlashPlayerApp.exe 2012-08-04 12:32:01 ----D---- C:\Windows 2012-08-03 11:12:32 ----D---- C:\Program Files\PSPad 2012-08-03 10:50:31 ----SHD---- C:\Windows\Installer 2012-08-03 10:50:31 ----SHD---- C:\Config.Msi 2012-07-16 21:44:32 ----D---- C:\Users\User_1\AppData\Roaming\vlc 2012-07-13 20:19:30 ----A---- C:\Windows\system32\PerfStringBackup.INI 2012-07-11 07:29:01 ----D---- C:\Program Files\Microsoft Office 2012-07-10 20:52:07 ----D---- C:\ProgramData\Roxio 2012-07-08 13:28:47 ----D---- C:\Windows\Web 2012-07-08 11:46:11 ----HD---- C:\ProgramData 2012-07-07 14:41:49 ----D---- C:\Users\User_1\AppData\Roaming\eXPert PDF 6 2012-07-06 23:59:58 ----D---- C:\Windows\system32\Tasks 2012-07-06 22:06:51 ----D---- C:\Bilder 2012-07-06 19:47:39 ----D---- C:\Windows\Microsoft.NET 2012-07-06 19:47:35 ----RSD---- C:\Windows\assembly ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 DRVMCDB;DRVMCDB; C:\Windows\System32\Drivers\DRVMCDB.SYS [2007-03-12 99848] R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2007-02-12 277784] R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2008-11-20 43872] R0 Shockprf;Shockprf; C:\Windows\System32\DRIVERS\Apsx86.sys [2007-10-16 103472] R0 TPDIGIMN;TPDIGIMN; C:\Windows\System32\DRIVERS\ApsHM86.sys [2007-10-16 19504] R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2012-07-03 35928] R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2012-07-03 721000] R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2012-07-03 353688] R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2012-07-03 54232] R1 DLACDBHM;DLACDBHM; C:\Windows\System32\Drivers\DLACDBHM.SYS [2007-02-08 12856] R1 DLARTL_M;DLARTL_M; C:\Windows\System32\Drivers\DLARTL_M.SYS [2007-02-08 28120] R1 lenovo.smi;Lenovo System Interface Driver; C:\Windows\system32\DRIVERS\smiif32.sys [2006-08-30 13744] R1 TPPWRIF;TPPWRIF; C:\Windows\System32\drivers\Tppwr32v.sys [2007-12-06 12080] R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2012-07-03 21256] R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2012-07-03 57656] R2 DLABMFSM;DLABMFSM; C:\Windows\System32\DLA\DLABMFSM.SYS [2007-03-13 35064] R2 DLABOIOM;DLABOIOM; C:\Windows\System32\DLA\DLABOIOM.SYS [2007-03-13 32472] R2 DLADResM;DLADResM; C:\Windows\System32\DLA\DLADResM.SYS [2007-03-13 9400] R2 DLAIFS_M;DLAIFS_M; C:\Windows\System32\DLA\DLAIFS_M.SYS [2007-03-13 104824] R2 DLAOPIOM;DLAOPIOM; C:\Windows\System32\DLA\DLAOPIOM.SYS [2007-03-13 26744] R2 DLAPoolM;DLAPoolM; C:\Windows\System32\DLA\DLAPoolM.SYS [2007-03-13 14520] R2 DLAUDF_M;DLAUDF_M; C:\Windows\System32\DLA\DLAUDF_M.SYS [2007-03-13 98104] R2 DLAUDFAM;DLAUDFAM; C:\Windows\System32\DLA\DLAUDFAM.SYS [2007-03-13 94648] R2 DRVNDDM;DRVNDDM; C:\Windows\System32\Drivers\DRVNDDM.SYS [2007-02-09 51768] R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672] R2 PROCDD;IPS-Helper-Treiber; C:\Windows\system32\DRIVERS\PROCDD.SYS [2006-11-06 12080] R2 tvtfilter;tvtfilter; C:\Windows\system32\DRIVERS\tvtfilter.sys [2008-08-21 33536] R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-04-10 8704] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-05-02 179712] R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRTN32.sys [2009-06-22 486400] R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-03-25 984064] R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-03-25 208384] R3 IBMPMDRV;IBMPMDRV; C:\Windows\system32\DRIVERS\ibmpmdrv.sys [2007-05-31 21424] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-10-07 2473472] R3 NETw4v32;Intel® Wireless WiFi Link Adaptertreiber für Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-04-29 2219520] R3 psadd;Lenovo Parties Service Access Device Driver; C:\Windows\system32\DRIVERS\psadd.sys [2009-06-01 30144] R3 TVTI2C;Lenovo SM bus driver; C:\Windows\system32\DRIVERS\Tvti2c.sys [2007-05-22 30336] R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-03-25 660480] S3 AF15BDA;AF9015 BDA Filter; C:\Windows\system32\DRIVERS\AF15BDA.sys [2009-09-06 306816] S3 BthEnum;Bluetooth-Auflistungsdienst; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528] S3 BthPan;Bluetooth-Gerät (PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160] S3 BTHPORT;Bluetooth-Porttreiber; C:\Windows\System32\Drivers\BTHport.sys [2011-04-21 508416] S3 BTHUSB;USB-Treiber für Bluetooth-Sender; C:\Windows\System32\Drivers\BTHUSB.sys [2009-06-17 30208] S3 btwaudio;Bluetooth-Audiogerät; C:\Windows\system32\drivers\btwaudio.sys [2007-03-29 79664] S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2007-02-27 81200] S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-02-27 16432] S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632] S3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-21 220672] S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDARTN.sys [2007-04-27 215040] S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704] S3 mbamchameleon;mbamchameleon; \??