50 Euro-Trojaner - PC gesperrt bei Verbindung mit dem Internet

Toff · 08.03.2012, 22:03

Hallo ihr,

ich habe das hier oft erwähnte Problem: bei Verbindung mit dem Internet kommt nach gewisser Zeit (oft gleich, manchmal auch erst nach 10 Minuten) ein schwarzer Bildschirm mit Zahlungsaufforderung ("WINDOWS GESPERRT etc.).

Ich brauche Hilfe! Ich bin alles andere als ein Experte.

Mein Betriebssystem ist XP Pro.

Der OTL-Scan sieht folgendermaßen aus:

Zitat:

OTL logfile created on: 08.03.2012 21:38:04 - Run 1
OTL by OldTimer - Version 3.2.36.1 Folder = C:\Dokumente und Einstellungen\toff\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,99 Gb Total Physical Memory | 1,40 Gb Available Physical Memory | 70,45% Memory free
3,84 Gb Paging File | 3,30 Gb Available in Paging File | 85,77% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 51,98 Gb Total Space | 18,24 Gb Free Space | 35,09% Space Free | Partition Type: NTFS

Computer Name: APFELMUS | User Name: toff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.03.08 21:37:34 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\toff\Desktop\OTL.exe
PRC - [2011.07.01 13:37:30 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.28 13:14:13 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.18 18:56:37 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.01.10 14:22:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.09.27 10:58:24 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010.05.20 23:59:32 | 000,305,152 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\swriter.exe
PRC - [2010.05.20 23:59:30 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2010.05.20 23:59:28 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2007.06.13 14:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.01.31 22:24:28 | 000,147,456 | ---- | M] (Lenovo) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2006.01.31 22:23:08 | 000,040,960 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2006.01.31 22:19:26 | 000,409,600 | ---- | M] (Lenovo) -- C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2006.01.31 22:12:04 | 000,098,304 | ---- | M] (Lenovo) -- C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2005.12.21 18:34:58 | 000,077,824 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
PRC - [2005.12.21 18:27:00 | 000,032,768 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Common\Logger\logmon.exe
PRC - [2005.12.21 18:20:56 | 001,384,448 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
PRC - [2005.12.21 18:13:20 | 002,369,072 | ---- | M] (Lenovo Group Limited) -- C:\Programme\IBM ThinkVantage\Client Security Solution\pwmgr.exe
PRC - [2005.12.21 18:08:02 | 001,996,336 | ---- | M] (Lenovo Group Limited) -- C:\Programme\IBM ThinkVantage\Client Security Solution\cssauth.exe
PRC - [2005.12.21 17:17:54 | 000,722,480 | ---- | M] (IBM) -- C:\Programme\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
PRC - [2005.12.14 11:51:12 | 000,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2005.12.01 01:09:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE
PRC - [2005.11.15 13:13:24 | 000,049,152 | R--- | M] (Utimaco Safeware AG) -- C:\Programme\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
PRC - [2005.11.01 15:04:02 | 000,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2005.10.28 19:08:32 | 000,335,872 | ---- | M] (Google Inc.) -- C:\Programme\Picasa2\PicasaMediaDetector.exe
PRC - [2005.10.26 00:44:30 | 000,086,016 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
PRC - [2005.09.15 13:57:42 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe
PRC - [2005.08.01 17:32:40 | 000,040,960 | ---- | M] () -- C:\Programme\ThinkVantage\SystemUpdate\UCLauncherService.exe
PRC - [2005.08.01 05:10:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005.07.05 14:57:12 | 000,077,824 | ---- | M] () -- C:\Programme\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
PRC - [2005.06.06 21:26:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
PRC - [2004.07.27 16:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe

========== Modules (No Company Name) ==========

MOD - [2011.03.18 18:56:37 | 001,874,904 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2010.11.18 10:43:04 | 000,166,400 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxslt.dll
MOD - [2010.09.27 11:03:08 | 000,201,512 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
MOD - [2010.06.17 14:27:02 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2010.05.04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2006.01.31 22:24:24 | 000,413,696 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcSvcHlpr.dll
MOD - [2006.01.31 22:23:58 | 000,188,416 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcGolan.dll
MOD - [2006.01.31 22:23:24 | 000,114,688 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcLocMigrator.dll
MOD - [2006.01.31 22:23:08 | 000,073,728 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll
MOD - [2006.01.31 22:23:08 | 000,040,960 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
MOD - [2006.01.31 22:22:56 | 000,499,712 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\ACon.dll
MOD - [2006.01.31 22:19:06 | 000,007,680 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\ACTurinSupport.dll
MOD - [2006.01.31 22:14:36 | 000,094,208 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\ThinQCon.dll
MOD - [2006.01.31 22:02:14 | 000,090,112 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcSvcStub.dll
MOD - [2006.01.31 22:00:02 | 000,143,360 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgr.dll
MOD - [2006.01.31 21:59:56 | 000,077,824 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
MOD - [2006.01.31 21:59:50 | 000,151,552 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcLocSettings.dll
MOD - [2006.01.31 21:59:26 | 000,069,632 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\ACHelper.dll
MOD - [2006.01.25 01:03:00 | 000,057,344 | ---- | M] () -- C:\Programme\ThinkVantage\PrdCtr\GR\LPRESMGR.DLL
MOD - [2005.12.21 18:34:58 | 000,077,824 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
MOD - [2005.12.21 18:27:00 | 000,032,768 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Common\Logger\logmon.exe
MOD - [2005.12.21 18:23:06 | 000,139,264 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\CDRecord.dll
MOD - [2005.12.21 18:20:56 | 001,384,448 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
MOD - [2005.12.21 18:19:10 | 000,155,648 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\ui.dll
MOD - [2005.12.21 18:19:02 | 000,069,632 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\zlib.dll
MOD - [2005.12.21 18:15:14 | 000,671,744 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\rr_res.dll
MOD - [2005.12.07 01:12:00 | 000,073,728 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\PWRMGRIF.DLL
MOD - [2005.12.07 01:12:00 | 000,040,960 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\GR\PWRMGRRT.DLL
MOD - [2005.11.30 20:16:02 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\tphklock.dll
MOD - [2005.11.28 11:59:16 | 000,876,544 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\Libeay32.dll
MOD - [2005.11.28 11:59:16 | 000,208,965 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2005.11.28 11:59:16 | 000,053,322 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\IntStngs.dll
MOD - [2005.11.17 02:22:00 | 000,057,344 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\GR\EZMAPRES.DLL
MOD - [2005.10.28 20:29:52 | 000,208,896 | ---- | M] () -- C:\Programme\Lenovo\PkgMgr\HOTKEY\tpfnf7.dll
MOD - [2005.08.05 21:22:58 | 000,081,920 | ---- | M] () -- C:\Programme\ThinkPad\TpShocks\MUI\0407\TpShocks.dll
MOD - [2005.08.01 17:32:40 | 000,040,960 | ---- | M] () -- C:\Programme\ThinkVantage\SystemUpdate\UCLauncherService.exe
MOD - [2005.08.01 17:32:36 | 000,147,456 | ---- | M] () -- C:\Programme\ThinkVantage\SystemUpdate\UCLauncherCommon.dll
MOD - [2005.07.20 03:34:28 | 000,126,976 | ---- | M] () -- C:\Programme\ThinkVantage\AMSG\ahlprunl.dll
MOD - [2005.07.05 23:45:08 | 000,028,672 | ---- | M] () -- C:\WINDOWS\system32\notifyf2.dll
MOD - [2005.07.05 14:57:12 | 000,077,824 | ---- | M] () -- C:\Programme\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
MOD - [2005.06.30 03:54:50 | 000,180,224 | ---- | M] () -- C:\Programme\ThinkVantage\AMSG\AcpPollingEngine.dll
MOD - [2005.06.06 21:26:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (PsaSrv)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2012.02.15 13:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.07.01 13:37:30 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.28 13:14:13 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.09.27 10:58:24 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2006.01.31 22:24:28 | 000,147,456 | ---- | M] (Lenovo) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2006.01.31 22:23:08 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2005.12.21 18:34:58 | 000,077,824 | ---- | M] () [Auto | Running] -- C:\Programme\IBM ThinkVantage\Common\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2005.12.21 18:20:56 | 001,384,448 | ---- | M] () [Auto | Running] -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2005.12.21 17:17:54 | 000,722,480 | ---- | M] (IBM) [Auto | Running] -- C:\Programme\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe -- (TSSCoreService)
SRV - [2005.12.14 11:51:12 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2005.12.01 01:09:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)
SRV - [2005.11.01 15:04:02 | 000,258,103 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2005.08.01 17:32:40 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Programme\ThinkVantage\SystemUpdate\UCLauncherService.exe -- (UCLauncherService)
SRV - [2005.06.06 21:26:22 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
SRV - [2004.10.22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004.08.11 00:46:56 | 000,483,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Windows Media Connect\mswmccds.exe -- (WmcCds) Windows Media Connect (WMC)
SRV - [2004.08.10 21:50:42 | 000,028,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Connect\mswmcls.exe -- (WmcCdsLs)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2011.07.01 13:37:31 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.01 13:37:31 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.11.13 23:36:20 | 000,016,256 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2010.09.27 10:56:00 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.06.17 14:26:52 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.11.16 17:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007.11.14 18:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2007.01.18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.01.13 00:33:22 | 000,006,016 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2005.12.21 17:14:58 | 000,012,544 | ---- | M] (IBM) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ibmfilter.sys -- (ibmfilter)
DRV - [2005.12.07 01:12:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2005.12.01 01:09:00 | 000,005,120 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2005.11.30 01:51:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2005.11.30 01:51:00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2005.11.28 12:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005.11.27 07:36:08 | 001,427,968 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2005.11.21 02:41:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2005.11.15 13:11:28 | 000,046,142 | R--- | M] (Utimaco Safeware AG) [Kernel | Auto | Running] -- C:\Programme\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys -- (PrivateDisk)
DRV - [2005.11.08 09:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2005.11.01 14:53:14 | 001,342,122 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2005.11.01 14:51:06 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005.08.01 05:10:00 | 000,092,700 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005.08.01 05:10:00 | 000,087,004 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005.08.01 05:10:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005.08.01 05:10:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005.08.01 05:10:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005.08.01 05:10:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005.08.01 05:10:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005.07.07 09:03:34 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005.07.07 09:02:56 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.lenovo.com/de/de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.lenovo.com/de/de
IE - HKCU\..\SearchScopes,DefaultScope = Google
IE - HKCU\..\SearchScopes\Google: "URL" = hxxp://www.google.com/search?sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&q=%s
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.lemonde.fr/"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.04 11:41:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.03.24 22:09:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.01.04 11:41:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2011.09.14 23:09:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins

[2010.11.19 01:24:28 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\toff\Anwendungsdaten\Mozilla\Extensions
[2012.03.03 21:27:42 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\toff\Anwendungsdaten\Mozilla\Firefox\Profiles\xpd9hs47.default\extensions
[2011.03.24 22:09:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\TOFF\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\XPD9HS47.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.01.04 11:41:56 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video&gt

