Trojaner-Board - rootkit Trojaner FakeAlert!grb auf Windows XP Notebook

Hallo M-K-D-B

Hier die Rückmeldungen.

Schritt 1:
Du hast richtig festgestellt dass ich den McAfee am 11.7.2011 deinstalliert habe. Ich war gerade am durcharbeiten deiner vorgeschlagenen Schritte vom 11.07.2011 20:02 und wollte den ComboFix starten. Du meintest ja noch

Zitat:

Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.

Ich habe den McAfee auch so gut als es ging deaktiviert. Trotzdem kam nach dem Aufstarten des ComboFix ein popup mit einem schrillen Ton der mich warnte das der McAfee im Hintergrung noch immer aktive Wächter hat. Es sei in meiner eigenen Verantwortung falls ich fortsetzen wollte.

Habe daraufhin den McAfee deinstalliert um sicher zu sein dass mir das Antivirusprogramm keine Probleme macht. Bin nicht am Internet mit dem Laptop sondern poste und downloade die Files mit einem Zweitrechner am Netz.

Ich habe noch immer die Lizenz und die Software für den McAfee. Ich schlage vor dass ich diesen wieder einrichte, sobald wir diesen Tread beenden konnten.

Schritt 2:
Gemacht.

Schritt 3:
OTL fix ist durchgelaufen. Hier ist das log des OTL-fix.

Code:

All processes killed

========== OTL ==========

Error: No service named vsdatant was found to stop!

Service\Driver key vsdatant not found.

File C:\WINDOWS\system32\vsdatant.sys not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

Prefs.js: "NCH Customized Web Search" removed from browser.search.defaultthis.engineName

Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2117678&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl

Prefs.js: {c2db4fe6-8409-45ce-8010-189a7b5cce86}:3.3.5.1 removed from extensions.enabledItems

Prefs.js: engine@conduit.com:3.3.5.1 removed from extensions.enabledItems

Prefs.js: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.2.5.2 removed from extensions.enabledItems

Prefs.js: 4 removed from network.proxy.type

C:\Dokumente und Einstellungen\sephen\Anwendungsdaten\Mozilla\Firefox\Profiles\oz3ilbot.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\searchplugin folder moved successfully.

C:\Dokumente und Einstellungen\sephen\Anwendungsdaten\Mozilla\Firefox\Profiles\oz3ilbot.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\META-INF folder moved successfully.

C:\Dokumente und Einstellungen\sephen\Anwendungsdaten\Mozilla\Firefox\Profiles\oz3ilbot.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\lib folder moved successfully.

C:\Dokumente und Einstellungen\sephen\Anwendungsdaten\Mozilla\Firefox\Profiles\oz3ilbot.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\defaults folder moved successfully.

C:\Dokumente und Einstellungen\sephen\Anwendungsdaten\Mozilla\Firefox\Profiles\oz3ilbot.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\components folder moved successfully.

C:\Dokumente und Einstellungen\sephen\Anwendungsdaten\Mozilla\Firefox\Profiles\oz3ilbot.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\chrome folder moved successfully.

C:\Dokumente und Einstellungen\sephen\Anwendungsdaten\Mozilla\Firefox\Profiles\oz3ilbot.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86} folder moved successfully.

C:\Dokumente und Einstellungen\sephen\Anwendungsdaten\Mozilla\Firefox\Profiles\oz3ilbot.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\searchplugin folder moved successfully.

C:\Dokumente und Einstellungen\sephen\Anwendungsdaten\Mozilla\Firefox\Profiles\oz3ilbot.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\META-INF folder moved successfully.

C:\Dokumente und Einstellungen\sephen\Anwendungsdaten\Mozilla\Firefox\Profiles\oz3ilbot.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\lib folder moved successfully.

C:\Dokumente und Einstellungen\sephen\Anwendungsdaten\Mozilla\Firefox\Profiles\oz3ilbot.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\defaults folder moved successfully.

C:\Dokumente und Einstellungen\sephen\Anwendungsdaten\Mozilla\Firefox\Profiles\oz3ilbot.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components folder moved successfully.

C:\Dokumente und Einstellungen\sephen\Anwendungsdaten\Mozilla\Firefox\Profiles\oz3ilbot.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\chrome folder moved successfully.

C:\Dokumente und Einstellungen\sephen\Anwendungsdaten\Mozilla\Firefox\Profiles\oz3ilbot.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} folder moved successfully.

C:\Dokumente und Einstellungen\sephen\Anwendungsdaten\Mozilla\Firefox\Profiles\oz3ilbot.default\extensions\engine@conduit.com\searchplugin folder moved successfully.

C:\Dokumente und Einstellungen\sephen\Anwendungsdaten\Mozilla\Firefox\Profiles\oz3ilbot.default\extensions\engine@conduit.com\META-INF folder moved successfully.

C:\Dokumente und Einstellungen\sephen\Anwendungsdaten\Mozilla\Firefox\Profiles\oz3ilbot.default\extensions\engine@conduit.com\lib folder moved successfully.

C:\Dokumente und Einstellungen\sephen\Anwendungsdaten\Mozilla\Firefox\Profiles\oz3ilbot.default\extensions\engine@conduit.com\DualPackage folder moved successfully.

C:\Dokumente und Einstellungen\sephen\Anwendungsdaten\Mozilla\Firefox\Profiles\oz3ilbot.default\extensions\engine@conduit.com\defaults folder moved successfully.

C:\Dokumente und Einstellungen\sephen\Anwendungsdaten\Mozilla\Firefox\Profiles\oz3ilbot.default\extensions\engine@conduit.com\components folder moved successfully.

C:\Dokumente und Einstellungen\sephen\Anwendungsdaten\Mozilla\Firefox\Profiles\oz3ilbot.default\extensions\engine@conduit.com\chrome folder moved successfully.

C:\Dokumente und Einstellungen\sephen\Anwendungsdaten\Mozilla\Firefox\Profiles\oz3ilbot.default\extensions\engine@conduit.com folder moved successfully.

C:\Dokumente und Einstellungen\sephen\Anwendungsdaten\Mozilla\Firefox\Profiles\oz3ilbot.default\searchplugins\conduit.xml moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.

Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.

C:\Dokumente und Einstellungen\sephen\Startmenü\Programme\Windows XP Fix folder moved successfully.

C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~17424164 moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32768 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 49286 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: sephen

->Temp folder emptied: 62289778 bytes

->Temporary Internet Files folder emptied: 477070 bytes

->Java cache emptied: 1086898 bytes

->FireFox cache emptied: 63398040 bytes

->Flash cache emptied: 39211 bytes

 

User: Stephen Weyeneth

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 19569 bytes

%systemroot%\System32 .tmp files removed: 3521415 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 77409 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 125.00 mb

 

 

OTL by OldTimer - Version 3.2.26.1 log created on 07142011_090558
 

Files\Folders moved on Reboot...
 

Registry entries deleted on Reboot...