\C:\Windows\system32\drivers\mbamchameleon.sys [2012-08-04 28488] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192] S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888] S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016] S3 NETw3v32;Intel® PRO/Wireless 3945ABG-Adaptertreiber für Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2008-01-21 2225664] S3 PCDSRVC{3037D694-FD904ACA-06020000}_0;PCDSRVC{3037D694-FD904ACA-06020000}_0 - PCDR Kernel Mode Service Helper Driver; \??\c:\program files\pc-doctor\pcdsrvc.pkms [2010-05-07 21360] S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992] S3 Tp4Track;PS/2 TrackPoint Driver; C:\Windows\system32\DRIVERS\tp4track.sys [2009-11-24 23152] S3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2008-01-21 45624] S3 usbaudio;USB-Audiotreiber (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216] S3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016] S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2007-01-09 128104] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328] S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656] S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AcPrfMgrSvc;Ac Profile Manager Service; C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [2007-07-05 91432] R2 AcSvc;Access Connections Main Service; C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe [2007-07-05 206120] R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-07-03 44808] R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504] R2 Diskeeper;Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2006-11-15 634988] R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504] R2 IBMPMSVC;ThinkPad PM Service; C:\Windows\system32\ibmpmsvc.exe [2007-05-31 36400] R2 IPSSVC;IPS-Basisservice; C:\Windows\system32\IPSSVC.EXE [2007-01-30 108080] R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152] R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872] R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224] R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968] R2 SUService;System Update; c:\program files\lenovo\system update\suservice.exe [2008-10-20 28672] R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2007-08-09 644408] R2 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\Windows\System32\TPHDEXLG.exe [2007-10-16 37424] R2 TPHKSVC;Anzeige am Bildschirm; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [2007-03-02 55936] R2 TSSCoreService;TSS Core Service; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [2007-08-09 722232] R2 TVT Backup Protection Service;TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [2007-01-08 569344] R2 TVT Backup Service;TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [2007-01-08 950272] R2 TVT Scheduler;TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [2008-03-04 1122304] R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-04-10 386560] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-26 135664] S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-09-09 194104] S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-01-12 294912] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-04 250056] S3 aspnet_state;ASP.NET-Zustandsdienst; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048] S3 gupdatem;Google Update-Dienst (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-26 135664] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-18 113120] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-01-12 57344] S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-04-22 880640] S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-05-30 73728] S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S4 MSSQLServerADHelper;Hilfsdienst von SQL Server für Active Directory; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272] S4 SQLBrowser;SQL Server-Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544] -----------------EOF----------------- info.txt

Dear Maurice Naggar i did point to point of your list to run ERUNT and mbam chameleon. and I got followoing messages: erunt all ok. Now I disabled the entivir-prgramm (avast/alwil) and in the black dos box of mbam chameleon mbam chameleon updated the database and the progam! but I got at last some strange messages: "windows defender doesn't run" " mbam-killer.exe damaged run chkdsk " and later engl. "firefox.exe damaged" (i hope i didn't forget to close firefox) so i had fear and I stopped the process, after restart and automatic repair from lenevo-repair (software from lenovo on hdd, perhaps second partition) - the notebook - i am glad - it runs again but mbam stops bei scan i have to reboot and after chdsk - the notebook - i am glad - it runs again firefox also runs again mbam also runs again but may stop by scans If have now updatet from mbam vers 1.61.0.1400 to vers 1.62.0.1300 Now the questions: are the messages ok? Whats about the chdsk-messages are these due of the trojan ore only hdd-erros? is it reasonable to run chameleon again? with best regards funnybone