-- C:\PROGRAMME\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2011.03.18 18:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2010.01.01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2010.01.01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010.11.24 23:00:39 | 000,001,017 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 im.adtech.de
O1 - Hosts: 127.0.0.1 adserver.adtech.de
O1 - Hosts: 127.0.0.1 adtech.de
O1 - Hosts: 127.0.0.1 ar.atwola.com
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O1 - Hosts: 127.0.0.1 71i.de
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BLOG] C:\Programme\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [cssauth] C:\Programme\IBM ThinkVantage\Client Security Solution\cssauth.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [ISUSPM Startup] c:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] c:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [PCDrProfiler] File not found
O4 - HKLM..\Run: [PDService.exe] C:\Programme\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe (Utimaco Safeware AG)
O4 - HKLM..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [suScheduler] C:\Programme\ThinkVantage\SystemUpdate\UCLauncher.exe ()
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Programme\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKCU..\Run: [SkypeM] C:\Dokumente und Einstellungen\toff\Lokale Einstellungen\Anwendungsdaten\Skype\Skype.exe (Activision Blizzard, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk = C:\WINDOWS\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : IBM Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: ThinkPad-Software - Aktualisierung - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Programme\Lenovo\PkgMgr\\PkgMgr.exe ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab (Java Plug-in 1.4.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Programme\TXJLkIgyXCÁ½Ëucjxaunp.exe\ucjxaunp.exe) - File not found
O20 - Winlogon\Notify\ACNotify: DllName - (ACNotify.dll) - C:\Programme\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo)
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\tpfnf2: DllName - (notifyf2.dll) - C:\WINDOWS\System32\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - (tphklock.dll) - C:\WINDOWS\System32\tphklock.dll ()
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.11.13 23:46:27 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012.03.08 21:37:29 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\toff\Desktop\OTL.exe
[2012.03.04 20:44:30 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype
[2012.03.03 21:04:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Skype
[2012.03.03 21:04:35 | 000,000,000 | R--D | C] -- C:\Programme\Skype
[2012.03.03 15:10:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCDr
[2012.03.03 09:46:58 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\toff\Recent
[2012.03.02 23:32:08 | 000,057,344 | ---- | C] (Activision Blizzard, Inc.) -- C:\WINDOWS\System32\a.exe
[2012.02.22 12:04:49 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\toff\Startmenü\Programme\Verwaltung
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.03.08 21:40:59 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2012.03.08 21:37:34 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\toff\Desktop\OTL.exe
[2012.03.08 21:32:10 | 000,002,423 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk
[2012.03.08 21:32:07 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.03.08 21:20:27 | 000,000,122 | -H-- | M] () -- C:\Dokumente und Einstellungen\toff\Desktop\.~lock.Antrag Prüfungsausschuss.odt#
[2012.03.08 18:35:53 | 000,013,386 | ---- | M] () -- C:\Dokumente und Einstellungen\toff\Desktop\2012 Ermäßigungsantrag.pdf
[2012.03.08 18:22:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.03.04 18:22:01 | 000,011,244 | ---- | M] () -- C:\Dokumente und Einstellungen\toff\Eigene Dateien\FTSV.odt
[2012.03.03 18:00:13 | 000,009,570 | ---- | M] () -- C:\Dokumente und Einstellungen\toff\Desktop\Vorlage Exzerpt.odt
[2012.03.02 23:32:09 | 000,057,344 | ---- | M] (Activision Blizzard, Inc.) -- C:\WINDOWS\System32\a.exe
[2012.03.01 17:01:07 | 000,012,427 | ---- | M] () -- C:\Dokumente und Einstellungen\toff\Desktop\Antrag Prüfungsausschuss.odt
[2012.02.16 14:35:40 | 000,008,839 | ---- | M] () -- C:\Dokumente und Einstellungen\toff\Desktop\Semesterplan.ods
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.03.08 21:20:27 | 000,000,122 | -H-- | C] () -- C:\Dokumente und Einstellungen\toff\Desktop\.~lock.Antrag Prüfungsausschuss.odt#
[2012.03.08 18:35:52 | 000,013,386 | ---- | C] () -- C:\Dokumente und Einstellungen\toff\Desktop\2012 Ermäßigungsantrag.pdf
[2012.03.03 17:04:40 | 000,011,244 | ---- | C] () -- C:\Dokumente und Einstellungen\toff\Eigene Dateien\FTSV.odt
[2012.02.24 17:33:07 | 000,012,427 | ---- | C] () -- C:\Dokumente und Einstellungen\toff\Desktop\Antrag Prüfungsausschuss.odt
[2011.09.24 19:57:26 | 000,000,044 | ---- | C] () -- C:\WINDOWS\SMWizard.INI
[2010.12.25 14:31:24 | 000,006,144 | ---- | C] () -- C:\Dokumente und Einstellungen\toff\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.11 23:35:16 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010.12.11 23:35:15 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010.12.11 23:35:11 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010.12.11 23:35:11 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010.12.11 23:35:10 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010.12.09 19:25:48 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010.11.14 00:06:48 | 000,002,458 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2010.11.14 00:03:14 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll
[2010.11.14 00:03:14 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll
[2010.11.14 00:01:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2010.11.14 00:01:05 | 000,000,487 | ---- | C] () -- C:\WINDOWS\System32\IPSCTRL.INI
[2010.11.13 23:46:21 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\toff\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2010.11.13 23:38:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010.11.13 23:38:26 | 000,016,384 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE
[2010.11.13 23:38:25 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2010.11.13 23:38:10 | 000,006,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2010.11.13 23:36:19 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\psasrv.exe
[2010.11.13 23:32:10 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\profile.dat
[2010.11.13 23:30:40 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2010.11.13 23:30:40 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2010.11.13 23:30:40 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2010.11.13 23:30:40 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2010.11.13 23:30:40 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2010.11.13 23:30:40 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2010.11.13 23:29:37 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2010.11.13 23:29:18 | 000,000,148 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010.11.13 23:20:03 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2010.11.13 23:19:42 | 000,009,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2010.11.13 23:18:34 | 000,147,520 | ---- | C] () -- C:\WINDOWS\_tpiu000.exe
[2010.11.13 23:18:18 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TpKmpSvc.exe
[2010.09.27 11:03:08 | 000,201,512 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2010.09.27 10:57:26 | 000,197,416 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll

< End of report >

Zitat:

OTL Extras logfile created on: 08.03.2012 21:38:04 - Run 1
OTL by OldTimer - Version 3.2.36.1 Folder = C:\Dokumente und Einstellungen\toff\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,99 Gb Total Physical Memory | 1,40 Gb Available Physical Memory | 70,45% Memory free
3,84 Gb Paging File | 3,30 Gb Available in Paging File | 85,77% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 51,98 Gb Total Space | 18,24 Gb Free Space | 35,09% Space Free | Partition Type: NTFS

Computer Name: APFELMUS | User Name: toff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Opera\opera.exe" "%1"
https [open] -- "C:\Programme\Opera\opera.exe" "%1"
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\ThinkVantage\SystemUpdate\jre\bin\javaw.exe" = C:\Programme\ThinkVantage\SystemUpdate\jre\bin\javaw.exe:*:Enabled:ThinkVantage System Update -- (IBM)
"C:\Programme\ICQ7.5\ICQ.exe" = C:\Programme\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5 -- (ICQ, LLC.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\ThinkVantage\SystemUpdate\jre\bin\javaw.exe" = C:\Programme\ThinkVantage\SystemUpdate\jre\bin\javaw.exe:*:Enabled:ThinkVantage System Update -- (IBM)
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser
"C:\Programme\ICQ7.5\ICQ.exe" = C:\Programme\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5 -- (ICQ, LLC.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = RecordNow Data
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad-Dienstprogramm 'EasyEject'
"{1CE60928-8325-49A8-8B06-633E48DD2B67}" = Cisco Systems VPN Client 5.0.07.0410
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = Dienstprogramm 'ThinkPad-Tastaturanpassung'
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2A43FF29-0D97-4445-B82D-9324F176AED5}" = ThinkVantage System Update
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{72806716-7088-41B2-8FA6-717A2A164DAB}" = ThinkVantage System für aktiven Festplattenschutz
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = ThinkPad-UltraNav-Assistent
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Energie-Manager
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = RecordNow Audio
"{AC76BA86-7AD7-1031-7B44-A70000000000}" = Adobe Reader 7.0 - Deutsch
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = RecordNow Copy
"{BF90215F-2D7B-4C84-8A24-A03BC41B95DD}" = Rescue and Recovery - Client Security Solution
"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D728E945-256D-4477-B377-6BBA693714AC}" = Ergänzung zu Productivity Center für ThinkPad
"{E5072660-B723-422B-BB74-EAA300BF716B}" = System Migration Assistant
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E922961C-6DB6-41DE-9FEA-426DF3E9F81C}" = IBM 32-bit Runtime Environment for Java 2, v1.4.2
"{EA664480-3844-11D5-8C25-444553540000}" = Funktion "TrackPoint-Eingabehilfen"
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F386C340-DF4B-4BBA-9503-420FB7EDB395}" = Wallpapers
"{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}" = Windows Media Connect
"{F6A04D96-C6D7-498C-9099-BCAD0D99778D}" = Diskeeper Lite
"{FC081D4D-DF1B-4CF1-B530-027E4118D846}" = ThinkPad-Konfiguration
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AwayTask" = ThinkVantage Away Manager
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
"DivX Setup" = DivX-Setup
"InstallShield_{E922961C-6DB6-41DE-9FEA-426DF3E9F81C}" = IBM 32-bit Runtime Environment for Java 2, v1.4.2
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.6.0
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"Mozilla Thunderbird 10.0.2 (x86 de)" = Mozilla Thunderbird 10.0.2 (x86 de)
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"PCMCIAPW" = ThinkPad PC Card Power Policy
"Picasa2" = Picasa 2
"Power Management Driver" = ThinkPad Power Management Driver
"Presentation Director" = ThinkPad-Präsentationsdirektor
"ProInst" = Intel(R) PROSet/Wireless Software
"PROSet" = Intel(R) PRO Network Connections Drivers
"Remove Multimedia Center" = Remove Multimedia Center
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"ThinkPadSoftwareInstaller" = Software Installer
"Windows Media Connect" = Windows Media Connect
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 03.03.2012 05:55:38 | Computer Name = APFELMUS | Source = COM+ | ID = 135761
Description = In der Laufzeitumgebung wurde ein inkonsistenter interner Status erkannt.
Dies deutet auf eine potenzielle Instabilität des Prozesses hin. Diese Instabilität
wird durch die in der COM+-Anwendung ausgeführten benutzerdefinierten Komponenten,
die von ihnen verwendeten Komponenten oder durch andere Faktoren verursacht. Fehler
in d:\qxp_slp\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 80080005:
InitEventCollector fail

Error - 03.03.2012 05:55:38 | Computer Name = APFELMUS | Source = VSS | ID = 12292
Description = Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse
mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80080005] ist ein Fehler aufgetreten.

Error - 03.03.2012 05:55:40 | Computer Name = APFELMUS | Source = COM+ | ID = 135894
Description = Ein aufgetretener Zustand zeigt an, dass die COM+-Anwendung einen
instabilen Status hat oder nicht ordnungsgemäß funktioniert. Assertionsfehler: SUCCEEDED(hr)

Serveranwendungs-ID:
{02D4B3F1-FD88-11D1-960D-00805FC79235} Serveranwendungsinstanz-ID: {66CDB13A-CCAE-42FE-B6DC-9B6E46740F59}
Serveranwendungsname:
System Application Da ein schwerwiegender Fehler vorliegt, wurde der Prozess beendet.
Fehlercode
= 0x8000ffff: Schwerwiegender Fehler COM+-Dienste - interne Informationen: Datei:
d:\qxp_slp\com\com1x\src\comsvcs\tracker\trksvr\trksvrimpl.cpp, Zeile: 3000 Dateiversion
von 'Comsvcs.dll': ENU 2001.12.4414.308 s

Error - 03.03.2012 05:55:45 | Computer Name = APFELMUS | Source = COM+ | ID = 135894
Description = Ein aufgetretener Zustand zeigt an, dass die COM+-Anwendung einen
instabilen Status hat oder nicht ordnungsgemäß funktioniert. Assertionsfehler: SUCCEEDED(hr)

Serveranwendungs-ID:
{02D4B3F1-FD88-11D1-960D-00805FC79235} Serveranwendungsinstanz-ID: {7F81C6A6-C308-4160-B3B0-53EE3BA75EDA}
Serveranwendungsname:
System Application Da ein schwerwiegender Fehler vorliegt, wurde der Prozess beendet.
Fehlercode
= 0x8000ffff: Schwerwiegender Fehler COM+-Dienste - interne Informationen: Datei:
d:\qxp_slp\com\com1x\src\comsvcs\tracker\trksvr\trksvrimpl.cpp, Zeile: 3000 Dateiversion
von 'Comsvcs.dll': ENU 2001.12.4414.308 s

Error - 03.03.2012 06:04:13 | Computer Name = APFELMUS | Source = COM+ | ID = 135894
Description = Ein aufgetretener Zustand zeigt an, dass die COM+-Anwendung einen
instabilen Status hat oder nicht ordnungsgemäß funktioniert. Assertionsfehler: SUCCEEDED(hr)

Serveranwendungs-ID:
{02D4B3F1-FD88-11D1-960D-00805FC79235} Serveranwendungsinstanz-ID: {60C3BB8D-993D-4A73-821B-7396CDB9514E}
Serveranwendungsname:
System Application Da ein schwerwiegender Fehler vorliegt, wurde der Prozess beendet.
Fehlercode
= 0x8000ffff: Schwerwiegender Fehler COM+-Dienste - interne Informationen: Datei:
d:\qxp_slp\com\com1x\src\comsvcs\tracker\trksvr\trksvrimpl.cpp, Zeile: 3000 Dateiversion
von 'Comsvcs.dll': ENU 2001.12.4414.308 s

Error - 03.03.2012 06:04:13 | Computer Name = APFELMUS | Source = COM+ | ID = 135761
Description = In der Laufzeitumgebung wurde ein inkonsistenter interner Status erkannt.
Dies deutet auf eine potenzielle Instabilität des Prozesses hin. Diese Instabilität
wird durch die in der COM+-Anwendung ausgeführten benutzerdefinierten Komponenten,
die von ihnen verwendeten Komponenten oder durch andere Faktoren verursacht. Fehler
in d:\qxp_slp\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 80080005:
InitEventCollector fail

Error - 03.03.2012 06:04:13 | Computer Name = APFELMUS | Source = VSS | ID = 12292
Description = Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse
mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80080005] ist ein Fehler aufgetreten.