Schritt 4:
OTL scan ist durchgelaufen. Hier das OTL.txt.
OTL Logfile:

Code:

OTL logfile created on: 14.07.2011 09:12:11 - Run 4

OTL by OldTimer - Version 3.2.26.1     Folder = C:\Dokumente und Einstellungen\sephen\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy

 

1.50 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 61.04% Memory free

2.34 Gb Paging File | 1.88 Gb Available in Paging File | 80.61% Paging File free

Paging file location(s): C:\pagefile.sys 1024 1536 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 50.91 Gb Total Space | 9.10 Gb Free Space | 17.87% Space Free | Partition Type: NTFS

Drive D: | 135.06 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive E: | 121.68 Mb Total Space | 8.95 Mb Free Space | 7.35% Space Free | Partition Type: FAT

 

Computer Name: WEYENETH | User Name: Stephen | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011.07.10 16:16:42 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\sephen\Desktop\OTL.exe

PRC - [2011.03.03 13:10:56 | 001,175,556 | ---- | M] (NCH Software) -- C:\Programme\NCH Software\BroadCam\broadcam.exe

PRC - [2011.01.31 01:36:36 | 000,038,840 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

PRC - [2010.09.22 18:11:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

PRC - [2010.09.03 14:18:32 | 003,593,728 | ---- | M] (J. Rathlev, IEAP, Uni-Kiel) -- C:\Programme\Personal Backup 5\Persbackup.exe

PRC - [2010.05.14 11:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe

PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2006.11.10 11:46:26 | 001,504,304 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe

PRC - [2006.04.17 13:13:00 | 000,094,208 | ---- | M] (Lenovo) -- C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

PRC - [2006.04.17 13:12:28 | 000,151,552 | ---- | M] (Lenovo) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe

PRC - [2006.04.17 13:12:26 | 000,040,960 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

PRC - [2006.04.17 13:09:10 | 000,409,600 | ---- | M] (Lenovo) -- C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe

PRC - [2006.04.17 12:59:10 | 000,098,304 | ---- | M] (Lenovo) -- C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe

PRC - [2006.03.23 02:03:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE

PRC - [2006.03.23 02:03:00 | 000,069,632 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\AwayTask\AwaySch.EXE

PRC - [2006.03.01 11:50:06 | 000,626,810 | ---- | M] (Diskeeper Corporation) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe

PRC - [2006.02.14 14:17:28 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe

PRC - [2006.01.24 03:04:00 | 000,229,376 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.exe

PRC - [2006.01.17 10:37:24 | 000,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe

PRC - [2006.01.02 17:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Programme\ATI Technologies\ATI.ACE\CLI.exe

PRC - [2005.12.21 18:34:58 | 000,077,824 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Common\Scheduler\tvtsched.exe

PRC - [2005.12.21 18:27:00 | 000,032,768 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Common\Logger\logmon.exe

PRC - [2005.12.21 18:20:56 | 001,384,448 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\rrservice.exe

PRC - [2005.12.21 18:08:02 | 001,996,336 | ---- | M] (Lenovo Group Limited) -- C:\Programme\IBM ThinkVantage\Client Security Solution\cssauth.exe

PRC - [2005.12.21 17:17:54 | 000,722,480 | ---- | M] (IBM) -- C:\Programme\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe

PRC - [2005.11.15 13:13:24 | 000,049,152 | R--- | M] (Utimaco Safeware AG) -- C:\Programme\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe

PRC - [2005.11.08 16:07:02 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe

PRC - [2005.10.28 20:08:32 | 000,335,872 | ---- | M] (Google Inc.) -- C:\Programme\Picasa2\PicasaMediaDetector.exe

PRC - [2005.10.26 00:44:30 | 000,086,016 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe

PRC - [2005.08.01 17:32:40 | 000,040,960 | ---- | M] () -- C:\Programme\ThinkVantage\SystemUpdate\UCLauncherService.exe

PRC - [2005.08.01 05:10:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE

PRC - [2005.07.05 14:57:12 | 000,077,824 | ---- | M] () -- C:\Programme\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe

PRC - [2005.06.06 21:26:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe

PRC - [2004.07.27 16:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe

PRC - [2003.10.09 13:17:48 | 000,126,976 | ---- | M] (hp) -- C:\Programme\HP\Digital Imaging\Promotions\HPpromo.exe

PRC - [2003.06.25 12:24:48 | 000,049,152 | ---- | M] (Hewlett-Packard) -- C:\Programme\HP\HP Software Update\hpwuSchd.exe

PRC - [1998.04.15 16:14:46 | 000,082,944 | ---- | M] (Corel Corporation) -- C:\Corel\Graphics8\Programs\MFIndexer.exe

 

 
 ========== Modules (SafeList) ==========

 

MOD - [2011.07.10 16:16:42 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\sephen\Desktop\OTL.exe

MOD - [2010.08.23 18:11:46 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

MOD - [2006.03.23 02:03:00 | 000,086,016 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\PROCHLP.DLL

MOD - [2006.02.14 14:17:12 | 000,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - File not found [On_Demand | Stopped] --  -- (PsaSrv)

SRV - [2011.03.03 13:10:56 | 001,175,556 | ---- | M] (NCH Software) [Auto | Running] -- C:\Programme\NCH Software\BroadCam\broadcam.exe -- (BroadCamService)

SRV - [2010.08.06 10:07:57 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2006.11.10 11:46:26 | 001,504,304 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)

SRV - [2006.04.17 13:12:28 | 000,151,552 | ---- | M] (Lenovo) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)

SRV - [2006.04.17 13:12:26 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)

SRV - [2006.03.23 02:03:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)

SRV - [2006.03.01 11:50:06 | 000,626,810 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)

SRV - [2006.01.17 10:37:24 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)

SRV - [2005.12.21 18:34:58 | 000,077,824 | ---- | M] () [Auto | Running] -- C:\Programme\IBM ThinkVantage\Common\Scheduler\tvtsched.exe -- (TVT Scheduler)

SRV - [2005.12.21 18:20:56 | 001,384,448 | ---- | M] () [Auto | Running] -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)

SRV - [2005.12.21 17:17:54 | 000,722,480 | ---- | M] (IBM) [Auto | Running] -- C:\Programme\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe -- (TSSCoreService)

SRV - [2005.11.08 16:07:02 | 000,036,864 | ---- | M] () [On_Demand | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)

SRV - [2005.08.01 17:32:40 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Programme\ThinkVantage\SystemUpdate\UCLauncherService.exe -- (UCLauncherService)

SRV - [2005.06.06 21:26:22 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)

SRV - [2004.10.22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2011.07.11 20:57:20 | 000,026,872 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\FixTDSS.sys -- (FixTDSS)

DRV - [2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - [2008.05.06 11:22:40 | 000,002,368 | ---- | M] (AntiCracking) [Kernel | Auto | Running] -- C:\WINDOWS\system32\SVKP.sys -- (SVKP)

DRV - [2007.11.11 19:14:02 | 000,043,488 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)

DRV - [2006.11.10 11:44:52 | 000,305,788 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)

DRV - [2006.10.02 18:45:40 | 000,126,864 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)

DRV - [2006.09.15 01:59:34 | 000,016,256 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)

DRV - [2006.03.23 02:03:00 | 000,005,120 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)

DRV - [2006.03.23 01:13:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)

DRV - [2006.02.27 02:52:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)

DRV - [2006.02.21 22:46:26 | 001,505,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2006.02.14 12:02:40 | 000,003,328 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp)

DRV - [2006.01.17 10:18:22 | 000,850,474 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)

DRV - [2006.01.17 10:14:52 | 000,065,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)

DRV - [2006.01.17 01:52:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)

DRV - [2006.01.17 01:52:00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)

DRV - [2006.01.13 00:33:22 | 000,006,016 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)

DRV - [2005.12.21 17:14:58 | 000,012,544 | ---- | M] (IBM) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ibmfilter.sys -- (ibmfilter)

DRV - [2005.12.21 10:19:10 | 000,470,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)

DRV - [2005.11.15 13:11:28 | 000,046,142 | R--- | M] (Utimaco Safeware AG) [Kernel | Auto | Running] -- C:\Programme\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys -- (PrivateDisk)

DRV - [2005.11.08 09:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)

DRV - [2005.10.26 10:01:02 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)

DRV - [2005.08.01 05:10:00 | 000,092,700 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)

DRV - [2005.08.01 05:10:00 | 000,087,004 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)

DRV - [2005.08.01 05:10:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)

DRV - [2005.08.01 05:10:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)

DRV - [2005.08.01 05:10:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)

DRV - [2005.08.01 05:10:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)

DRV - [2005.08.01 05:10:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)

DRV - [2005.07.07 09:03:34 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)

DRV - [2005.07.07 09:02:56 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)

DRV - [2005.05.17 05:51:34 | 000,005,315 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultthis.engineName: ""

FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2117678&SearchSource=3&q={searchTerms}"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: 

FF - prefs.js..extensions.enabledItems: 

FF - prefs.js..extensions.enabledItems: 

FF - prefs.js..network.proxy.type: ""