dear Ladies and Gentlemen, I have on my notebook MS Vista business IE 9 and Firefox 13: i have (perhaps after OS-update?) following error: ieframe.dll.acr_error Internet Explorer I get often/always on IE 9 res://ieframe.dll/acr_error.htm#,URL before: http://about:Tabs http://google.de after, 5 minutes later res://ieframe.dll/acr_error.htm#about:Tabs,http://about:Tabs res://ieframe.dll/acr_error.htm#google.de,http://google.de this sites have now the title "Failed to restore sites" and the message on the IE "Internet Explorer has stopped working - close program" appears Alwil (Avast) Antivir found nothing If you want I can log the HijackThis file (nothing found) MBAW crashes in normal mode MBAW, quickscan in safe mode hat found only this Infizierte Dateien: 1 C:\Windows\Temp\TMP00000004DD0CB990557B4247 (Trojan.Dropper) -> Erfolgreich gelöscht und in Quarantäne gestellt. english: infected files: 1 C:\Windows\Temp\TMP00000004DD0CB990557B4247 (Trojan.Dropper) -> Successfully removed and placed in quarantine. This notebook has no others problems. My other PC doesn't have any problem. I have added DDS.TXT and ATTACH.txt thanks very much, funnybone . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31 Run by user_1 at 10:49:01 on 2012-08-03 Microsoft® Windows Vista™ Business 6.0.6002.2.1252.49.1031.18.2038.902 [GMT 2:00] . AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\ibmpmsvc.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\IPSSVC.EXE C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\Explorer.EXE c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\Windows\System32\TPHDEXLG.exe C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe C:\Windows\System32\rundll32.exe C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe C:\Windows\System32\TpShocks.exe C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe C:\Program Files\Lenovo\Zoom\TpScrex.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Lenovo\AwayTask\AwaySch.EXE C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe c:\program files\lenovo\system update\suservice.exe C:\Program Files\Lenovo\Client Security Solution\cssauth.exe C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Visagesoft\eXPert PDF 6\vspdfprsrv.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Lenovo\NPDIRECT\NPDTRAY.EXE C:\xampplite\xampp-control.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\igfxext.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\UI0Detect.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\Explorer.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conime.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank uDefault_Page_URL = hxxp://lenovo.live.com BHO: Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll BHO: 1 (0x1) - No File BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: CPwmIEBrowserHelper Object: {f040e541-a427-4cf7-85d8-75e3e0f476c5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - c:\program files\internet explorer\iedvtool.dll uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter uRun: [NPDTRAY] c:\progra~1\lenovo\npdirect\NPDTray.exe mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor mRun: [bLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BTVLogEx.DLL,StartBattLog mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe mRun: [<NO NAME>] mRun: [TpShocks] TpShocks.exe mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe mRun: [LenovoOobeOffers] c:\swtools\lenovowelcome\lenovooobeoffers.exe /filepath="c:\swshare\firstrun.txt" mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe" mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe mRun: [AMSG] c:\program files\thinkvantage\amsg\Amsg.exe /startup mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [vspdfprsrv.exe] c:\program files\visagesoft\expert pdf 6\vspdfprsrv.exe --background mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [TrackPointSrv] c:\program files\lenovo\trackpoint\tp4serv.exe mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" StartupFolder: c:\users\user_1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\users\user_1\appdata\roaming\microsoft\windows\start menu\programs\startup\OneNote Inhaltsverzeichnis.onetoc2 StartupFolder: c:\users\user_1\appdata\roaming\micros~1\windows\startm~1\programs\startup\xampp-~1.lnk - c:\xampplite\xampp-control.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~1\office12\EXCEL.EXE/3000 IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{DBE5A0B7-8ECC-47D5-9D47-83E967C4CB4B} : DhcpNameServer = 192.168.1.