Error - 03.03.2012 06:04:16 | Computer Name = APFELMUS | Source = COM+ | ID = 135894
Description = Ein aufgetretener Zustand zeigt an, dass die COM+-Anwendung einen
instabilen Status hat oder nicht ordnungsgemäß funktioniert. Assertionsfehler: SUCCEEDED(hr)

Serveranwendungs-ID:
{02D4B3F1-FD88-11D1-960D-00805FC79235} Serveranwendungsinstanz-ID: {F728A96B-E037-48CB-8934-515602961601}
Serveranwendungsname:
System Application Da ein schwerwiegender Fehler vorliegt, wurde der Prozess beendet.
Fehlercode
= 0x8000ffff: Schwerwiegender Fehler COM+-Dienste - interne Informationen: Datei:
d:\qxp_slp\com\com1x\src\comsvcs\tracker\trksvr\trksvrimpl.cpp, Zeile: 3000 Dateiversion
von 'Comsvcs.dll': ENU 2001.12.4414.308 s

Error - 03.03.2012 06:04:22 | Computer Name = APFELMUS | Source = COM+ | ID = 135894
Description = Ein aufgetretener Zustand zeigt an, dass die COM+-Anwendung einen
instabilen Status hat oder nicht ordnungsgemäß funktioniert. Assertionsfehler: SUCCEEDED(hr)

Serveranwendungs-ID:
{02D4B3F1-FD88-11D1-960D-00805FC79235} Serveranwendungsinstanz-ID: {0F46B27C-8392-4F39-A91A-262B53D8D32B}
Serveranwendungsname:
System Application Da ein schwerwiegender Fehler vorliegt, wurde der Prozess beendet.
Fehlercode
= 0x8000ffff: Schwerwiegender Fehler COM+-Dienste - interne Informationen: Datei:
d:\qxp_slp\com\com1x\src\comsvcs\tracker\trksvr\trksvrimpl.cpp, Zeile: 3000 Dateiversion
von 'Comsvcs.dll': ENU 2001.12.4414.308 s

Error - 07.03.2012 04:49:20 | Computer Name = APFELMUS | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung tvtsched.exe, Version 3.0.9.0, fehlgeschlagenes
Modul tvtsched.exe, Version 3.0.9.0, Fehleradresse 0x00001ffa.

[ System Events ]
Error - 05.03.2012 07:59:56 | Computer Name = APFELMUS | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.2 für die Netzwerkkarte mit der Netzwerkadresse
0013029A488B wurde durch den DHCP-Server 132.230.201.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).

Error - 06.03.2012 06:39:23 | Computer Name = APFELMUS | Source = PlugPlayManager | ID = 12
Description = Das Gerät "Intel(R) PRO/1000 PL Network Connection" (PCI\VEN_8086&DEV_109A&SUBSYS_200117AA&REV_00\4&192ac53f&0&00E0)
wurde ohne vorbereitende Maßnahmen vom System entfernt.

Error - 06.03.2012 15:08:07 | Computer Name = APFELMUS | Source = PlugPlayManager | ID = 12
Description = Das Gerät "Intel(R) PRO/1000 PL Network Connection" (PCI\VEN_8086&DEV_109A&SUBSYS_200117AA&REV_00\4&192ac53f&0&00E0)
wurde ohne vorbereitende Maßnahmen vom System entfernt.

Error - 06.03.2012 17:33:00 | Computer Name = APFELMUS | Source = PlugPlayManager | ID = 12
Description = Das Gerät "Intel(R) PRO/1000 PL Network Connection" (PCI\VEN_8086&DEV_109A&SUBSYS_200117AA&REV_00\4&192ac53f&0&00E0)
wurde ohne vorbereitende Maßnahmen vom System entfernt.

Error - 07.03.2012 04:49:09 | Computer Name = APFELMUS | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error - 07.03.2012 04:50:55 | Computer Name = APFELMUS | Source = Service Control Manager | ID = 7034
Description = Dienst "TVT Scheduler" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.

Error - 07.03.2012 12:51:42 | Computer Name = APFELMUS | Source = PlugPlayManager | ID = 12
Description = Das Gerät "Intel(R) PRO/1000 PL Network Connection" (PCI\VEN_8086&DEV_109A&SUBSYS_200117AA&REV_00\4&192ac53f&0&00E0)
wurde ohne vorbereitende Maßnahmen vom System entfernt.

Error - 07.03.2012 15:00:45 | Computer Name = APFELMUS | Source = PlugPlayManager | ID = 12
Description = Das Gerät "Intel(R) PRO/1000 PL Network Connection" (PCI\VEN_8086&DEV_109A&SUBSYS_200117AA&REV_00\4&192ac53f&0&00E0)
wurde ohne vorbereitende Maßnahmen vom System entfernt.

Error - 07.03.2012 18:44:29 | Computer Name = APFELMUS | Source = PlugPlayManager | ID = 12
Description = Das Gerät "Intel(R) PRO/1000 PL Network Connection" (PCI\VEN_8086&DEV_109A&SUBSYS_200117AA&REV_00\4&192ac53f&0&00E0)
wurde ohne vorbereitende Maßnahmen vom System entfernt.

Error - 08.03.2012 16:20:11 | Computer Name = APFELMUS | Source = PlugPlayManager | ID = 12
Description = Das Gerät "Intel(R) PRO/1000 PL Network Connection" (PCI\VEN_8086&DEV_109A&SUBSYS_200117AA&REV_00\4&192ac53f&0&00E0)
wurde ohne vorbereitende Maßnahmen vom System entfernt.

< End of report >

Schonmal vielen Dank im Voraus für eure Antwort!

VG Toff

cosinus · 08.03.2012, 23:08

Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung?

Abgesicherter Modus zur Bereinigung

Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

Toff · 10.03.2012, 16:11

Hallo Arne,

sorry, hatte gestern keine Möglichkeit zu antworten. Ich habe versucht den abgesichterten Modus zu starten - funktioniert irgendwie allgemein nicht. Ich habe ein altes Think-Pad T 60; die haben da einen eigenen abgesichterten Think-Pad-Modus, hab ich den Eindruck, mit dem bekomme ich aber keine Internetverbindung. Vielleicht bin ich auch unfähig...

Seltsamerweise funktioniert das Internet gerade auch im Standart-Modus - es braucht wie gesagt immer unterschiedlich lang, bis ich den schwarzen Bildschirm mit der Zahlungsaufforderung sehe.

Ich bin mir deshalb auch sehr unsicher, wie drastisch mein Problem wirklich ist...

Viele Grüße

cosinus · 10.03.2012, 16:45

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

Toff · 10.03.2012, 19:32

Hallo,

ich habe die Scans gemacht; hier erst das ESET-Log:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=e8a6457747e3a247a5cefe4d579e1bf4
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-10 06:18:07
# local_time=2012-03-10 07:18:07 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1797 16775145 100 93 728050 67937163 720805 0
# compatibility_mode=8192 67108863 100 0 3785 3785 0 0
# scanned=50971
# found=0
# cleaned=0
# scan_time=3144

Und zweitens das Malwarebytes-Log:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.10.03

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
toff :: APFELMUS [Administrator]

10.03.2012 17:45:40
mbam-log-2012-03-10 (17-45-40).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 227833
Laufzeit: 24 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SkypeM (Trojan.VUPX.ABI2) -> Daten: C:\Dokumente und Einstellungen\toff\Lokale Einstellungen\Anwendungsdaten\Skype\Skype.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRun (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Dokumente und Einstellungen\toff\Lokale Einstellungen\Anwendungsdaten\Skype\Skype.exe (Trojan.VUPX.ABI2) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\WINDOWS\system32\a.exe (Trojan.VUPX.ABI2) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Vielen Dank schonmal!!!

cosinus · 12.03.2012, 14:16

Funktioniert der normale Modus wieder?

Toff · 12.03.2012, 17:52

Ja, funktioniert prima.
Vielen herzlichen Dank für deine Hilfe!!!

Glaubst du, das ist ausreichend?

Darf ich dich noch mit einem kleinen Problem belasten? Meine Festplatte (50 Gigabyte glaube ich) zeigt mir an, dass 38 Gigabyte belegt seien. Wenn ich im Laufwerk selbst alle Inhalte zusammen markiere, kommt die Rechnung auf 12 Gigabyte, was mir auch wesentlich realistische erscheint, ich habe wirklich nicht viele Daten auf dem Rechner. Kann das ein Anzeigefehler sein...oder sonstwas, um das ich mir Sorgen machen müsste?

Wenn du dich für die Frage nicht zuständig fühlst oder keine Antwort parat hast, kein Problem! Ich bin schon glücklich, dass er wieder läuft.

Viele Grüße,
Toff

cosinus · 12.03.2012, 19:45

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Toff · 12.03.2012, 22:19

Gemacht, hier das log:

OTL

Code:

ATTFilter

OTL logfile created on: 12.03.2012 22:10:08 - Run 1
OTL by OldTimer - Version 3.2.36.3     Folder = C:\Dokumente und Einstellungen\toff\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,54 Gb Available Physical Memory | 77,19% Memory free
3,84 Gb Paging File | 3,43 Gb Available in Paging File | 89,26% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 51,98 Gb Total Space | 18,01 Gb Free Space | 34,65% Space Free | Partition Type: NTFS
 