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.06.22 21:22:03 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.06.22 21:22:03 | 000,000,000 | ---D | M]

 

[2010.02.14 13:04:29 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\sephen\Anwendungsdaten\Mozilla\Extensions

[2011.07.14 09:06:03 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\sephen\Anwendungsdaten\Mozilla\Firefox\Profiles\oz3ilbot.default\extensions

[2011.07.11 21:13:40 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2010.05.13 15:42:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010.10.07 22:49:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010.12.10 19:13:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2010.12.21 10:00:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\SEPHEN\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\OZ3ILBOT.DEFAULT\EXTENSIONS\{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}

File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\SEPHEN\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\OZ3ILBOT.DEFAULT\EXTENSIONS\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}

File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\SEPHEN\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\OZ3ILBOT.DEFAULT\EXTENSIONS\ENGINE@CONDUIT.COM

[2010.04.11 09:43:31 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll

[2011.03.10 21:24:02 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.03.10 21:24:02 | 000,002,344 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml

[2011.03.10 21:24:02 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.03.10 21:24:03 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.03.10 21:24:03 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2011.07.11 21:59:17 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Snapform Viewer PlugIn for IE) - {00AF1458-D967-4C0E-B736-D6D010521EF5} - C:\Programme\SnapFormViewer\Viewer\bin\lib\SFVPlugInIE_x86.dll (Ringler Informatik AG)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)

O4 - HKLM..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)

O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [ATICCC] C:\Programme\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)

O4 - HKLM..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)

O4 - HKLM..\Run: [BLOG] C:\Programme\ThinkPad\Utilities\BATLOGEX.DLL ()

O4 - HKLM..\Run: [BroadCam] C:\Programme\NCH Software\BroadCam\broadcam.exe (NCH Software)

O4 - HKLM..\Run: [cssauth] C:\Programme\IBM ThinkVantage\Client Security Solution\cssauth.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [DiskeeperSystray] C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)

O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)

O4 - HKLM..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd.exe (Hewlett-Packard)

O4 - HKLM..\Run: [HPpromo psc 2400 series] C:\Programme\HP\Digital Imaging\Promotions\HPpromo.exe (hp)

O4 - HKLM..\Run: [ISUSPM Startup] c:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [ISUSScheduler] c:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [PDService.exe] C:\Programme\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe (Utimaco Safeware AG)

O4 - HKLM..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.)

O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)

O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [suScheduler] C:\Programme\ThinkVantage\SystemUpdate\UCLauncher.exe ()

O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [TPKMAPHELPER] C:\Programme\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe (Corel Corporation)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk = C:\WINDOWS\Installer\{176130BC-99A1-41FE-A78B-56045E33AD70}\Icon3E5562ED7.ico ()

O4 - Startup: C:\Dokumente und Einstellungen\sephen\Startmenü\Programme\Autostart\Persbackup.lnk = C:\Programme\Personal Backup 5\Persbackup.exe (J. Rathlev, IEAP, Uni-Kiel)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Append to Existing PDF - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: ThinkPad-Software - Aktualisierung - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Programme\Lenovo\PkgMgr\\PkgMgr.exe ()

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189769570031 (WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\WINDOWS\System32\vrlogon.dll (UPEK Inc.)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\AwayNotify: DllName - C:\Programme\Lenovo\AwayTask\AwayNotify.dll - C:\Programme\Lenovo\AwayTask\AwayNotify.dll (Lenovo Group Limited)

O20 - Winlogon\Notify\psfus: DllName - psqlpwd.dll - C:\WINDOWS\System32\psqlpwd.dll (UPEK Inc.)

O20 - Winlogon\Notify\tpfnf2: DllName - notifyf2.dll - C:\WINDOWS\System32\notifyf2.dll ()

O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll ()

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007.04.27 02:32:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2009.01.16 03:00:00 | 000,000,027 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.07.14 09:05:58 | 000,000,000 | ---D | C] -- C:\_OTL

[2011.07.14 08:55:17 | 002,003,912 | ---- | C] (Check Point Software Technologies LTD) -- C:\Dokumente und Einstellungen\sephen\Desktop\clean.exe

[2011.07.13 21:36:26 | 001,905,664 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\sephen\Desktop\aswMBR.exe

[2011.07.13 10:46:59 | 001,436,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\sephen\Desktop\tdsskiller.exe

[2011.07.13 10:45:04 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2011.07.11 21:45:04 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2011.07.11 21:29:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2011.07.11 21:29:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2011.07.11 21:29:18 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2011.07.11 21:29:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2011.07.11 21:29:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2011.07.11 21:14:29 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011.07.11 20:57:20 | 000,026,872 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\FixTDSS.sys

[2011.07.11 20:57:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\sephen\Anwendungsdaten\FixTDSS

[2011.07.11 20:54:25 | 004,148,094 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\sephen\Desktop\ComboFix.exe

[2011.07.11 20:54:25 | 001,932,256 | ---- | C] (Symantec Corporation) -- C:\Dokumente und Einstellungen\sephen\Desktop\FixTDSS.exe

[2011.07.10 17:08:51 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\sephen\Desktop\OTL.exe

[2011.07.10 11:32:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\sephen\Anwendungsdaten\Malwarebytes

[2011.07.10 11:31:49 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011.07.10 11:31:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware

[2011.07.10 11:31:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2011.07.10 11:31:41 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011.07.10 11:31:40 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2011.07.10 11:25:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\sephen\Desktop\Trojaner-Krieg

[2011.07.10 10:52:46 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\sephen\Recent

[2011.07.08 08:53:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Skype

[2011.06.30 14:41:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\sephen\Desktop\Spin Glass

[2011.06.20 19:17:18 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2011.06.15 21:58:29 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys

[8 C:\Dokumente und Einstellungen\sephen\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\sephen\Desktop\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.07.14 09:09:26 | 000,002,423 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk

[2011.07.14 09:09:10 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job

[2011.07.14 09:09:03 | 000,008,880 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI

[2011.07.14 09:08:54 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011.07.14 09:08:54 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011.07.14 09:08:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011.07.14 09:08:30 | 1608,962,048 | -HS- | M] () -- C:\hiberfil.sys

[2011.07.14 09:06:02 | 000,391,568 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2011.07.14 09:06:02 | 000,380,684 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011.07.14 09:06:02 | 000,063,982 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2011.07.14 09:06:02 | 000,053,098 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011.07.14 08:53:00 | 002,003,912 | ---- | M] (Check Point Software Technologies LTD) -- C:\Dokumente und Einstellungen\sephen\Desktop\clean.exe

[2011.07.13 22:38:51 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\sephen\Desktop\MBR.dat

[2011.07.13 22:24:11 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011.07.13 21:24:44 | 001,905,664 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\sephen\Desktop\aswMBR.exe

[2011.07.13 21:23:42 | 000,920,384 | ---- | M] () -- C:\Dokumente und Einstellungen\sephen\Desktop\Norton_Removal_Tool.exe

[2011.07.13 12:18:08 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\Personal Backup Test1.job

[2011.07.13 10:45:58 | 001,436,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\sephen\Desktop\tdsskiller.exe

[2011.07.13 10:45:34 | 000,139,264 | ---- | M] () -- C:\Dokumente und Einstellungen\sephen\Desktop\RKUnhookerLE.EXE

[2011.07.13 10:45:26 | 000,080,384 | ---- | M] () -- C:\Dokumente und Einstellungen\sephen\Desktop\MBRCheck.exe

[2011.07.11 21:59:17 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2011.07.11 21:45:11 | 000,000,310 | RHS- | M] () -- C:\BOOT.INI

[2011.07.11 20:57:20 | 000,026,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\FixTDSS.sys

[2011.07.11 20:53:06 | 004,148,094 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\sephen\Desktop\ComboFix.exe

[2011.07.11 20:51:12 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Dokumente und Einstellungen\sephen\Desktop\FixTDSS.exe

[2011.07.10 16:16:42 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\sephen\Desktop\OTL.exe

[2011.07.10 12:16:46 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\sephen\defogger_reenable