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll LSA: Notification Packages = scecli ACGina . ================= FIREFOX =================== . FF - ProfilePath - c:\users\user_1\appdata\roaming\mozilla\firefox\profiles\e16jyvc0.default\ FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll FF - plugin: c:\program files\google\picasa3\npPicasa2.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\users\user_1\appdata\roaming\mozilla\firefox\profiles\e16jyvc0.default\extensions\logmeinclient@logmein.com\plugins\npLMI64.dll FF - plugin: c:\users\user_1\appdata\roaming\mozilla\firefox\profiles\e16jyvc0.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll . ============= SERVICES / DRIVERS =============== . R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-10-16 19504] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-2-1 721000] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-2-1 353688] R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2007-2-19 13744] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-2-1 21256] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-2-1 57656] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-2-1 44808] R2 FontCache;Windows-Dienst für Schriftartencache;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504] R2 TPHKSVC;Anzeige am Bildschirm;c:\program files\lenovo\hotkey\TPHKSVC.exe [2007-7-9 55936] R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2007-1-8 569344] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-8-22 179712] R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2007-5-22 30336] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-26 135664] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-5 250056] S3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-26 135664] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-5 113120] S3 PCDSRVC{3037D694-FD904ACA-06020000}_0;PCDSRVC{3037D694-FD904ACA-06020000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2010-5-7 21360] S3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [2007-5-10 23152] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2012-07-11 16:29:36 -------- d-sh--w- C:\found.000 2012-07-08 09:46:24 -------- d-----w- c:\users\user_1\appdata\roaming\Malwarebytes 2012-07-08 09:46:11 -------- d-----w- c:\programdata\Malwarebytes 2012-07-08 09:46:08 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-08 09:46:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-07-08 08:19:50 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4c6196aa-b507-4081-b290-ec3796a4005b}\offreg.dll 2012-07-06 22:29:15 6762896 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4c6196aa-b507-4081-b290-ec3796a4005b}\mpengine.dll 2012-07-06 21:38:15 -------- d-----w- C:\HiJackThis . ==================== Find3M ==================== . 2012-08-03 08:46:07 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-03 08:46:07 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-07-03 16:21:53 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-07-03 16:21:53 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-07-03 16:21:32 41224 ----a-w- c:\windows\avastSS.scr 2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 13:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 13:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll 2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-05-15 19:51:08 2045440 ----a-w- c:\windows\system32\win32k.sys . ============= FINISH: 10:51:08,09 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft® Windows Vista™ Business Boot Device: \Device\HarddiskVolume2 Install Date: 21.08.2008 22:58:32 System Uptime: 03.08.2012 07:35:37 (3 hours ago) . Motherboard: LENOVO | | 7650F7G Processor: Intel® Pentium® Dual CPU T2410 @ 2.00GHz | None | 800/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 143 GiB total, 4,691 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft Tun-Miniportadapter Device ID: ROOT\*TUNMP\0001 Manufacturer: Microsoft Name: Teredo Tunneling Pseudo-Interface PNP Device ID: ROOT\*TUNMP\0001 Service: tunmp . Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318} Description: PS/2 TrackPoint Device ID: ACPI\IBM3780\4&E8B9E42&0 Manufacturer: Lenovo Name: PS/2 TrackPoint PNP Device ID: ACPI\IBM3780\4&E8B9E42&0 Service: i8042prt . ==== System Restore Points =================== . RP971: 02.08.2012 22:29:33 - Geplanter Prüfpunkt . ==== Installed Programs ====================== . . Access Help Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 8.2.2 - Deutsch Anzeige am Bildschirm avast! Free Antivirus Client Security Solution Conexant HD Audio Diskeeper Home Drag-to-Disc Ergänzung zu Productivity Center für ThinkPad eXPert PDF 6 Garmin City Navigator Europe NT 2010.20 Update Google Earth Google Update Helper Google Updater