Computer Name: APFELMUS | User Name: toff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.12 22:09:11 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\toff\Desktop\OTL.exe
PRC - [2011.07.01 13:37:30 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.28 13:14:13 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.01.10 14:22:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.09.27 11:00:18 | 001,549,088 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\vpngui.exe
PRC - [2010.09.27 10:58:24 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2007.06.13 14:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.01.31 22:24:28 | 000,147,456 | ---- | M] (Lenovo) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2006.01.31 22:23:08 | 000,040,960 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2006.01.31 22:19:26 | 000,409,600 | ---- | M] (Lenovo) -- C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2006.01.31 22:12:04 | 000,098,304 | ---- | M] (Lenovo) -- C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2005.12.21 18:34:58 | 000,077,824 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
PRC - [2005.12.21 18:27:00 | 000,032,768 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Common\Logger\logmon.exe
PRC - [2005.12.21 18:20:56 | 001,384,448 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
PRC - [2005.12.21 18:13:20 | 002,369,072 | ---- | M] (Lenovo Group Limited) -- C:\Programme\IBM ThinkVantage\Client Security Solution\pwmgr.exe
PRC - [2005.12.21 18:08:02 | 001,996,336 | ---- | M] (Lenovo Group Limited) -- C:\Programme\IBM ThinkVantage\Client Security Solution\cssauth.exe
PRC - [2005.12.21 17:17:54 | 000,722,480 | ---- | M] (IBM) -- C:\Programme\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
PRC - [2005.12.14 11:51:12 | 000,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2005.12.01 01:09:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE
PRC - [2005.11.15 13:13:24 | 000,049,152 | R--- | M] (Utimaco Safeware AG) -- C:\Programme\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
PRC - [2005.11.01 15:04:02 | 000,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2005.10.26 00:44:30 | 000,086,016 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
PRC - [2005.09.15 13:57:42 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe
PRC - [2005.08.01 17:32:40 | 000,040,960 | ---- | M] () -- C:\Programme\ThinkVantage\SystemUpdate\UCLauncherService.exe
PRC - [2005.08.01 05:10:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005.07.05 14:57:12 | 000,077,824 | ---- | M] () -- C:\Programme\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
PRC - [2005.06.06 21:26:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
PRC - [2004.07.27 16:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.09.27 11:03:08 | 000,201,512 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
MOD - [2010.06.17 14:27:02 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2006.01.31 22:24:24 | 000,413,696 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcSvcHlpr.dll
MOD - [2006.01.31 22:23:58 | 000,188,416 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcGolan.dll
MOD - [2006.01.31 22:23:24 | 000,114,688 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcLocMigrator.dll
MOD - [2006.01.31 22:23:08 | 000,073,728 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll
MOD - [2006.01.31 22:23:08 | 000,040,960 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
MOD - [2006.01.31 22:22:56 | 000,499,712 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\ACon.dll
MOD - [2006.01.31 22:19:06 | 000,007,680 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\ACTurinSupport.dll
MOD - [2006.01.31 22:14:36 | 000,094,208 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\ThinQCon.dll
MOD - [2006.01.31 22:02:14 | 000,090,112 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcSvcStub.dll
MOD - [2006.01.31 22:00:02 | 000,143,360 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgr.dll
MOD - [2006.01.31 21:59:56 | 000,077,824 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
MOD - [2006.01.31 21:59:50 | 000,151,552 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcLocSettings.dll
MOD - [2006.01.31 21:59:26 | 000,069,632 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\ACHelper.dll
MOD - [2006.01.25 01:03:00 | 000,057,344 | ---- | M] () -- C:\Programme\ThinkVantage\PrdCtr\GR\LPRESMGR.DLL
MOD - [2005.12.21 18:34:58 | 000,077,824 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
MOD - [2005.12.21 18:27:00 | 000,032,768 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Common\Logger\logmon.exe
MOD - [2005.12.21 18:23:06 | 000,139,264 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\CDRecord.dll
MOD - [2005.12.21 18:20:56 | 001,384,448 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
MOD - [2005.12.21 18:19:10 | 000,155,648 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\ui.dll
MOD - [2005.12.21 18:19:02 | 000,069,632 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\zlib.dll
MOD - [2005.12.21 18:15:14 | 000,671,744 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\rr_res.dll
MOD - [2005.12.07 01:12:00 | 000,073,728 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\PWRMGRIF.DLL
MOD - [2005.12.07 01:12:00 | 000,040,960 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\GR\PWRMGRRT.DLL
MOD - [2005.11.30 20:16:02 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\tphklock.dll
MOD - [2005.11.28 11:59:16 | 000,876,544 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\Libeay32.dll
MOD - [2005.11.28 11:59:16 | 000,208,965 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2005.11.28 11:59:16 | 000,053,322 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\IntStngs.dll
MOD - [2005.11.17 02:22:00 | 000,057,344 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\GR\EZMAPRES.DLL
MOD - [2005.10.28 20:29:52 | 000,208,896 | ---- | M] () -- C:\Programme\Lenovo\PkgMgr\HOTKEY\tpfnf7.dll
MOD - [2005.09.21 02:57:56 | 004,325,376 | ---- | M] () -- C:\Programme\Cisco Systems\VPN Client\qt-mt335.dll
MOD - [2005.08.05 21:22:58 | 000,081,920 | ---- | M] () -- C:\Programme\ThinkPad\TpShocks\MUI\0407\TpShocks.dll
MOD - [2005.08.01 17:32:40 | 000,040,960 | ---- | M] () -- C:\Programme\ThinkVantage\SystemUpdate\UCLauncherService.exe
MOD - [2005.08.01 17:32:36 | 000,147,456 | ---- | M] () -- C:\Programme\ThinkVantage\SystemUpdate\UCLauncherCommon.dll
MOD - [2005.07.20 03:34:28 | 000,126,976 | ---- | M] () -- C:\Programme\ThinkVantage\AMSG\ahlprunl.dll
MOD - [2005.07.05 23:45:08 | 000,028,672 | ---- | M] () -- C:\WINDOWS\system32\notifyf2.dll
MOD - [2005.07.05 14:57:12 | 000,077,824 | ---- | M] () -- C:\Programme\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
MOD - [2005.06.30 03:54:50 | 000,180,224 | ---- | M] () -- C:\Programme\ThinkVantage\AMSG\AcpPollingEngine.dll
MOD - [2005.06.06 21:26:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] --  -- (PsaSrv)
SRV - File not found [Disabled | Stopped] --  -- (HidServ)
SRV - [2012.02.15 13:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.07.01 13:37:30 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.28 13:14:13 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.09.27 10:58:24 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2006.01.31 22:24:28 | 000,147,456 | ---- | M] (Lenovo) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2006.01.31 22:23:08 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2005.12.21 18:34:58 | 000,077,824 | ---- | M] () [Auto | Running] -- C:\Programme\IBM ThinkVantage\Common\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2005.12.21 18:20:56 | 001,384,448 | ---- | M] () [Auto | Running] -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2005.12.21 17:17:54 | 000,722,480 | ---- | M] (IBM) [Auto | Running] -- C:\Programme\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe -- (TSSCoreService)
SRV - [2005.12.14 11:51:12 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2005.12.01 01:09:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)
SRV - [2005.11.01 15:04:02 | 000,258,103 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2005.08.01 17:32:40 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Programme\ThinkVantage\SystemUpdate\UCLauncherService.exe -- (UCLauncherService)
SRV - [2005.06.06 21:26:22 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
SRV - [2004.10.22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004.08.11 00:46:56 | 000,483,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Windows Media Connect\mswmccds.exe -- (WmcCds) Windows Media Connect (WMC)
SRV - [2004.08.10 21:50:42 | 000,028,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Connect\mswmcls.exe -- (WmcCdsLs)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2011.07.01 13:37:31 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.01 13:37:31 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.11.13 23:36:20 | 000,016,256 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2010.09.27 10:56:00 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.06.17 14:26:52 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.11.16 17:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007.11.14 18:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2007.01.18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.01.13 00:33:22 | 000,006,016 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2005.12.21 17:14:58 | 000,012,544 | ---- | M] (IBM) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ibmfilter.sys -- (ibmfilter)
DRV - [2005.12.07 01:12:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2005.12.01 01:09:00 | 000,005,120 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2005.11.30 01:51:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2005.11.30 01:51:00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2005.11.28 12:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005.11.27 07:36:08 | 001,427,968 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2005.11.21 02:41:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2005.11.15 13:11:28 | 000,046,142 | R--- | M] (Utimaco Safeware AG) [Kernel | Auto | Running] -- C:\Programme\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys -- (PrivateDisk)
DRV - [2005.11.08 09:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2005.11.01 14:53:14 | 001,342,122 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2005.11.01 14:51:06 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005.08.01 05:10:00 | 000,092,700 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005.08.01 05:10:00 | 000,087,004 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005.08.01 05:10:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005.08.01 05:10:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005.08.01 05:10:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005.08.01 05:10:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005.08.01 05:10:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005.07.07 09:03:34 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005.07.07 09:02:56 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.lenovo.com/de/de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-625425684-1169080742-3091018802-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-625425684-1169080742-3091018802-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-625425684-1169080742-3091018802-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.lenovo.com/de/de
IE - HKU\S-1-5-21-625425684-1169080742-3091018802-1005\..\SearchScopes,DefaultScope = Google
IE - HKU\S-1-5-21-625425684-1169080742-3091018802-1005\..\SearchScopes\Google: "URL" = hxxp://www.google.com/search?sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&q=%s
IE - HKU\S-1-5-21-625425684-1169080742-3091018802-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.lemonde.fr/"
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.04 11:41:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.03.24 22:09:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.01.04 11:41:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2011.09.14 23:09:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins
 
[2010.11.19 01:24:28 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\toff\Anwendungsdaten\Mozilla\Extensions
[2012.03.03 21:27:42 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\toff\Anwendungsdaten\Mozilla\Firefox\Profiles\xpd9hs47.default\extensions
[2011.03.24 22:09:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\TOFF\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\XPD9HS47.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.01.04 11:41:56 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAMME\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2011.03.18 18:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2010.01.01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2010.01.01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.11.24 23:00:39 | 000,001,017 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1 im.adtech.de
O1 - Hosts: 127.0.0.1 adserver.adtech.de
O1 - Hosts: 127.0.0.1 adtech.de
O1 - Hosts: 127.0.0.1 ar.atwola.com
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O1 - Hosts: 127.0.0.1 71i.de
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O3 - HKU\S-1-5-21-625425684-1169080742-3091018802-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BLOG] C:\Programme\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [cssauth] C:\Programme\IBM ThinkVantage\Client Security Solution\cssauth.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [ISUSPM Startup] c:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] c:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [PCDrProfiler]  File not found
O4 - HKLM..\Run: [PDService.exe] C:\Programme\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe (Utimaco Safeware AG)
O4 - HKLM..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [suScheduler] C:\Programme\ThinkVantage\SystemUpdate\UCLauncher.exe ()
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Programme\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk = C:\WINDOWS\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-625425684-1169080742-3091018802-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : IBM Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: ThinkPad-Software - Aktualisierung - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Programme\Lenovo\PkgMgr\\PkgMgr.exe ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab (Java Plug-in 1.4.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F44FC95-73F9-4895-B256-1BA0BA76AB38}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Programme\TXJLkIgyXCÁ½Ëucjxaunp.exe\ucjxaunp.exe) -  File not found
O20 - Winlogon\Notify\ACNotify: DllName - (ACNotify.dll) - C:\Programme\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo)
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\tpfnf2: DllName - (notifyf2.dll) - C:\WINDOWS\System32\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - (tphklock.dll) - C:\WINDOWS\System32\tphklock.dll ()
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.11.13 23:46:27 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - 
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\WINDOWS\System32\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.12 22:09:06 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\toff\Desktop\OTL.exe
[2012.03.10 18:22:37 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.03.10 17:43:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\toff\Anwendungsdaten\Malwarebytes
[2012.03.10 17:43:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.03.10 17:42:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.03.10 17:42:57 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.03.10 17:42:57 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.03.04 20:44:30 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype
[2012.03.03 21:04:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Skype
[2012.03.03 21:04:35 | 000,000,000 | R--D | C] -- C:\Programme\Skype
[2012.03.03 15:10:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCDr
[2012.03.03 09:46:58 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\toff\Recent
[2012.02.22 12:04:49 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\toff\Startmenü\Programme\Verwaltung
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.12 22:12:57 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2012.03.12 22:09:11 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\toff\Desktop\OTL.exe
[2012.03.12 22:07:43 | 000,010,996 | ---- | M] () -- C:\Dokumente und Einstellungen\toff\Desktop\Muchemblet Société Policée.odt
[2012.03.12 20:03:53 | 001,064,521 | ---- | M] () -- C:\Dokumente und Einstellungen\toff\Desktop\johanna.jpg
[2012.03.12 13:21:50 | 000,002,423 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk
[2012.03.12 13:21:30 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.03.12 13:20:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.03.11 19:25:54 | 000,011,545 | ---- | M] () -- C:\Dokumente und Einstellungen\toff\Desktop\Linke Körperverhalten.odt
[2012.03.11 18:54:55 | 000,012,982 | ---- | M] () -- C:\Dokumente und Einstellungen\toff\Desktop\Serna Der Adlige.odt
[2012.03.11 13:49:36 | 000,015,463 | ---- | M] () -- C:\Dokumente und Einstellungen\toff\Desktop\Marraud Noblesse.odt
[2012.03.11 08:15:24 | 000,114,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.03.10 23:41:19 | 000,019,007 | ---- | M] () -- C:\Dokumente und Einstellungen\toff\Eigene Dateien\BENES.ODT
[2012.03.10 22:28:08 | 000,009,685 | ---- | M] () -- C:\Dokumente und Einstellungen\toff\Desktop\Vorlage Exzerpt.odt
[2012.03.09 20:43:05 | 000,010,773 | ---- | M] () -- C:\Dokumente und Einstellungen\toff\Desktop\Davetian Civility.odt
[2012.03.09 19:56:07 | 000,010,500 | ---- | M] () -- C:\Dokumente und Einstellungen\toff\Desktop\Honnetete.odt
[2012.03.09 19:08:10 | 000,015,351 | ---- | M] () -- C:\Dokumente und Einstellungen\toff\Desktop\Pompe Natürlichkeitsideal.odt
[2012.03.04 18:22:01 | 000,011,244 | ---- | M] () -- C:\Dokumente und Einstellungen\toff\Eigene Dateien\FTSV.odt
[2012.03.01 17:01:07 | 000,012,427 | ---- | M] () -- C:\Dokumente und Einstellungen\toff\Desktop\Antrag Prüfungsausschuss.odt
[2012.02.16 14:35:40 | 000,008,839 | ---- | M] () -- C:\Dokumente und Einstellungen\toff\Desktop\Semesterplan.ods
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.12 21:29:06 | 000,010,996 | ---- | C] () -- C:\Dokumente und Einstellungen\toff\Desktop\Muchemblet Société Policée.odt
[2012.03.12 20:03:52 | 001,064,521 | ---- | C] () -- C:\Dokumente und Einstellungen\toff\Desktop\johanna.jpg
[2012.03.11 18:56:32 | 000,011,545 | ---- | C] () -- C:\Dokumente und Einstellungen\toff\Desktop\Linke Körperverhalten.odt
[2012.03.11 18:54:54 | 000,012,982 | ---- | C] () -- C:\Dokumente und Einstellungen\toff\Desktop\Serna Der Adlige.odt
[2012.03.10 22:49:47 | 000,019,007 | ---- | C] () -- C:\Dokumente und Einstellungen\toff\Eigene Dateien\BENES.ODT
[2012.03.10 16:54:40 | 000,015,463 | ---- | C] () -- C:\Dokumente und Einstellungen\toff\Desktop\Marraud Noblesse.odt
[2012.03.09 20:43:04 | 000,010,773 | ---- | C] () -- C:\Dokumente und Einstellungen\toff\Desktop\Davetian Civility.odt
[2012.03.09 19:56:06 | 000,010,500 | ---- | C] () -- C:\Dokumente und Einstellungen\toff\Desktop\Honnetete.odt
[2012.03.09 13:29:05 | 000,015,351 | ---- | C] () -- C:\Dokumente und Einstellungen\toff\Desktop\Pompe Natürlichkeitsideal.odt
[2012.03.03 17:04:40 | 000,011,244 | ---- | C] () -- C:\Dokumente und Einstellungen\toff\Eigene Dateien\FTSV.odt
[2012.02.24 17:33:07 | 000,012,427 | ---- | C] () -- C:\Dokumente und Einstellungen\toff\Desktop\Antrag Prüfungsausschuss.odt
[2011.09.24 19:57:26 | 000,000,044 | ---- | C] () -- C:\WINDOWS\SMWizard.INI
[2010.12.25 14:31:24 | 000,006,144 | ---- | C] () -- C:\Dokumente und Einstellungen\toff\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.11 23:35:16 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010.12.11 23:35:15 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010.12.11 23:35:11 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010.12.11 23:35:11 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010.12.11 23:35:10 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010.12.09 19:25:48 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010.11.14 00:06:48 | 000,002,458 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2010.11.14 00:03:14 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll
[2010.11.14 00:03:14 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll
[2010.11.14 00:01:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2010.11.14 00:01:05 | 000,000,487 | ---- | C] () -- C:\WINDOWS\System32\IPSCTRL.INI
[2010.11.13 23:46:21 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\toff\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2010.11.13 23:38:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010.11.13 23:38:26 | 000,016,384 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE
[2010.11.13 23:38:25 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2010.11.13 23:38:10 | 000,006,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2010.11.13 23:36:19 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\psasrv.exe
[2010.11.13 23:32:10 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\profile.dat
[2010.11.13 23:30:40 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2010.11.13 23:30:40 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2010.11.13 23:30:40 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2010.11.13 23:30:40 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2010.11.13 23:30:40 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2010.11.13 23:30:40 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2010.11.13 23:29:37 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2010.11.13 23:29:18 | 000,000,148 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010.11.13 23:20:03 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2010.11.13 23:19:42 | 000,009,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2010.11.13 23:18:34 | 000,147,520 | ---- | C] () -- C:\WINDOWS\_tpiu000.exe
[2010.11.13 23:18:18 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TpKmpSvc.exe
[2010.09.27 11:03:08 | 000,201,512 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2010.09.27 10:57:26 | 000,197,416 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
 