[2011.07.10 12:14:18 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\sephen\Desktop\hdyof2xc.exe

[2011.07.10 12:08:30 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\sephen\Desktop\Defogger.exe

[2011.07.10 12:01:18 | 000,684,297 | ---- | M] () -- C:\Dokumente und Einstellungen\sephen\Desktop\unhide.exe

[2011.06.30 23:04:05 | 000,000,716 | ---- | M] () -- C:\Dokumente und Einstellungen\sephen\Desktop\Skype™ Extras Manager.lnk

[2011.06.26 08:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe

[2011.06.24 11:09:22 | 000,828,165 | ---- | M] () -- C:\Dokumente und Einstellungen\sephen\Desktop\e144527.pdf

[2011.06.22 23:59:34 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2011.06.20 19:17:18 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[8 C:\Dokumente und Einstellungen\sephen\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\sephen\Desktop\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011.07.13 21:26:35 | 000,920,384 | ---- | C] () -- C:\Dokumente und Einstellungen\sephen\Desktop\Norton_Removal_Tool.exe

[2011.07.13 10:46:59 | 000,139,264 | ---- | C] () -- C:\Dokumente und Einstellungen\sephen\Desktop\RKUnhookerLE.EXE

[2011.07.13 10:46:59 | 000,080,384 | ---- | C] () -- C:\Dokumente und Einstellungen\sephen\Desktop\MBRCheck.exe

[2011.07.12 11:08:51 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\sephen\Desktop\MBR.dat

[2011.07.11 21:49:59 | 000,001,583 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\McAfee Security Scan Plus.lnk

[2011.07.11 21:45:11 | 000,000,194 | ---- | C] () -- C:\Boot.bak

[2011.07.11 21:45:06 | 000,262,448 | RHS- | C] () -- C:\cmldr

[2011.07.11 21:29:18 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2011.07.11 21:29:18 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2011.07.11 21:29:18 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2011.07.11 21:29:18 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2011.07.11 21:29:18 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2011.07.10 12:28:35 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\sephen\Desktop\hdyof2xc.exe

[2011.07.10 12:16:46 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\sephen\defogger_reenable

[2011.07.10 12:15:51 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\sephen\Desktop\Defogger.exe

[2011.07.10 12:07:30 | 000,001,720 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk

[2011.07.10 12:07:30 | 000,001,699 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\GameSpy Comrade.lnk

[2011.07.10 12:07:30 | 000,001,577 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk

[2011.07.10 12:07:30 | 000,001,528 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ThinkVantage Productivity Center.lnk

[2011.07.10 12:07:30 | 000,000,937 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\HP Bildergalerie.lnk

[2011.07.10 12:07:30 | 000,000,771 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\HP Director.lnk

[2011.07.10 12:07:15 | 000,002,423 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk

[2011.07.10 12:07:15 | 000,001,686 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Corel MEDIA FOLDERS INDEXER 8.LNK

[2011.07.10 12:07:15 | 000,000,662 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Windows Movie Maker.lnk

[2011.07.10 12:07:14 | 000,002,371 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Acrobat Distiller 9.lnk

[2011.07.10 12:07:14 | 000,002,359 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Acrobat 9 Pro.lnk

[2011.07.10 12:07:14 | 000,002,043 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\IBM Java Plug-in-Systemsteuerung 1.4.2.lnk

[2011.07.10 12:07:14 | 000,001,908 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\MSN.lnk

[2011.07.10 12:07:14 | 000,001,871 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe LiveCycle Designer ES 8.2.lnk

[2011.07.10 12:07:14 | 000,001,804 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader 9.lnk

[2011.07.10 12:07:14 | 000,001,744 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Money.LNK

[2011.07.10 12:07:14 | 000,000,830 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\VideoPad Videobearbeitungs-Software.lnk

[2011.07.10 12:07:14 | 000,000,816 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\BroadCam Video Streaming Server.lnk

[2011.07.10 12:07:14 | 000,000,770 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Prism Videodatei-Konverter.lnk

[2011.07.10 12:07:14 | 000,000,717 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\I.R.I.S. OCR-Registrierung.lnk

[2011.07.10 12:07:14 | 000,000,621 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Windows Messenger.lnk

[2011.07.10 12:07:14 | 000,000,322 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Bluetooth-Umgebung.lnk

[2011.07.10 12:01:47 | 000,684,297 | ---- | C] () -- C:\Dokumente und Einstellungen\sephen\Desktop\unhide.exe

[2011.06.29 13:30:02 | 000,000,722 | ---- | C] () -- C:\Dokumente und Einstellungen\sephen\Startmenü\Programme\Skype™ Extras Manager.lnk

[2011.06.29 13:30:02 | 000,000,716 | ---- | C] () -- C:\Dokumente und Einstellungen\sephen\Desktop\Skype™ Extras Manager.lnk

[2011.06.24 11:09:22 | 000,828,165 | ---- | C] () -- C:\Dokumente und Einstellungen\sephen\Desktop\e144527.pdf

[2010.12.19 13:33:55 | 000,000,038 | ---- | C] () -- C:\WINDOWS\TETRIS.INI

[2010.12.19 13:13:08 | 000,306,688 | ---- | C] () -- C:\WINDOWS\Uninstall Spielesammlung.exe

[2010.12.19 13:13:03 | 000,000,380 | ---- | C] () -- C:\WINDOWS\Uninstall Spielesammlung.ini

[2010.06.10 18:09:43 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010.02.14 13:04:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2009.05.10 14:42:30 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2009.02.08 15:43:20 | 000,002,478 | ---- | C] () -- C:\WINDOWS\wincmd.ini

[2008.09.17 18:27:18 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2008.08.25 14:10:54 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2008.08.25 14:10:53 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2008.05.11 12:12:58 | 000,068,166 | ---- | C] () -- C:\Programme\Gamesload.RPT

[2008.05.05 23:01:15 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat

[2008.02.21 10:03:01 | 000,000,145 | ---- | C] () -- C:\WINDOWS\AVI2MPEG.ini

[2008.02.21 09:54:32 | 000,059,904 | ---- | C] () -- C:\Dokumente und Einstellungen\sephen\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007.11.11 19:03:57 | 000,034,480 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat

[2007.11.11 19:03:57 | 000,028,982 | ---- | C] () -- C:\WINDOWS\hpoins03.dat

[2007.07.02 19:25:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat

[2007.05.07 21:17:54 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\sh33w32.dll

[2007.05.07 21:17:00 | 000,039,095 | ---- | C] () -- C:\WINDOWS\iccsigs.dat

[2007.05.07 21:14:19 | 000,000,465 | ---- | C] () -- C:\WINDOWS\barcode.ini

[2007.05.07 20:32:51 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll

[2007.05.06 17:49:51 | 000,000,403 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2007.05.03 13:15:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI

[2007.04.27 02:32:17 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\sephen\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat

[2007.03.16 17:00:00 | 000,003,403 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

[2006.11.10 11:46:36 | 000,197,680 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll

[2006.11.10 11:46:24 | 000,193,584 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll

[2006.09.15 02:04:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2006.09.15 02:03:47 | 000,016,384 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE

[2006.09.15 02:03:47 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS

[2006.09.15 02:03:31 | 000,006,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys

[2006.09.15 01:59:55 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\psasrv.exe

[2006.09.15 01:53:51 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\profile.dat

[2006.09.15 01:49:48 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll

[2006.09.15 01:49:48 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll

[2006.09.15 01:49:48 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll

[2006.09.15 01:49:48 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll

[2006.09.15 01:49:48 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll

[2006.09.15 01:49:48 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

[2006.09.15 01:49:14 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys

[2006.09.15 01:48:42 | 000,000,148 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2006.09.15 01:32:45 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll

[2006.09.15 01:31:41 | 000,009,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS

[2006.09.15 01:30:29 | 000,147,520 | ---- | C] () -- C:\WINDOWS\_tpiu000.exe

[2006.09.15 01:30:03 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll

[2006.09.15 01:30:03 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll

[2006.09.15 01:30:03 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\acs.exe