HDAUDIO Soft Data Fax Modem with SmartCP Help Center Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Integrated Camera Intel® Graphics Media Accelerator Driver InterVideo Register Manager InterVideo WinDVD Java Auto Updater Java™ 6 Update 2 Java™ 6 Update 31 Konfiguration der Hot-Key-Funktionen für ThinkPad Lenovo Registration Lenovo System Interface Driver Lenovo ThinkVantage Toolbox Maintenance Manager Malwarebytes Anti-Malware Version 1.61.0.1400 Message Center Message Center Plus Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 1.1 Security Update (KB2656370) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 3.5 Language Pack SP1 - deu Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Office 2003 Web Components Microsoft Office 2007 Primary Interop Assemblies Microsoft Office Excel MUI (German) 2007 Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (German) 2007 Microsoft Office PowerPoint MUI (German) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Italian) 2007 Microsoft Office Proofing (German) 2007 Microsoft Office Shared MUI (German) 2007 Microsoft Office Small Business Connectivity Components Microsoft Office Word MUI (German) 2007 Microsoft SQL Server 2005 Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) Microsoft SQL Server Native Client Microsoft SQL Server VSS Writer Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Miranda IM 0.8.15 Mozilla Firefox 13.0.1 (x86 de) Mozilla Maintenance Service MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK Multimedia Center For Think Offerings NinjaLite V1.9 Picasa 3 Präsentationsdirektor Registry patch for Windows Vista USB S3 PM Enablement Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista Registry patch to improve USB device detection on resume from sleep for Windows Vista Rescue and Recovery RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02 Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870) Skype™ 4.2 Sonic Icons for Lenovo System Migration Assistant System Update ThinkPad-Dienstprogramm 'EasyEject' ThinkPad Bluetooth with Enhanced Data Rate Software 6.0.1.4900 ThinkPad Energie-Manager ThinkPad FullScreen Magnifier ThinkPad Mobility Center Customization ThinkPad Power Management Driver ThinkPad TrackPoint Driver ThinkVantage Access Connections ThinkVantage Productivity Center ThinkVantage System für aktiven Festplattenschutz ThinkVantage Technologies Welcome Message Total Commander (Remove or Repair) uMedia uTV Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) VLC media player 2.0.1 Wallpapers Windows Driver Package - Broadcom (b57nd60x) Net (05/09/2007 10.39.0.0) Windows Driver Package - Intel (iaStor) hdc (02/12/2007 7.0.0.1020) Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011) Windows Driver Package - Intel hdc (12/06/2006 6.8.0.3002) Windows Driver Package - Intel System (09/15/2006 7.0.0.1011) Windows Driver Package - Intel System (09/15/2006 8.0.0.1008) Windows Driver Package - Intel System (09/15/2006 8.0.0.1010) Windows Driver Package - Intel System (09/15/2006 8.2.0.1000) Windows Driver Package - Intel USB (09/15/2006 8.0.0.1008) Windows Driver Package - Lenovo (IBMPMDRV) System (05/31/2007 1.43) Windows Live Toolbar Windows Media Player Firefox Plugin WinSCP 4.1.6 . ==== End Of File ===========================

dear Ladies and Gentlemen, I have on my notebook MS Vista business IE 9 and Firefox 13: Before we beginn I would you know: Please give some short answers, first i'll got the overview: i have (perhaps after OS-update?) following error: ieframe.dll.acr_error Internet Explorer I get often/always on IE 9 res://ieframe.dll/acr_error.htm#,URL before: http://about:Tabs http://google.de after, 5 minutes later res://ieframe.dll/acr_error.htm#about:Tabs,http://about:Tabs res://ieframe.dll/acr_error.htm#google.de,http://google.de this sites have now the title "Failed to restore sites" and the message on the IE "Internet Explorer has stopped working - close program" appears Alwil (Avast) Antivir found nothing If you want I can log the HijackThis file (nothing found) MBAW crashes in normal mode MBAW, quickscan in safe mode hat found only this Infizierte Dateien: 1 C:\Windows\Temp\TMP00000004DD0CB990557B4247 (Trojan.Dropper) -> Erfolgreich gelöscht und in Quarantäne gestellt. english: infected files: 1 C:\Windows\Temp\TMP00000004DD0CB990557B4247 (Trojan.Dropper) -> Successfully removed and placed in quarantine. This notebook has no others problems. My other PC doesn't have any problem. My ideas now: have I to run dds? see FAQ have I to run chameleon? see FAQ have I to run otl? and, If you can ... have I to change my passwords? can I use the files (jpgs, docs, xls, no OS-files) of the infected PC? perhaps i have to format the drive and setup a new OS? thanks very much, please, first I will get an overview. funnybone