========== LOP Check ==========
 
[2010.11.13 23:27:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\IBM
[2010.11.13 23:49:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ThinkVantage
[2010.11.13 23:28:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lenovo
[2012.03.03 15:11:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCDr
[2011.05.20 18:00:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Swiss Academic Software
[2010.11.13 23:49:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ThinkVantage
[2010.11.13 23:27:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\IBM
[2010.11.13 23:49:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\ThinkVantage
[2010.11.13 23:35:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Lenovo
[2012.01.04 14:15:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\toff\Anwendungsdaten\DDMSettings
[2010.11.13 23:27:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\toff\Anwendungsdaten\IBM
[2012.03.10 20:59:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\toff\Anwendungsdaten\ICQ
[2010.11.18 10:54:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\toff\Anwendungsdaten\OpenOffice.org
[2010.11.14 01:11:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\toff\Anwendungsdaten\Opera
[2011.10.26 09:35:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\toff\Anwendungsdaten\stickies
[2010.11.13 23:49:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\toff\Anwendungsdaten\ThinkVantage
[2011.07.12 21:31:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\toff\Anwendungsdaten\Thunderbird
[2012.03.12 22:12:57 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.01.30 22:04:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\toff\Anwendungsdaten\Adobe
[2010.11.14 01:41:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\toff\Anwendungsdaten\AdobeUM
[2011.06.24 13:26:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\toff\Anwendungsdaten\Avira
[2012.01.04 14:15:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\toff\Anwendungsdaten\DDMSettings
[2012.01.11 16:04:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\toff\Anwendungsdaten\DivX
[2010.11.13 23:38:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\toff\Anwendungsdaten\Google
[2010.11.13 23:27:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\toff\Anwendungsdaten\IBM
[2012.03.10 20:59:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\toff\Anwendungsdaten\ICQ
[2004.08.10 13:35:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\toff\Anwendungsdaten\Identities
[2010.11.14 01:08:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\toff\Anwendungsdaten\Macromedia
[2012.03.10 17:43:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\toff\Anwendungsdaten\Malwarebytes
[2010.11.17 00:07:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\toff\Anwendungsdaten\Media Player Classic
[2011.07.16 18:28:44 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\toff\Anwendungsdaten\Microsoft
[2010.11.19 01:24:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\toff\Anwendungsdaten\Mozilla
[2010.11.18 10:54:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\toff\Anwendungsdaten\OpenOffice.org
[2010.11.14 01:11:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\toff\Anwendungsdaten\Opera
[2012.03.12 20:11:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\toff\Anwendungsdaten\Skype
[2011.10.26 09:35:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\toff\Anwendungsdaten\stickies
[2010.11.13 23:31:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\toff\Anwendungsdaten\Symantec
[2010.11.13 23:49:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\toff\Anwendungsdaten\ThinkVantage
[2011.07.12 21:31:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\toff\Anwendungsdaten\Thunderbird
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2004.08.04 05:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004.08.04 05:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\agp440.sys
[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\AGP440.SYS
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 05:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004.08.04 05:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\eventlog.dll
[2004.08.04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\system32\eventlog.dll
 
< MD5 for: IASTOR.SYS  >
[2005.10.12 12:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\DRIVERS\OTHER\IASTOR.SYS
[2005.10.12 12:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\IBMTOOLS\drivers\IMSM\IASTOR.SYS
[2005.10.12 12:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\system32\drivers\IASTOR.SYS
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\netlogon.dll
[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\system32\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\scecli.dll
[2004.08.04 05:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\system32\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.03.08 16:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\system32\dllcache\user32.dll
[2007.03.08 16:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\system32\user32.dll
[2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\userinit.exe
[2004.08.04 05:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2005.04.01 19:33:14 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=B0B3908F5432F9DBBCD83CA4C33F0D82 -- C:\WINDOWS\system32\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004.08.04 05:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2004.08.10 13:16:54 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004.08.10 13:16:54 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004.08.10 13:16:54 | 000,417,792 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
<           >

< End of report >

cosinus · 12.03.2012, 22:34

Zitat:

O2 - BHO: (DivX Plus Web Player HTML5 <video>)

Gehörst du auch zur der Fraktion, die sich Serien und Kinofilme über dubiose Portale anschaut?
Wenn ja: in Zukunft Finger weg, diese illegalen Portale verbreiten Malware und wenn du in Zukunft malwarefrei sein wilst, musst du auf legale Alternativen ausweichen und auf solche riskanten Streamingseiten verzichten!

Toff · 12.03.2012, 23:02

Ja, ist mir klar, das muss ich wohl daher haben.

Und ja, natürlich hast du Recht.

Ich denke, man unterschätzt immer, dass das ganz konkret schaden kann (von einem moralischen und rechtlichen Standpunkt der Argumentation mal abgesehen).

cosinus · 13.03.2012, 16:34

Ja, lass einfach die Finger von diesen Seiten

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKU\S-1-5-21-625425684-1169080742-3091018802-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-625425684-1169080742-3091018802-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-625425684-1169080742-3091018802-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.lenovo.com/de/de
IE - HKU\S-1-5-21-625425684-1169080742-3091018802-1005\..\SearchScopes,DefaultScope = Google
IE - HKU\S-1-5-21-625425684-1169080742-3091018802-1005\..\SearchScopes\Google: "URL" = http://www.google.com/search?sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&q=%s
O3 - HKU\S-1-5-21-625425684-1169080742-3091018802-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [PCDrProfiler]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-625425684-1169080742-3091018802-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : IBM Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: UserInit - (C:\Programme\TXJLkIgyXCÁ½Ëucjxaunp.exe\ucjxaunp.exe) -  File not found
:Files
C:\Programme\TXJLkIgy*
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Toff · 13.03.2012, 20:36

Gemacht;

hier das log:

Code:

ATTFilter

All processes killed
========== OTL ==========
HKU\S-1-5-21-625425684-1169080742-3091018802-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-625425684-1169080742-3091018802-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-21-625425684-1169080742-3091018802-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-21-625425684-1169080742-3091018802-1005\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-625425684-1169080742-3091018802-1005\Software\Microsoft\Internet Explorer\SearchScopes\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-625425684-1169080742-3091018802-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PCDrProfiler deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-625425684-1169080742-3091018802-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Programme\TXJLkIgyXCÁ½Ëucjxaunp.exe\ucjxaunp.exe deleted successfully.
========== FILES ==========
C:\Programme\TXJLkIgyXCÁ½Ëucjxaunp.exe folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: toff
->Temp folder emptied: 3947994 bytes
->Temporary Internet Files folder emptied: 14440060 bytes
->FireFox cache emptied: 49657916 bytes
->Opera cache emptied: 12034 bytes
->Flash cache emptied: 3593 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3401908 bytes
RecycleBin emptied: 13136192 bytes
 
Total Files Cleaned = 81,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.36.3 log created on 03132012_202600

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus · 13.03.2012, 20:37

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Toff · 13.03.2012, 20:54

Voilà:

Code:

ATTFilter

20:56:22.0281 2188	TDSS rootkit removing tool 2.7.20.0 Mar  9 2012 17:10:43
20:56:22.0484 2188	============================================================
20:56:22.0484 2188	Current date / time: 2012/03/13 20:56:22.0484
20:56:22.0484 2188	SystemInfo:
20:56:22.0484 2188	
20:56:22.0484 2188	OS Version: 5.1.2600 ServicePack: 2.0
20:56:22.0484 2188	Product type: Workstation
20:56:22.0484 2188	ComputerName: APFELMUS
20:56:22.0500 2188	UserName: toff
20:56:22.0500 2188	Windows directory: C:\WINDOWS
20:56:22.0500 2188	System windows directory: C:\WINDOWS
20:56:22.0500 2188	Processor architecture: Intel x86
20:56:22.0500 2188	Number of processors: 2
20:56:22.0500 2188	Page size: 0x1000
20:56:22.0500 2188	Boot type: Normal boot
20:56:22.0500 2188	============================================================
20:56:23.0531 2188	Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1E48, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
20:56:23.0546 2188	\Device\Harddisk0\DR0:
20:56:23.0546 2188	MBR used
20:56:23.0546 2188	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x67F7061
20:56:23.0578 2188	Initialize success
20:56:23.0578 2188	============================================================
20:56:45.0421 2680	============================================================
20:56:45.0421 2680	Scan started
20:56:45.0421 2680	Mode: Manual; SigCheck; TDLFS; 
20:56:45.0421 2680	============================================================
20:56:46.0281 2680	Abiosdsk - ok
20:56:46.0375 2680	abp480n5        (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
20:56:46.0640 2680	abp480n5 - ok
20:56:46.0687 2680	ac97intc        (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
20:56:46.0890 2680	ac97intc - ok
20:56:46.0984 2680	ACPI            (94b4741d2cf9ed38140b831293d1601a) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:56:47.0187 2680	ACPI - ok
20:56:47.0265 2680	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
20:56:47.0500 2680	ACPIEC - ok
20:56:47.0609 2680	ADIHdAudAddService (b7c4f2a40b7d2289eb944fff30f385ff) C:\WINDOWS\system32\drivers\ADIHdAud.sys
20:56:47.0625 2680	ADIHdAudAddService - ok
20:56:47.0671 2680	adpu160m        (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
20:56:47.0875 2680	adpu160m - ok
20:56:47.0921 2680	AEAudioService  (c984de22ed71414abc42c1e03d412e33) C:\WINDOWS\system32\drivers\AEAudio.sys
20:56:47.0953 2680	AEAudioService - ok
20:56:48.0031 2680	aec             (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
20:56:48.0593 2680	aec - ok
20:56:48.0687 2680	AegisP          (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys
20:56:48.0703 2680	AegisP ( UnsignedFile.Multi.Generic ) - warning
20:56:48.0703 2680	AegisP - detected UnsignedFile.Multi.Generic (1)
20:56:48.0828 2680	AFD             (6a0397376853e604de8e1e7a87fc08ac) C:\WINDOWS\System32\drivers\afd.sys
20:56:48.0859 2680	AFD - ok
20:56:48.0921 2680	agp440          (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
20:56:49.0125 2680	agp440 - ok
20:56:49.0171 2680	agpCPQ          (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
20:56:49.0375 2680	agpCPQ - ok
20:56:49.0437 2680	Aha154x         (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
20:56:49.0578 2680	Aha154x - ok
20:56:49.0625 2680	aic78u2         (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
20:56:49.0828 2680	aic78u2 - ok
20:56:49.0859 2680	aic78xx         (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
20:56:50.0062 2680	aic78xx - ok
20:56:50.0125 2680	AliIde          (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
20:56:50.0343 2680	AliIde - ok
20:56:50.0484 2680	alim1541        (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
20:56:50.0703 2680	alim1541 - ok
20:56:50.0750 2680	amdagp          (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
20:56:50.0953 2680	amdagp - ok
20:56:51.0031 2680	amsint          (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
20:56:51.0140 2680	amsint - ok
20:56:51.0203 2680	ANC             (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS
20:56:51.0203 2680	ANC ( UnsignedFile.Multi.Generic ) - warning
20:56:51.0203 2680	ANC - detected UnsignedFile.Multi.Generic (1)
20:56:51.0250 2680	asc             (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
20:56:51.0453 2680	asc - ok
20:56:51.0500 2680	asc3350p        (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
20:56:51.0625 2680	asc3350p - ok
20:56:51.0687 2680	asc3550         (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
20:56:51.0921 2680	asc3550 - ok
20:56:51.0984 2680	AsyncMac        (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:56:52.0171 2680	AsyncMac - ok
20:56:52.0250 2680	atapi           (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:56:52.0437 2680	atapi - ok
20:56:52.0500 2680	Atdisk - ok
20:56:52.0546 2680	Atmarpc         (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:56:52.0765 2680	Atmarpc - ok
20:56:52.0812 2680	atmeltpm        (dbf0d7e2df33b469eb55406fea759350) C:\WINDOWS\system32\DRIVERS\atmeltpm.sys
20:56:52.0843 2680	atmeltpm - ok
20:56:52.0953 2680	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:56:53.0156 2680	audstub - ok
20:56:53.0328 2680	avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
20:56:53.0343 2680	avgio - ok
20:56:53.0437 2680	avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
20:56:53.0468 2680	avgntflt - ok
20:56:53.0515 2680	avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
20:56:53.0531 2680	avipbb - ok
20:56:53.0625 2680	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:56:53.0812 2680	Beep - ok
20:56:53.0968 2680	BTKRNL          (7512c4f3f408dd9804500e275517a758) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
20:56:54.0078 2680	BTKRNL ( UnsignedFile.Multi.Generic ) - warning
20:56:54.0078 2680	BTKRNL - detected UnsignedFile.Multi.Generic (1)
20:56:54.0140 2680	BTWUSB          (eb68b380da558ba4f5d54519ec734dc9) C:\WINDOWS\system32\Drivers\btwusb.sys
20:56:54.0171 2680	BTWUSB ( UnsignedFile.Multi.Generic ) - warning
20:56:54.0171 2680	BTWUSB - detected UnsignedFile.Multi.Generic (1)
20:56:54.0265 2680	cbidf           (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
20:56:54.0468 2680	cbidf - ok
20:56:54.0515 2680	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:56:54.0703 2680	cbidf2k - ok
20:56:54.0781 2680	cd20xrnt        (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
20:56:54.0921 2680	cd20xrnt - ok
20:56:54.0968 2680	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:56:55.0156 2680	Cdaudio - ok
20:56:55.0187 2680	Cdfs            (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
20:56:55.0390 2680	Cdfs - ok
20:56:55.0468 2680	Cdrom           (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:56:55.0671 2680	Cdrom - ok
20:56:55.0750 2680	Changer - ok
20:56:56.0125 2680	CmBatt          (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:56:56.0312 2680	CmBatt - ok
20:56:56.0406 2680	CmdIde          (c687f81290303d90099b027a6474f99f) C:\WINDOWS\system32\DRIVERS\cmdide.sys
20:56:56.0609 2680	CmdIde - ok
20:56:56.0656 2680	Compbatt        (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:56:56.0843 2680	Compbatt - ok
20:56:56.0921 2680	Cpqarray        (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
20:56:57.0109 2680	Cpqarray - ok
20:56:57.0187 2680	CVirtA          (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
20:56:57.0218 2680	CVirtA - ok
20:56:57.0312 2680	CVPNDRVA        (cb90b2762b1a1d0b40496400c55b6ade) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
20:56:57.0328 2680	CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
20:56:57.0328 2680	CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
20:56:57.0421 2680	dac2w2k         (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
20:56:57.0640 2680	dac2w2k - ok
20:56:57.0687 2680	dac960nt        (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
20:56:57.0890 2680	dac960nt - ok
20:56:57.0953 2680	Disk            (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
20:56:58.0140 2680	Disk - ok
20:56:58.0218 2680	DLABOIOM        (efae981c8ba3dad4103a76bcb5955b07) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
20:56:58.0234 2680	DLABOIOM ( UnsignedFile.Multi.Generic ) - warning
20:56:58.0234 2680	DLABOIOM - detected UnsignedFile.Multi.Generic (1)
20:56:58.0281 2680	DLACDBHM        (8d45ac148fd8c1a25204aeca1397fa7e) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
20:56:58.0281 2680	DLACDBHM ( UnsignedFile.Multi.Generic ) - warning
20:56:58.0281 2680	DLACDBHM - detected UnsignedFile.Multi.Generic (1)
20:56:58.0328 2680	DLADResN        (75f07b1ba9a358e401856cf51b6a65d0) C:\WINDOWS\system32\DLA\DLADResN.SYS
20:56:58.0328 2680	DLADResN ( UnsignedFile.Multi.Generic ) - warning
20:56:58.0328 2680	DLADResN - detected UnsignedFile.Multi.Generic (1)
20:56:58.0359 2680	DLAIFS_M        (2aef49904bde7398d0f09b6a603738ef) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
20:56:58.0375 2680	DLAIFS_M ( UnsignedFile.Multi.Generic ) - warning
20:56:58.0375 2680	DLAIFS_M - detected UnsignedFile.Multi.Generic (1)
20:56:58.0421 2680	DLAOPIOM        (46fa268a829384256179f4ccb6eb308f) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
20:56:58.0437 2680	DLAOPIOM ( UnsignedFile.Multi.Generic ) - warning
20:56:58.0437 2680	DLAOPIOM - detected UnsignedFile.Multi.Generic (1)
20:56:58.0468 2680	DLAPoolM        (26e89839af248625a4e7c4cf5873375d) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
20:56:58.0484 2680	DLAPoolM ( UnsignedFile.Multi.Generic ) - warning
20:56:58.0484 2680	DLAPoolM - detected UnsignedFile.Multi.Generic (1)
20:56:58.0546 2680	DLARTL_N        (94accf8f7b87fbeaa27266927319e6ba) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
20:56:58.0578 2680	DLARTL_N ( UnsignedFile.Multi.Generic ) - warning
20:56:58.0578 2680	DLARTL_N - detected UnsignedFile.Multi.Generic (1)
20:56:58.0625 2680	DLAUDFAM        (5e914bd7f68dde3fb4bffe005162c1e6) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
20:56:58.0640 2680	DLAUDFAM ( UnsignedFile.Multi.Generic ) - warning
20:56:58.0640 2680	DLAUDFAM - detected UnsignedFile.Multi.Generic (1)
20:56:58.0703 2680	DLAUDF_M        (8c3cfb22a7fb3be67e0c321fa10b8b50) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
20:56:58.0765 2680	DLAUDF_M ( UnsignedFile.Multi.Generic ) - warning
20:56:58.0765 2680	DLAUDF_M - detected UnsignedFile.Multi.Generic (1)
20:56:58.0906 2680	dmboot          (5789b83ba87fc84c3568cf86cacef8ce) C:\WINDOWS\system32\drivers\dmboot.sys
20:56:59.0187 2680	dmboot - ok
20:56:59.0281 2680	dmio            (084eb0a50a4f7b4705c8a57f234e5291) C:\WINDOWS\system32\drivers\dmio.sys
20:56:59.0484 2680	dmio - ok
20:56:59.0562 2680	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:56:59.0781 2680	dmload - ok
20:56:59.0812 2680	DMusic          (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
20:57:00.0000 2680	DMusic - ok
20:57:00.0078 2680	DNE             (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\WINDOWS\system32\DRIVERS\dne2000.sys
20:57:00.0093 2680	DNE - ok
20:57:00.0156 2680	dpti2o          (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
20:57:00.0375 2680	dpti2o - ok
20:57:00.0437 2680	drmkaud         (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
20:57:00.0625 2680	drmkaud - ok
20:57:00.0640 2680	DRVMCDB         (ab6c5c26fff9b3c456aeaf7e0093c2fe) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
20:57:00.0671 2680	DRVMCDB ( UnsignedFile.Multi.Generic ) - warning
20:57:00.0671 2680	DRVMCDB - detected UnsignedFile.Multi.Generic (1)
20:57:00.0687 2680	DRVNDDM         (4a307ade1638d9358b6eb90076481cc6) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
20:57:00.0687 2680	DRVNDDM ( UnsignedFile.Multi.Generic ) - warning
20:57:00.0687 2680	DRVNDDM - detected UnsignedFile.Multi.Generic (1)
20:57:00.0703 2680	E100B           (a6de5342417fec3c0aa8efebb899c431) C:\WINDOWS\system32\DRIVERS\e100b325.sys
20:57:00.0906 2680	E100B - ok
20:57:00.0984 2680	e1express       (b536197853ea7e19c16d0d886c235683) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
20:57:01.0000 2680	e1express - ok
20:57:01.0046 2680	EGATHDRV        (2d0fc676d159525f6cd74c3302c7a61c) C:\WINDOWS\SYSTEM32\EGATHDRV.SYS
20:57:01.0062 2680	EGATHDRV ( UnsignedFile.Multi.Generic ) - warning
20:57:01.0062 2680	EGATHDRV - detected UnsignedFile.Multi.Generic (1)
20:57:01.0171 2680	Fastfat         (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
20:57:01.0359 2680	Fastfat - ok
20:57:01.0515 2680	Fdc             (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
20:57:01.0703 2680	Fdc - ok
20:57:01.0796 2680	Fips            (9e9af89f9b14aa6249065c309ce73bd8) C:\WINDOWS\system32\drivers\Fips.sys
20:57:02.0000 2680	Fips - ok
20:57:02.0046 2680	Flpydisk        (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:57:02.0250 2680	Flpydisk - ok
20:57:02.0328 2680	FltMgr          (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
20:57:02.0875 2680	FltMgr - ok
20:57:02.0906 2680	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:57:03.0093 2680	Fs_Rec - ok