[2006.09.15 01:29:33 | 000,315,392 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe

[2006.09.15 01:29:20 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TpKmpSvc.exe

[2006.01.27 09:59:50 | 000,002,963 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2006.01.20 16:05:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2006.01.17 10:31:30 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll

[2005.10.17 15:22:24 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL

[2005.07.08 01:06:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\desktopset.exe

[2005.05.23 08:22:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN

[2005.05.23 08:22:24 | 000,004,547 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT

[2004.08.10 13:48:32 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2004.08.10 13:33:43 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2004.08.10 13:23:42 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2004.08.10 13:18:03 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2004.08.10 13:17:14 | 000,497,048 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2003.08.11 10:44:18 | 000,565,248 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll

[2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

[1999.01.22 20:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

[1980.01.01 00:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[1980.01.01 00:00:00 | 000,391,568 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat

[1980.01.01 00:00:00 | 000,380,684 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[1980.01.01 00:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[1980.01.01 00:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat

[1980.01.01 00:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[1980.01.01 00:00:00 | 000,121,995 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat

[1980.01.01 00:00:00 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll

[1980.01.01 00:00:00 | 000,073,782 | ---- | C] () -- C:\WINDOWS\System32\ibmpmsvc.exe

[1980.01.01 00:00:00 | 000,063,982 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat

[1980.01.01 00:00:00 | 000,053,098 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[1980.01.01 00:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[1980.01.01 00:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat

[1980.01.01 00:00:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll

[1980.01.01 00:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[1980.01.01 00:00:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll

[1980.01.01 00:00:00 | 000,008,880 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI

[1980.01.01 00:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[1980.01.01 00:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[1980.01.01 00:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[1980.01.01 00:00:00 | 000,000,487 | ---- | C] () -- C:\WINDOWS\System32\IPSCTRL.INI
 

< End of report >

--- --- ---

Hier das Extras.txt
OTL Logfile:

Code:

OTL Extras logfile created on: 14.07.2011 09:12:11 - Run 4

OTL by OldTimer - Version 3.2.26.1     Folder = C:\Dokumente und Einstellungen\sephen\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy

 

1.50 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 61.04% Memory free

2.34 Gb Paging File | 1.88 Gb Available in Paging File | 80.61% Paging File free

Paging file location(s): C:\pagefile.sys 1024 1536 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 50.91 Gb Total Space | 9.10 Gb Free Space | 17.87% Space Free | Partition Type: NTFS

Drive D: | 135.06 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive E: | 121.68 Mb Total Space | 8.95 Mb Free Space | 7.35% Space Free | Partition Type: FAT

 

Computer Name: WEYENETH | User Name: Stephen | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

"DoNotAllowExceptions" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst

"86:TCP" = 86:TCP:*:Enabled:BroadCam Video Streaming Server Web Server

"1935:TCP" = 1935:TCP:*:Enabled:BroadCam Video Streaming Server Flash Video Server

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Programme\ThinkVantage\SystemUpdate\jre\bin\javaw.exe" = C:\Programme\ThinkVantage\SystemUpdate\jre\bin\javaw.exe:*:Enabled:ThinkVantage System Update -- (IBM)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Programme\ThinkVantage\SystemUpdate\jre\bin\javaw.exe" = C:\Programme\ThinkVantage\SystemUpdate\jre\bin\javaw.exe:*:Enabled:ThinkVantage System Update -- (IBM)

"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)

"C:\Dokumente und Einstellungen\sephen\Lokale Einstellungen\Temp\7zS13.tmp\SymNRT.exe" = C:\Dokumente und Einstellungen\sephen\Lokale Einstellungen\Temp\7zS13.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium

"{075473F5-846A-448B-BCB3-104AA1760205}" = RecordNow Data

"{0868BB9D-5EA0-40AF-A1CC-A38ED4E5BC67}" = 32 Bit HP CIO Components Installer

"{092eeeee-9fdd-4895-a568-0818c96beb6c}" = AiO_Scan

"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message

"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA

"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad-Dienstprogramm 'EasyEject'

"{176130BC-99A1-41FE-A78B-56045E33AD70}" = Cisco Systems VPN Client 4.8.02.0010

"{176B3593-72F1-459C-829C-5E9671E2CB35}" = GameSpy Comrade

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = Dienstprogramm 'ThinkPad-Tastaturanpassung'

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{261C86E1-7FAE-4F47-AE51-835F127AC0A1}" = HPpromotions

"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 23

"{2A43FF29-0D97-4445-B82D-9324F176AED5}" = ThinkVantage System Update

"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0

"{2F1FD032-67D1-4569-923F-47EAF132BF0F}" = DocProc

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{36A1E3D6-288A-4EEE-A081-30D9808B2BE3}" = Joe

"{3B47A107-0473-4BD7-8BAB-A14FBC995C6B}" = ATI Catalyst Control Center

"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics

"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION

"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = ThinkPad Bluetooth with Enhanced Data Rate Software

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4FB6F304-A91D-4919-98E5-D96E074EA9E5}" = SkinsHP1

"{54e854d5-d5d4-452d-9c75-b39f5625b5fb}" = Readme

"{5ADF6293-D60F-4425-AFA7-CEB820DB872B}" = QuickProjects

"{642a22b1-7ab8-44b5-84b9-e58eecf8ece2}" = 2400_2500Help

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler

"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III

"{72806716-7088-41B2-8FA6-717A2A164DAB}" = ThinkVantage System für aktiven Festplattenschutz

"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare

"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections

"{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}" = InterVideo WinDVD Creator

"{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = ThinkPad-UltraNav-Assistent

"{829698DE-9EAC-475E-9A05-B7BA807CA1EF}" = Director

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder

"{8E726115-FCBE-43B1-9FB7-06E8E25F9ABE}" = Diskeeper Lite

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD

"{939227BD-19D8-4684-8A04-31AC9F6A564C}" = Scan

"{9441cb44-9729-4962-9ce1-c7752350fe52}" = 23_24_2500Tour

"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center

"{98e3d87f-6946-468d-b34e-9f89ac8da70a}" = 2400

"{9F4EEA0C-7174-4BD3-89AF-7AB2F9F6AEDD}" = hpmdtab

"{9FAC9E5C-0D20-4DBF-AFE5-2E09C52A95A2}" = ThinkPad Wireless LAN Adapters Software (11a/b, 11b/g, 11a/b/g)

"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Energie-Manager

"{A1314B1F-B426-4CEA-968D-B0DE02BF1676}" = KI6220

"{A363B66C-1547-47bf-90F0-3834E70A841A}" = CreativeProjects

"{A8AD990E-355A-4413-8647-A9B168978423}_is1" = UltraVNC v1.0.2

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = RecordNow Audio

"{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro

"{AC76BA86-1033-0000-7760-000000000004}_943" = Adobe Acrobat 9.4.3 - CPSID_83708

"{AC76BA86-1033-0000-7760-000000000004}{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro

"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch

"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = RecordNow Copy

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars

"{BF90215F-2D7B-4C84-8A24-A03BC41B95DD}" = Rescue and Recovery - Client Security Solution

"{c330461f-c4a9-4fc7-af5d-c158e0b56aa7}" = AiOSoftware

"{C38BC5B7-62D3-4880-82DD-A4803FD81921}" = PhotoGallery

"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes

"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help

"{C9A162C1-031F-4EBF-A3E6-C45F7FCCBB9E}_is1" = Genie Backup Assistant

"{CA89B56F-E71B-4E08-82A9-580533E1C048}" = System Migration Assistant

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CC0A24CB-87C9-4F1C-A1F2-F87D8D4DDCAF}" = HP Software Update

"{CDBFC424-DD00-497F-9BDC-4E4178332336}" = ThinkVantage Fingerprint Software 5.4

"{CE4F8FFB-4063-4247-9F14-ECE61AFEFA25}" = TrayApp

"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center

"{CFD1B282-555D-494d-8231-4175C2AF08C2}" = PrintScreen

"{D1D8C9C4-89BE-4f37-9EC4-B80E3C239C41}" = Copy

"{d40e4a88-ebc8-4d52-be3c-a4917a057ef0}" = Fax

"{D545BB81-DEB0-49f7-BE26-197BC31AAF57}" = SkinsHP2

"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3

"{D728E945-256D-4477-B377-6BBA693714AC}" = Ergänzung zu Productivity Center für ThinkPad

"{E4ABB302-9D82-4D18-83D5-AD1DFE786AA8}" = Unload

"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack

"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center

"{E922961C-6DB6-41DE-9FEA-426DF3E9F81C}" = IBM 32-bit Runtime Environment for Java 2, v1.4.2

"{EA664480-3844-11D5-8C25-444553540000}" = Funktion "TrackPoint-Eingabehilfen"

"{ec7d7a6a-31cb-4810-826f-74171bef44f1}" = AIOMinimal

"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX

"{F386C340-DF4B-4BBA-9503-420FB7EDB395}" = Wallpapers

"{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}" = HP PSC & OfficeJet 3.0

"{f409f2fe-2567-446f-a220-e60cd7e016f4}" = 2400_2500trb

"{FBBF532A-47AC-457d-AC06-0D3163D8911E}" = WebReg

"{FC081D4D-DF1B-4CF1-B530-027E4118D846}" = ThinkPad-Konfiguration

"2841-5017-1617-4151" = Snapform Viewer 1.7.7

"6901-5136-2669-7101" = EasyTax 2010 AG 1.0

"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software

"ATI Display Driver" = ATI Display Driver

"AVI2MPEG" = AVI2MPEG

"AVS Update Manager_is1" = AVS Update Manager 1.0

"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4

"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6

"AVS4YOU Video Converter 7_is1" = AVS Video Converter 7

"AwayTask" = ThinkVantage Away Manager

"BroadCam" = BroadCam Video Streaming Server

"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem

"Corel Uninstaller" = Corel Uninstaller

"EasyTax 2007 AG 1.0" = EasyTax 2007 AG 1.0

"EasyTax 2008 AG 1.0" = EasyTax 2008 AG 1.0

"EasyTax 2009 AG 1.0" = EasyTax 2009 AG 1.0

"Free YouTube Download_is1" = Free YouTube Download 2.2

"GPStill" = PStill PostScript to PDF Converter (remove only)

"HP Color LaserJet CP4520 Series PCL6,HP Color LaserJet CP4020 Series PCL6" = HP Color LaserJet CP4520 Series PCL6,HP Color LaserJet CP4020 Series PCL6 [HP Color LaserJet CP4520 Series PCL6]

"HP Photo & Imaging" = HP Photo & Imaging 3.1

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III

"InstallShield_{E922961C-6DB6-41DE-9FEA-426DF3E9F81C}" = IBM 32-bit Runtime Environment for Java 2, v1.4.2

"Jpeg2Ps-1.9-1_is1" = GnuWin32: Jpeg2Ps-1.9-1

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.0.1200

"Mathematica 4.0.0.0 P" = Mathematica 4

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"MiKTeX 2.7" = MiKTeX 2.7

"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"MSMONEYV80" = Microsoft Money 2000

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"Origin 6.1" = Origin 6.1

"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows

"PCMCIAPW" = ThinkPad PC Card Power Policy

"Personal Backup 5_is1" = Personal Backup 5.0

"Picasa2" = Picasa 2

"POV-Ray for Windows v3.6" = POV-Ray for Windows v3.6.1c

"Power Management Driver" = ThinkPad Power Management Driver

"Prism" = Prism Videodatei-Konverter

"Remove Multimedia Center" = Remove Multimedia Center

"SynTPDeinstKey" = ThinkPad UltraNav Driver

"TeXnicCenter_is1" = TeXnicCenter Version 1 Beta 7.01 (Greengrass)

"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier

"ThinkPadSoftwareInstaller" = Software Installer

"Totalcmd" = Total Commander (Remove or Repair)

"Uninstall_is1" = Uninstall 1.0.0.1

"VideoPad" = VideoPad Videobearbeitungs-Software

"VLC media player" = VLC media player 0.9.8a

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinRAR archiver" = WinRAR

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"Xvid_is1" = Xvid 1.1.3 final uninstall

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 07.07.2011 14:03:26 | Computer Name = WEYENETH | Source = crypt32 | ID = 131080

Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer

 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

 ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.

.

 

Error - 07.07.2011 14:03:26 | Computer Name = WEYENETH | Source = crypt32 | ID = 131080

Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer

 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

 ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.

.

 

Error - 08.07.2011 03:17:19 | Computer Name = WEYENETH | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung skype.exe, Version 5.3.0.120, fehlgeschlagenes

 Modul , Version 0.0.0.0, Fehleradresse 0x00000000.

 

Error - 08.07.2011 05:16:19 | Computer Name = WEYENETH | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung skype.exe, Version 5.3.0.120, fehlgeschlagenes

 Modul , Version 0.0.0.0, Fehleradresse 0x00000000.

 

Error - 08.07.2011 07:43:29 | Computer Name = WEYENETH | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes

 Modul unknown, Version 0.0.0.0, Fehleradresse 0x4ebb74b2.

 

Error - 08.07.2011 07:43:37 | Computer Name = WEYENETH | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung drwtsn32.exe, Version 5.1.2600.0, fehlgeschlagenes

 Modul dbghelp.dll, Version 5.1.2600.5512, Fehleradresse 0x0001295d.

 

Error - 08.07.2011 16:59:12 | Computer Name = WEYENETH | Source = McLogEvent | ID = 259

Description = 

 

Error - 08.07.2011 17:20:25 | Computer Name = WEYENETH | Source = McLogEvent | ID = 259

Description = 

 

Error - 10.07.2011 12:41:27 | Computer Name = WEYENETH | Source = McLogEvent | ID = 259

Description = 

 

Error - 10.07.2011 16:13:14 | Computer Name = WEYENETH | Source = McLogEvent | ID = 259

Description = 

 

[ System Events ]

Error - 14.07.2011 03:05:59 | Computer Name = WEYENETH | Source = Service Control Manager | ID = 7034

Description = Dienst "Cisco Systems, Inc. VPN Service" wurde unerwartet beendet.

 Dies ist bereits 1 Mal passiert.

 

Error - 14.07.2011 03:05:59 | Computer Name = WEYENETH | Source = Service Control Manager | ID = 7034

Description = Dienst "Diskeeper" wurde unerwartet beendet. Dies ist bereits 1 Mal

 passiert.

 

Error - 14.07.2011 03:05:59 | Computer Name = WEYENETH | Source = Service Control Manager | ID = 7034

Description = Dienst "Java Quick Starter" wurde unerwartet beendet. Dies ist bereits

 1 Mal passiert.

 

Error - 14.07.2011 03:05:59 | Computer Name = WEYENETH | Source = Service Control Manager | ID = 7034

Description = Dienst "ThinkPad HDD APS Logging Service" wurde unerwartet beendet.

 Dies ist bereits 1 Mal passiert.

 

Error - 14.07.2011 03:05:59 | Computer Name = WEYENETH | Source = Service Control Manager | ID = 7034

Description = Dienst "IBM KCU Service" wurde unerwartet beendet. Dies ist bereits

 1 Mal passiert.

 

Error - 14.07.2011 03:05:59 | Computer Name = WEYENETH | Source = Service Control Manager | ID = 7034

Description = Dienst "TVT Backup Service" wurde unerwartet beendet. Dies ist bereits

 1 Mal passiert.

 

Error - 14.07.2011 03:05:59 | Computer Name = WEYENETH | Source = Service Control Manager | ID = 7034

Description = Dienst "ThinkVantage System Update" wurde unerwartet beendet. Dies

 ist bereits 1 Mal passiert.