20:57:03.0171 2680	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:57:03.0375 2680	Ftdisk - ok
20:57:03.0453 2680	Gpc             (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:57:03.0703 2680	Gpc - ok
20:57:03.0781 2680	HDAudBus        (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:57:03.0812 2680	HDAudBus - ok
20:57:03.0875 2680	hpn             (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
20:57:04.0062 2680	hpn - ok
20:57:04.0140 2680	HSF_DPV         (b1fc0b027df4374f9e5b796cfdf797b3) C:\WINDOWS\system32\DRIVERS\hsx_dpv.sys
20:57:04.0203 2680	HSF_DPV - ok
20:57:04.0265 2680	HSXHWAZL        (3af45f5b4157c88ffae24d89ba408302) C:\WINDOWS\system32\DRIVERS\hsxhwazl.sys
20:57:04.0281 2680	HSXHWAZL - ok
20:57:04.0359 2680	HTTP            (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
20:57:04.0390 2680	HTTP - ok
20:57:04.0453 2680	i2omgmt         (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
20:57:04.0640 2680	i2omgmt - ok
20:57:04.0671 2680	i2omp           (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
20:57:04.0859 2680	i2omp - ok
20:57:04.0937 2680	i8042prt        (7c575018d0413440d75432a78b88c899) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:57:05.0125 2680	i8042prt - ok
20:57:05.0250 2680	ialm            (bc1f1ff8d5800398937966cdb0a97fdc) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
20:57:05.0421 2680	ialm - ok
20:57:05.0515 2680	iaStor          (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys
20:57:05.0593 2680	iaStor - ok
20:57:05.0687 2680	ibmfilter       (bd1ddf774e7fd633d701b1fb69b9f081) C:\WINDOWS\system32\drivers\ibmfilter.sys
20:57:05.0703 2680	ibmfilter ( UnsignedFile.Multi.Generic ) - warning
20:57:05.0703 2680	ibmfilter - detected UnsignedFile.Multi.Generic (1)
20:57:05.0828 2680	IBMPMDRV        (067a88764593b1f46a6cfb00c69c11eb) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
20:57:05.0843 2680	IBMPMDRV - ok
20:57:05.0906 2680	IBMTPCHK        (bfc9f3adaad74e13f9ce16c8bd336f95) C:\WINDOWS\system32\Drivers\IBMBLDID.sys
20:57:05.0921 2680	IBMTPCHK ( UnsignedFile.Multi.Generic ) - warning
20:57:05.0921 2680	IBMTPCHK - detected UnsignedFile.Multi.Generic (1)
20:57:05.0968 2680	Imapi           (12c59b8929121ace2f55acc86682cf12) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:57:06.0500 2680	Imapi - ok
20:57:06.0609 2680	ini910u         (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
20:57:06.0796 2680	ini910u - ok
20:57:06.0875 2680	IntelIde        (d63c33f65f6ebc732116403d88883b2d) C:\WINDOWS\system32\DRIVERS\intelide.sys
20:57:07.0062 2680	IntelIde - ok
20:57:07.0125 2680	intelppm        (c1c2cc1da79c5ee10457ef0a3b8568c7) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:57:07.0312 2680	intelppm - ok
20:57:07.0375 2680	Ip6Fw           (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
20:57:07.0578 2680	Ip6Fw - ok
20:57:07.0703 2680	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:57:07.0875 2680	IpFilterDriver - ok
20:57:07.0921 2680	IpInIp          (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:57:08.0109 2680	IpInIp - ok
20:57:08.0171 2680	IpNat           (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:57:08.0718 2680	IpNat - ok
20:57:08.0781 2680	IPSec           (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:57:08.0968 2680	IPSec - ok
20:57:09.0031 2680	irda            (86c204836feec22510d434982d4221b8) C:\WINDOWS\system32\DRIVERS\irda.sys
20:57:09.0156 2680	irda - ok
20:57:09.0234 2680	IRENUM          (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:57:09.0359 2680	IRENUM - ok
20:57:09.0453 2680	isapnp          (ce9b7afdf0a3d7dd8d1487262316b959) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:57:09.0640 2680	isapnp - ok
20:57:09.0703 2680	Kbdclass        (b128fc0a5cd83f669d5de4b58f77c7d6) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:57:09.0890 2680	Kbdclass - ok
20:57:09.0984 2680	kmixer          (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
20:57:10.0546 2680	kmixer - ok
20:57:10.0609 2680	KSecDD          (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
20:57:10.0656 2680	KSecDD - ok
20:57:10.0718 2680	lbrtfdc - ok
20:57:10.0781 2680	mdmxsdk         (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
20:57:10.0796 2680	mdmxsdk - ok
20:57:10.0890 2680	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:57:11.0093 2680	mnmdd - ok
20:57:11.0156 2680	Modem           (91a3da4b12f6f1d760463a7f7857f748) C:\WINDOWS\system32\drivers\Modem.sys
20:57:11.0359 2680	Modem - ok
20:57:11.0390 2680	Mouclass        (71e15ca47fd947552054afb28536268f) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:57:11.0625 2680	Mouclass - ok
20:57:11.0671 2680	MountMgr        (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
20:57:11.0875 2680	MountMgr - ok
20:57:11.0984 2680	mraid35x        (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
20:57:12.0187 2680	mraid35x - ok
20:57:12.0234 2680	MRxDAV          (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:57:12.0796 2680	MRxDAV - ok
20:57:12.0906 2680	MRxSmb          (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:57:12.0953 2680	MRxSmb - ok
20:57:12.0968 2680	Msfs            (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
20:57:13.0156 2680	Msfs - ok
20:57:13.0171 2680	MSKSSRV         (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:57:13.0406 2680	MSKSSRV - ok
20:57:13.0500 2680	MSPCLOCK        (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:57:13.0718 2680	MSPCLOCK - ok
20:57:13.0812 2680	MSPQM           (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
20:57:14.0000 2680	MSPQM - ok
20:57:14.0078 2680	mssmbios        (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:57:14.0265 2680	mssmbios - ok
20:57:14.0328 2680	Mup             (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
20:57:14.0546 2680	Mup - ok
20:57:14.0625 2680	NDIS            (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
20:57:14.0828 2680	NDIS - ok
20:57:14.0875 2680	NdisTapi        (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:57:15.0062 2680	NdisTapi - ok
20:57:15.0171 2680	Ndisuio         (8d3ce6b579cde8d37acc690b67dc2106) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:57:15.0718 2680	Ndisuio - ok
20:57:15.0812 2680	NdisWan         (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:57:16.0015 2680	NdisWan - ok
20:57:16.0093 2680	NDProxy         (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
20:57:16.0296 2680	NDProxy - ok
20:57:16.0328 2680	NetBIOS         (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:57:16.0531 2680	NetBIOS - ok
20:57:16.0593 2680	NetBT           (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:57:16.0796 2680	NetBT - ok
20:57:16.0859 2680	Npfs            (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
20:57:17.0046 2680	Npfs - ok
20:57:17.0109 2680	NSCIRDA         (6216798d29c3ba9d0d6f40bbbab694a5) C:\WINDOWS\system32\DRIVERS\nscirda.sys
20:57:17.0218 2680	NSCIRDA - ok
20:57:17.0375 2680	Ntfs            (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
20:57:17.0937 2680	Ntfs - ok
20:57:18.0000 2680	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:57:18.0187 2680	Null - ok
20:57:18.0328 2680	nv              (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:57:18.0656 2680	nv - ok
20:57:18.0734 2680	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:57:18.0953 2680	NwlnkFlt - ok
20:57:19.0062 2680	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:57:19.0265 2680	NwlnkFwd - ok
20:57:19.0328 2680	Parport         (b2f17a2edb5450e61973a037f63a595b) C:\WINDOWS\system32\DRIVERS\parport.sys
20:57:19.0515 2680	Parport - ok
20:57:19.0562 2680	PartMgr         (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
20:57:19.0750 2680	PartMgr - ok
20:57:19.0812 2680	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
20:57:20.0015 2680	ParVdm - ok
20:57:20.0078 2680	PCI             (6fb463e5b243fbd6f3d3c83f914d94fb) C:\WINDOWS\system32\DRIVERS\pci.sys
20:57:20.0265 2680	PCI - ok
20:57:20.0296 2680	PCIDump - ok
20:57:20.0343 2680	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:57:20.0546 2680	PCIIde - ok
20:57:20.0609 2680	Pcmcia          (e2363f4c1daff89abee5f593e13d8a05) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
20:57:20.0828 2680	Pcmcia - ok
20:57:20.0890 2680	PDCOMP - ok
20:57:20.0890 2680	PDFRAME - ok
20:57:20.0906 2680	PDRELI - ok
20:57:20.0921 2680	PDRFRAME - ok
20:57:20.0953 2680	perc2           (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
20:57:21.0156 2680	perc2 - ok
20:57:21.0218 2680	perc2hib        (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
20:57:21.0406 2680	perc2hib - ok
20:57:21.0546 2680	pmem            (fa292805788528c083f416e151b60ab6) C:\WINDOWS\System32\drivers\pmemnt.sys
20:57:21.0562 2680	pmem ( UnsignedFile.Multi.Generic ) - warning
20:57:21.0562 2680	pmem - detected UnsignedFile.Multi.Generic (1)
20:57:21.0593 2680	PptpMiniport    (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:57:21.0781 2680	PptpMiniport - ok
20:57:21.0968 2680	PrivateDisk     (e580dd7d54415905bb0bab306b659fdf) C:\Programme\IBM ThinkVantage\SafeGuard PrivateDisk\PrivateDiskM.sys
20:57:21.0984 2680	PrivateDisk ( UnsignedFile.Multi.Generic ) - warning
20:57:21.0984 2680	PrivateDisk - detected UnsignedFile.Multi.Generic (1)
20:57:22.0062 2680	PROCDD          (abd39d58dac2cfcee7f0c9a838e989a8) C:\WINDOWS\system32\DRIVERS\PROCDD.SYS
20:57:22.0078 2680	PROCDD ( UnsignedFile.Multi.Generic ) - warning
20:57:22.0078 2680	PROCDD - detected UnsignedFile.Multi.Generic (1)
20:57:22.0109 2680	Processor       (3d7f196e77f986c106e9320b81a5ebbf) C:\WINDOWS\system32\DRIVERS\processr.sys
20:57:22.0296 2680	Processor - ok
20:57:22.0421 2680	psadd           (76df9412c1556fca3d6d94b2c9d94d6b) C:\WINDOWS\system32\Drivers\psadd.sys
20:57:22.0453 2680	psadd ( UnsignedFile.Multi.Generic ) - warning
20:57:22.0453 2680	psadd - detected UnsignedFile.Multi.Generic (1)
20:57:22.0515 2680	PSched          (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
20:57:22.0718 2680	PSched - ok
20:57:22.0765 2680	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:57:22.0953 2680	Ptilink - ok
20:57:23.0031 2680	PxHelp20        (183ef96bcc2ec3d5294cb2c2c0ecbcd1) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:57:23.0046 2680	PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
20:57:23.0046 2680	PxHelp20 - detected UnsignedFile.Multi.Generic (1)
20:57:23.0109 2680	ql1080          (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
20:57:23.0312 2680	ql1080 - ok
20:57:23.0390 2680	Ql10wnt         (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
20:57:23.0609 2680	Ql10wnt - ok
20:57:23.0703 2680	ql12160         (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
20:57:23.0906 2680	ql12160 - ok
20:57:24.0031 2680	ql1240          (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
20:57:24.0234 2680	ql1240 - ok
20:57:24.0296 2680	ql1280          (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
20:57:24.0500 2680	ql1280 - ok
20:57:24.0562 2680	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:57:24.0750 2680	RasAcd - ok
20:57:24.0843 2680	Rasirda         (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
20:57:24.0968 2680	Rasirda - ok
20:57:25.0000 2680	Rasl2tp         (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:57:25.0187 2680	Rasl2tp - ok
20:57:25.0234 2680	RasPppoe        (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:57:25.0437 2680	RasPppoe - ok
20:57:25.0515 2680	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:57:25.0718 2680	Raspti - ok
20:57:25.0812 2680	Rdbss           (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:57:26.0375 2680	Rdbss - ok
20:57:26.0500 2680	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:57:26.0687 2680	RDPCDD - ok
20:57:26.0781 2680	rdpdr           (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:57:26.0984 2680	rdpdr - ok
20:57:27.0046 2680	RDPWD           (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
20:57:27.0593 2680	RDPWD - ok
20:57:27.0718 2680	redbook         (aa56702e230860565cb8d43680f57f33) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:57:27.0906 2680	redbook - ok
20:57:27.0968 2680	s24trans        (1cc074e0d48383d4e9bffc6a26c2a58a) C:\WINDOWS\system32\DRIVERS\s24trans.sys
20:57:27.0984 2680	s24trans ( UnsignedFile.Multi.Generic ) - warning
20:57:27.0984 2680	s24trans - detected UnsignedFile.Multi.Generic (1)
20:57:28.0125 2680	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:57:28.0687 2680	Secdrv - ok
20:57:28.0750 2680	serenum         (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:57:28.0953 2680	serenum - ok
20:57:29.0015 2680	Serial          (cd5b9995afcdb466c9efc048d167e3be) C:\WINDOWS\system32\DRIVERS\serial.sys
20:57:29.0203 2680	Serial - ok
20:57:29.0265 2680	Sfloppy         (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:57:29.0453 2680	Sfloppy - ok
20:57:29.0531 2680	ShockMgr        (1a9b76c8e0d77bcaca24fdf36781b59d) C:\WINDOWS\system32\drivers\ShockMgr.sys
20:57:29.0562 2680	ShockMgr ( UnsignedFile.Multi.Generic ) - warning
20:57:29.0562 2680	ShockMgr - detected UnsignedFile.Multi.Generic (1)
20:57:29.0593 2680	Shockprf        (70d82eb75e7e3b2980d6bf5b26051f4b) C:\WINDOWS\system32\drivers\Shockprf.sys
20:57:29.0609 2680	Shockprf ( UnsignedFile.Multi.Generic ) - warning
20:57:29.0609 2680	Shockprf - detected UnsignedFile.Multi.Generic (1)
20:57:29.0625 2680	Simbad - ok
20:57:29.0656 2680	sisagp          (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
20:57:29.0843 2680	sisagp - ok
20:57:29.0859 2680	Smapint         (26341d0dd225d19fd50e0ee3c3c77502) C:\WINDOWS\system32\drivers\Smapint.sys
20:57:29.0875 2680	Smapint ( UnsignedFile.Multi.Generic ) - warning
20:57:29.0875 2680	Smapint - detected UnsignedFile.Multi.Generic (1)
20:57:29.0984 2680	smi2            (3ba9d0c8a0fbd9fb4029b6cd87c8ce0b) C:\Programme\SMI2\smi2.sys
20:57:29.0984 2680	smi2 ( UnsignedFile.Multi.Generic ) - warning
20:57:29.0984 2680	smi2 - detected UnsignedFile.Multi.Generic (1)
20:57:30.0015 2680	Sparrow         (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
20:57:30.0156 2680	Sparrow - ok
20:57:30.0218 2680	splitter        (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
20:57:30.0765 2680	splitter - ok
20:57:30.0781 2680	sr              (e4200cb2f418d8fc4acdd7e38c419d6a) C:\WINDOWS\system32\DRIVERS\sr.sys
20:57:30.0921 2680	sr - ok
20:57:30.0968 2680	Srv             (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
20:57:31.0046 2680	Srv - ok
20:57:31.0125 2680	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
20:57:31.0140 2680	ssmdrv - ok
20:57:31.0250 2680	swenum          (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:57:31.0453 2680	swenum - ok
20:57:31.0484 2680	swmidi          (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
20:57:31.0671 2680	swmidi - ok
20:57:31.0718 2680	symc810         (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
20:57:31.0906 2680	symc810 - ok
20:57:31.0953 2680	symc8xx         (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
20:57:32.0140 2680	symc8xx - ok
20:57:32.0171 2680	sym_hi          (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
20:57:32.0390 2680	sym_hi - ok
20:57:32.0421 2680	sym_u3          (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
20:57:32.0593 2680	sym_u3 - ok
20:57:32.0625 2680	SynTP           (b55024af8a5f940a4723f3b62ccbf349) C:\WINDOWS\system32\DRIVERS\SynTP.sys
20:57:32.0656 2680	SynTP - ok
20:57:32.0671 2680	sysaudio        (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
20:57:32.0875 2680	sysaudio - ok
20:57:32.0968 2680	Tcpip           (744e57c99232201ae98c49168b918f48) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:57:33.0109 2680	Tcpip - ok
20:57:33.0234 2680	TDPIPE          (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:57:33.0437 2680	TDPIPE - ok
20:57:33.0546 2680	TDSMAPI         (564b337034271b7bddcabfddc91c6b7a) C:\WINDOWS\system32\drivers\TDSMAPI.SYS
20:57:33.0562 2680	TDSMAPI ( UnsignedFile.Multi.Generic ) - warning
20:57:33.0562 2680	TDSMAPI - detected UnsignedFile.Multi.Generic (1)
20:57:33.0578 2680	TDTCP           (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
20:57:33.0750 2680	TDTCP - ok
20:57:33.0781 2680	TermDD          (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:57:33.0984 2680	TermDD - ok
20:57:34.0046 2680	TosIde          (d213a9247dc347f305a2d4cc9b951487) C:\WINDOWS\system32\DRIVERS\toside.sys
20:57:34.0234 2680	TosIde - ok
20:57:34.0234 2680	TPHKDRV         (29f3601d4233a53f819010fee8c04a60) C:\WINDOWS\system32\drivers\TPHKDRV.sys
20:57:34.0265 2680	TPHKDRV ( UnsignedFile.Multi.Generic ) - warning
20:57:34.0265 2680	TPHKDRV - detected UnsignedFile.Multi.Generic (1)
20:57:34.0296 2680	TPPWRIF         (44672de6cea9569c21c4b7a8d2560750) C:\WINDOWS\system32\drivers\Tppwrif.sys
20:57:34.0312 2680	TPPWRIF ( UnsignedFile.Multi.Generic ) - warning
20:57:34.0312 2680	TPPWRIF - detected UnsignedFile.Multi.Generic (1)
20:57:34.0328 2680	TSMAPIP         (f2aba3066d7921d7fcdbd66dea88be11) C:\WINDOWS\system32\drivers\TSMAPIP.SYS
20:57:34.0343 2680	TSMAPIP ( UnsignedFile.Multi.Generic ) - warning
20:57:34.0343 2680	TSMAPIP - detected UnsignedFile.Multi.Generic (1)
20:57:34.0390 2680	Udfs            (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
20:57:34.0609 2680	Udfs - ok
20:57:34.0687 2680	ultra           (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
20:57:34.0812 2680	ultra - ok
20:57:34.0890 2680	Update          (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
20:57:35.0500 2680	Update - ok
20:57:35.0640 2680	usbccgp         (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:57:35.0812 2680	usbccgp - ok
20:57:35.0875 2680	usbehci         (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:57:36.0062 2680	usbehci - ok
20:57:36.0093 2680	usbhub          (d31e07bf822c7f2bd32714e9ddca8be2) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:57:36.0640 2680	usbhub - ok
20:57:36.0703 2680	usbprint        (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:57:36.0921 2680	usbprint - ok
20:57:37.0046 2680	USBSTOR         (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:57:37.0250 2680	USBSTOR - ok
20:57:37.0281 2680	usbuhci         (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:57:37.0453 2680	usbuhci - ok
20:57:37.0468 2680	VgaSave         (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
20:57:37.0687 2680	VgaSave - ok
20:57:37.0734 2680	viaagp          (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
20:57:37.0937 2680	viaagp - ok
20:57:38.0015 2680	ViaIde          (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
20:57:38.0234 2680	ViaIde - ok
20:57:38.0265 2680	VolSnap         (d6888520ff56d72a50437e371ca25fc9) C:\WINDOWS\system32\drivers\VolSnap.sys
20:57:38.0453 2680	VolSnap - ok
20:57:38.0531 2680	vsdatant        (0354ba3a5ba5e28cc247eb5f5dd8793c) C:\WINDOWS\system32\vsdatant.sys
20:57:38.0562 2680	vsdatant - ok
20:57:38.0703 2680	w39n51          (73395a19fc86461a151d3c330604e8b3) C:\WINDOWS\system32\DRIVERS\w39n51.sys
20:57:38.0875 2680	w39n51 - ok
20:57:39.0015 2680	Wanarp          (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:57:39.0218 2680	Wanarp - ok
20:57:39.0234 2680	WDICA - ok
20:57:39.0312 2680	wdmaud          (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
20:57:39.0890 2680	wdmaud - ok
20:57:39.0953 2680	winachsf        (11ec1afceb5c917ce73d3c301ff4291e) C:\WINDOWS\system32\DRIVERS\hsx_cnxt.sys
20:57:40.0015 2680	winachsf - ok
20:57:40.0078 2680	WpdUsb          (c1b3d9d75c3fb735f5fa3a5806aded57) C:\WINDOWS\system32\Drivers\wpdusb.sys
20:57:40.0109 2680	WpdUsb - ok
20:57:40.0171 2680	MBR (0x1B8)     (b3a3a30ee90e92c8f3b9e9e37c210c8d) \Device\Harddisk0\DR0
20:57:41.0312 2680	\Device\Harddisk0\DR0 - ok
20:57:41.0328 2680	Boot (0x1200)   (d9cb66c969516e0ef5531fc62c0d07ea) \Device\Harddisk0\DR0\Partition0
20:57:41.0328 2680	\Device\Harddisk0\DR0\Partition0 - ok
20:57:41.0328 2680	============================================================
20:57:41.0328 2680	Scan finished
20:57:41.0328 2680	============================================================
20:57:41.0437 2728	Detected object count: 33
20:57:41.0437 2728	Actual detected object count: 33
20:58:40.0531 2728	AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
20:58:40.0531 2728	AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:58:40.0531 2728	ANC ( UnsignedFile.Multi.Generic ) - skipped by user
20:58:40.0531 2728	ANC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:58:40.0531 2728	BTKRNL ( UnsignedFile.Multi.Generic ) - skipped by user
20:58:40.0531 2728	BTKRNL ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:58:40.0531 2728	BTWUSB ( UnsignedFile.Multi.Generic ) - skipped by user
20:58:40.0531 2728	BTWUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:58:40.0531 2728	CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
20:58:40.0531 2728	CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:58:40.0531 2728	DLABOIOM ( UnsignedFile.Multi.Generic ) - skipped by user
20:58:40.0531 2728	DLABOIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:58:40.0531 2728	DLACDBHM ( UnsignedFile.Multi.Generic ) - skipped by user
20:58:40.0531 2728	DLACDBHM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:58:40.0531 2728	DLADResN ( UnsignedFile.Multi.Generic ) - skipped by user
20:58:40.0531 2728	DLADResN ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:58:40.0546 2728	DLAIFS_M ( UnsignedFile.Multi.Generic ) - skipped by user
20:58:40.0546 2728	DLAIFS_M ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:58:40.0546 2728	DLAOPIOM ( UnsignedFile.Multi.Generic ) - skipped by user
20:58:40.0546 2728	DLAOPIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:58:40.0546 2728	DLAPoolM ( UnsignedFile.Multi.Generic ) - skipped by user
20:58:40.0546 2728	DLAPoolM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:58:40.0546 2728	DLARTL_N ( UnsignedFile.Multi.Generic ) - skipped by user
20:58:40.0546 2728	DLARTL_N ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:58:40.0546 2728	DLAUDFAM ( UnsignedFile.Multi.Generic ) - skipped by user
20:58:40.0546 2728	DLAUDFAM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:58:40.0546 2728	DLAUDF_M ( UnsignedFile.Multi.Generic ) - skipped by user
20:58:40.0546 2728	DLAUDF_M ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:58:40.0546 2728	DRVMCDB ( UnsignedFile.Multi.Generic ) - skipped by user
20:58:40.0546 2728	DRVMCDB ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:58:40.0562 2728	DRVNDDM ( UnsignedFile.Multi.Generic ) - skipped by user
20:58:40.0562 2728	DRVNDDM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:58:40.0562 2728	EGATHDRV ( UnsignedFile.Multi.Generic ) - skipped by user
20:58:40.0562 2728	EGATHDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:58:40.0562 2728	ibmfilter ( UnsignedFile.Multi.Generic ) - skipped by user
20:58:40.0562 2728	ibmfilter ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:58:40.0562 2728	IBMTPCHK ( UnsignedFile.Multi.Generic ) - skipped by user
20:58:40.0562 2728	IBMTPCHK ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:58:40.0562 2728	pmem ( UnsignedFile.Multi.Generic ) - skipped by user
20:58:40.0562 2728	pmem ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:58:40.0562 2728	PrivateDisk ( UnsignedFile.Multi.Generic ) - skipped by user
20:58:40.0562 2728	PrivateDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:58:40.0562 2728	PROCDD ( UnsignedFile.Multi.Generic ) - skipped by user
20:58:40.0562 2728	PROCDD ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:58:40.0578 2728	psadd ( UnsignedFile.Multi.Generic ) - skipped by user
20:58:40.0578 2728	psadd ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:58:40.0578 2728	PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
20:58:40.0578 2728	PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:58:40.0578 2728	s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
20:58:40.0578 2728	s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:58:40.0578 2728	ShockMgr ( UnsignedFile.Multi.Generic ) - skipped by user
20:58:40.0578 2728	ShockMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:58:40.0578 2728	Shockprf ( UnsignedFile.Multi.Generic ) - skipped by user
20:58:40.0578 2728	Shockprf ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:58:40.0578 2728	Smapint ( UnsignedFile.Multi.Generic ) - skipped by user
20:58:40.0578 2728	Smapint ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:58:40.0578 2728	smi2 ( UnsignedFile.Multi.Generic ) - skipped by user
20:58:40.0578 2728	smi2 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:58:40.0593 2728	TDSMAPI ( UnsignedFile.Multi.Generic ) - skipped by user
20:58:40.0593 2728	TDSMAPI ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:58:40.0593 2728	TPHKDRV ( UnsignedFile.Multi.Generic ) - skipped by user
20:58:40.0593 2728	TPHKDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:58:40.0593 2728	TPPWRIF ( UnsignedFile.Multi.Generic ) - skipped by user
20:58:40.0593 2728	TPPWRIF ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:58:40.0593 2728	TSMAPIP ( UnsignedFile.Multi.Generic ) - skipped by user
20:58:40.0593 2728	TSMAPIP ( UnsignedFile.Multi.Generic ) - User select action: Skip

08.03.2012, 23:08	#2
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	50 Euro-Trojaner - PC gesperrt bei Verbindung mit dem Internet Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung? Abgesicherter Modus zur Bereinigung Windows mit F8-Taste beim Start in den abgesicherten Modus bringen. Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern: __________________ __________________

12.03.2012, 14:16	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	50 Euro-Trojaner - PC gesperrt bei Verbindung mit dem Internet Funktioniert der normale Modus wieder? __________________ --> 50 Euro-Trojaner - PC gesperrt bei Verbindung mit dem Internet

50 Euro-Trojaner - PC gesperrt bei Verbindung mit dem Internet

Log-Analyse und Auswertung: 50 Euro-Trojaner - PC gesperrt bei Verbindung mit dem Internet