 

Error - 14.07.2011 03:05:59 | Computer Name = WEYENETH | Source = Service Control Manager | ID = 7034

Description = Dienst "TVT Scheduler" wurde unerwartet beendet. Dies ist bereits 

1 Mal passiert.

 

Error - 14.07.2011 03:06:00 | Computer Name = WEYENETH | Source = Service Control Manager | ID = 7034

Description = Dienst "Access Connections Main Service" wurde unerwartet beendet.

 Dies ist bereits 1 Mal passiert.

 

Error - 14.07.2011 03:06:01 | Computer Name = WEYENETH | Source = Service Control Manager | ID = 7034

Description = Dienst "ACU Configuration Service" wurde unerwartet beendet. Dies 

ist bereits 1 Mal passiert.

 

 

< End of report >

--- --- ---

Schöner Gruss
West79

Hallo abermals

Sieht glaub sehr gut aus. Beide tools haben nichts gefunden.

Hier das log des TDSkillers

Code:

2011/07/14 20:47:10.0171 4672        TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56

2011/07/14 20:47:10.0187 4672        ================================================================================

2011/07/14 20:47:10.0187 4672        SystemInfo:

2011/07/14 20:47:10.0187 4672        

2011/07/14 20:47:10.0187 4672        OS Version: 5.1.2600 ServicePack: 3.0

2011/07/14 20:47:10.0187 4672        Product type: Workstation

2011/07/14 20:47:10.0187 4672        ComputerName: WEYENETH

2011/07/14 20:47:10.0187 4672        UserName: Stephen

2011/07/14 20:47:10.0187 4672        Windows directory: C:\WINDOWS

2011/07/14 20:47:10.0187 4672        System windows directory: C:\WINDOWS

2011/07/14 20:47:10.0187 4672        Processor architecture: Intel x86

2011/07/14 20:47:10.0187 4672        Number of processors: 2

2011/07/14 20:47:10.0187 4672        Page size: 0x1000

2011/07/14 20:47:10.0187 4672        Boot type: Normal boot

2011/07/14 20:47:10.0187 4672        ================================================================================

2011/07/14 20:47:10.0687 4672        Initialize success

2011/07/14 20:47:13.0562 0628        ================================================================================

2011/07/14 20:47:13.0562 0628        Scan started

2011/07/14 20:47:13.0562 0628        Mode: Manual; 

2011/07/14 20:47:13.0562 0628        ================================================================================

2011/07/14 20:47:14.0656 0628        61883           (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys

2011/07/14 20:47:14.0734 0628        abp480n5        (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2011/07/14 20:47:14.0781 0628        ac97intc        (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys

2011/07/14 20:47:14.0859 0628        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/07/14 20:47:14.0890 0628        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

2011/07/14 20:47:14.0953 0628        ADIHdAudAddService (66614b9fdc7e74ab736a84d89f7b06b6) C:\WINDOWS\system32\drivers\ADIHdAud.sys

2011/07/14 20:47:15.0046 0628        adpu160m        (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2011/07/14 20:47:15.0078 0628        AEAudioService  (c984de22ed71414abc42c1e03d412e33) C:\WINDOWS\system32\drivers\AEAudio.sys

2011/07/14 20:47:15.0109 0628        aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/07/14 20:47:15.0156 0628        AegisP          (91f3df93f40a74d222cd166fe95db633) C:\WINDOWS\system32\DRIVERS\AegisP.sys

2011/07/14 20:47:15.0203 0628        AFD             (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys

2011/07/14 20:47:15.0296 0628        AFS2K           (c719341a1cf6afd4fa0808ae3d23d6a3) C:\WINDOWS\system32\drivers\AFS2K.sys

2011/07/14 20:47:15.0359 0628        agp440          (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2011/07/14 20:47:15.0437 0628        agpCPQ          (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2011/07/14 20:47:15.0453 0628        Aha154x         (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2011/07/14 20:47:15.0484 0628        aic78u2         (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2011/07/14 20:47:15.0546 0628        aic78xx         (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2011/07/14 20:47:15.0625 0628        AliIde          (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2011/07/14 20:47:15.0656 0628        alim1541        (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2011/07/14 20:47:15.0687 0628        amdagp          (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2011/07/14 20:47:15.0718 0628        amsint          (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2011/07/14 20:47:15.0750 0628        ANC             (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS

2011/07/14 20:47:15.0828 0628        AR5211          (1b778efe22771e827ee24b334084a1f5) C:\WINDOWS\system32\DRIVERS\ar5211.sys

2011/07/14 20:47:15.0953 0628        Arp1394         (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/07/14 20:47:15.0984 0628        asc             (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2011/07/14 20:47:16.0015 0628        asc3350p        (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2011/07/14 20:47:16.0046 0628        asc3550         (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2011/07/14 20:47:16.0109 0628        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/07/14 20:47:16.0171 0628        atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/07/14 20:47:16.0312 0628        ati2mtag        (07ac9a98ea70b5a6655a5797174bd282) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2011/07/14 20:47:16.0375 0628        Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/07/14 20:47:16.0484 0628        atmeltpm        (dbf0d7e2df33b469eb55406fea759350) C:\WINDOWS\system32\DRIVERS\atmeltpm.sys

2011/07/14 20:47:16.0531 0628        audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/07/14 20:47:16.0609 0628        Avc             (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys

2011/07/14 20:47:16.0703 0628        b57w2k          (c0acd392ece55784884cc208aafa06ce) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

2011/07/14 20:47:16.0781 0628        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/07/14 20:47:16.0875 0628        BTKRNL          (4ebd4ebff01617fbda6ce7963f150918) C:\WINDOWS\system32\DRIVERS\btkrnl.sys

2011/07/14 20:47:16.0906 0628        BTWUSB          (589400f357f6cb156a6f804035514da0) C:\WINDOWS\system32\Drivers\btwusb.sys

2011/07/14 20:47:16.0937 0628        cbidf           (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2011/07/14 20:47:16.0968 0628        cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/07/14 20:47:17.0015 0628        CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/07/14 20:47:17.0046 0628        cd20xrnt        (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2011/07/14 20:47:17.0093 0628        Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/07/14 20:47:17.0171 0628        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/07/14 20:47:17.0203 0628        Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/07/14 20:47:17.0250 0628        CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2011/07/14 20:47:17.0546 0628        CmdIde          (c687f81290303d90099b027a6474f99f) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2011/07/14 20:47:17.0593 0628        Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2011/07/14 20:47:17.0640 0628        Cpqarray        (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2011/07/14 20:47:17.0703 0628        CVirtA          (5c706c06c1279952d2cc1a609ca948bf) C:\WINDOWS\system32\DRIVERS\CVirtA.sys

2011/07/14 20:47:17.0781 0628        CVPNDRVA        (03516f6d3b8c91c919de622196a84bce) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys

2011/07/14 20:47:17.0796 0628        dac2w2k         (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2011/07/14 20:47:17.0828 0628        dac960nt        (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2011/07/14 20:47:17.0859 0628        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/07/14 20:47:17.0937 0628        DLABOIOM        (efae981c8ba3dad4103a76bcb5955b07) C:\WINDOWS\system32\DLA\DLABOIOM.SYS

2011/07/14 20:47:17.0984 0628        DLACDBHM        (8d45ac148fd8c1a25204aeca1397fa7e) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

2011/07/14 20:47:18.0015 0628        DLADResN        (75f07b1ba9a358e401856cf51b6a65d0) C:\WINDOWS\system32\DLA\DLADResN.SYS

2011/07/14 20:47:18.0062 0628        DLAIFS_M        (2aef49904bde7398d0f09b6a603738ef) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS

2011/07/14 20:47:18.0078 0628        DLAOPIOM        (46fa268a829384256179f4ccb6eb308f) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS

2011/07/14 20:47:18.0093 0628        DLAPoolM        (26e89839af248625a4e7c4cf5873375d) C:\WINDOWS\system32\DLA\DLAPoolM.SYS

2011/07/14 20:47:18.0140 0628        DLARTL_N        (94accf8f7b87fbeaa27266927319e6ba) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS

2011/07/14 20:47:18.0171 0628        DLAUDFAM        (5e914bd7f68dde3fb4bffe005162c1e6) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS

2011/07/14 20:47:18.0265 0628        DLAUDF_M        (8c3cfb22a7fb3be67e0c321fa10b8b50) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS

2011/07/14 20:47:18.0390 0628        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys

2011/07/14 20:47:18.0437 0628        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys

2011/07/14 20:47:18.0453 0628        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/07/14 20:47:18.0500 0628        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/07/14 20:47:18.0578 0628        DNE             (8101650993b2f79118d2bf24402c390d) C:\WINDOWS\system32\DRIVERS\dne2000.sys

2011/07/14 20:47:18.0656 0628        dpti2o          (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2011/07/14 20:47:18.0765 0628        drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/07/14 20:47:18.0828 0628        DRVMCDB         (ab6c5c26fff9b3c456aeaf7e0093c2fe) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

2011/07/14 20:47:18.0843 0628        DRVNDDM         (4a307ade1638d9358b6eb90076481cc6) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

2011/07/14 20:47:18.0890 0628        E100B           (a6de5342417fec3c0aa8efebb899c431) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2011/07/14 20:47:18.0953 0628        EGATHDRV        (2d0fc676d159525f6cd74c3302c7a61c) C:\WINDOWS\SYSTEM32\EGATHDRV.SYS

2011/07/14 20:47:19.0046 0628        Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/07/14 20:47:19.0093 0628        Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/07/14 20:47:19.0125 0628        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys

2011/07/14 20:47:19.0187 0628        FixTDSS         (77d6ffaa3010b66fb4692532d75a585f) C:\WINDOWS\system32\drivers\FixTDSS.sys

2011/07/14 20:47:19.0203 0628        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/07/14 20:47:19.0281 0628        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/07/14 20:47:19.0375 0628        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/07/14 20:47:19.0453 0628        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/07/14 20:47:19.0500 0628        Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/07/14 20:47:19.0546 0628        HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/07/14 20:47:19.0593 0628        HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/07/14 20:47:19.0625 0628        hpn             (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2011/07/14 20:47:19.0671 0628        HPZid412        (287a63bd8509bd78e7978823b38afa81) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

2011/07/14 20:47:19.0703 0628        HPZipr12        (0b4fda2657c3e0315eaa57f9c6d4fd1f) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

2011/07/14 20:47:19.0718 0628        HPZius12        (29559db25258b60510a60c4e470fce32) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

2011/07/14 20:47:19.0796 0628        HSF_DPV         (b1fc0b027df4374f9e5b796cfdf797b3) C:\WINDOWS\system32\DRIVERS\hsx_dpv.sys

2011/07/14 20:47:19.0859 0628        HSXHWAZL        (3af45f5b4157c88ffae24d89ba408302) C:\WINDOWS\system32\DRIVERS\hsxhwazl.sys

2011/07/14 20:47:19.0921 0628        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/07/14 20:47:20.0062 0628        i2omgmt         (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2011/07/14 20:47:20.0093 0628        i2omp           (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2011/07/14 20:47:20.0125 0628        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/07/14 20:47:20.0203 0628        iaStor          (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys

2011/07/14 20:47:20.0281 0628        ibmfilter       (bd1ddf774e7fd633d701b1fb69b9f081) C:\WINDOWS\system32\drivers\ibmfilter.sys

2011/07/14 20:47:20.0296 0628        IBMPMDRV        (067a88764593b1f46a6cfb00c69c11eb) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys

2011/07/14 20:47:20.0343 0628        IBMTPCHK        (bfc9f3adaad74e13f9ce16c8bd336f95) C:\WINDOWS\system32\Drivers\IBMBLDID.sys

2011/07/14 20:47:20.0359 0628        Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/07/14 20:47:20.0406 0628        ini910u         (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2011/07/14 20:47:20.0468 0628        IntelIde        (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/07/14 20:47:20.0515 0628        intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/07/14 20:47:20.0562 0628        Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/07/14 20:47:20.0687 0628        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/07/14 20:47:20.0734 0628        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/07/14 20:47:20.0781 0628        IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/07/14 20:47:20.0812 0628        IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/07/14 20:47:20.0843 0628        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/07/14 20:47:20.0890 0628        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/07/14 20:47:20.0921 0628        Iviaspi         (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys

2011/07/14 20:47:20.0953 0628        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/07/14 20:47:20.0984 0628        kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/07/14 20:47:21.0015 0628        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/07/14 20:47:21.0062 0628        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/07/14 20:47:21.0171 0628        MBAMSwissArmy   (b309912717c29fc67e1ba4730a82b6dd) C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2011/07/14 20:47:21.0218 0628        mdmxsdk         (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

2011/07/14 20:47:21.0421 0628        mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/07/14 20:47:21.0453 0628        Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys

2011/07/14 20:47:21.0500 0628        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/07/14 20:47:21.0562 0628        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/07/14 20:47:21.0593 0628        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/07/14 20:47:21.0625 0628        mraid35x        (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2011/07/14 20:47:21.0640 0628        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/07/14 20:47:21.0718 0628        MRxSmb          (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/07/14 20:47:21.0812 0628        MSDV            (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys

2011/07/14 20:47:21.0828 0628        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/07/14 20:47:21.0875 0628        MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/07/14 20:47:21.0890 0628        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/07/14 20:47:21.0921 0628        MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/07/14 20:47:21.0968 0628        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/07/14 20:47:22.0093 0628        MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/07/14 20:47:22.0125 0628        Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

2011/07/14 20:47:22.0187 0628        NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/07/14 20:47:22.0250 0628        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/07/14 20:47:22.0312 0628        NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/07/14 20:47:22.0343 0628        NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/07/14 20:47:22.0406 0628        Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/07/14 20:47:22.0437 0628        NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/07/14 20:47:22.0484 0628        NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/07/14 20:47:22.0546 0628        NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/07/14 20:47:22.0578 0628        NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/07/14 20:47:22.0625 0628        NIC1394         (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/07/14 20:47:22.0750 0628        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/07/14 20:47:22.0812 0628        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/07/14 20:47:22.0890 0628        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/07/14 20:47:23.0015 0628        nv              (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/07/14 20:47:23.0171 0628        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/07/14 20:47:23.0203 0628        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/07/14 20:47:23.0265 0628        ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/07/14 20:47:23.0312 0628        Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/07/14 20:47:23.0343 0628        PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/07/14 20:47:23.0375 0628        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/07/14 20:47:23.0390 0628        PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/07/14 20:47:23.0453 0628        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/07/14 20:47:23.0515 0628        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

2011/07/14 20:47:23.0640 0628        perc2           (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2011/07/14 20:47:23.0671 0628        perc2hib        (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2011/07/14 20:47:23.0734 0628        pmem            (fa292805788528c083f416e151b60ab6) C:\WINDOWS\System32\drivers\pmemnt.sys

2011/07/14 20:47:23.0781 0628        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/07/14 20:47:23.0968 0628        PrivateDisk     (e580dd7d54415905bb0bab306b659fdf) C:\Programme\IBM ThinkVantage\SafeGuard PrivateDisk\PrivateDiskM.sys

2011/07/14 20:47:24.0062 0628        PROCDD          (6f9e6e874fd74ee6dd0bbecde9d3f795) C:\WINDOWS\system32\DRIVERS\PROCDD.SYS

2011/07/14 20:47:24.0109 0628        Processor       (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys

2011/07/14 20:47:24.0156 0628        psadd           (76df9412c1556fca3d6d94b2c9d94d6b) C:\WINDOWS\system32\Drivers\psadd.sys

2011/07/14 20:47:24.0218 0628        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/07/14 20:47:24.0250 0628        Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/07/14 20:47:24.0281 0628        PxHelp20        (183ef96bcc2ec3d5294cb2c2c0ecbcd1) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/07/14 20:47:24.0343 0628        ql1080          (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2011/07/14 20:47:24.0375 0628        Ql10wnt         (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2011/07/14 20:47:24.0406 0628        ql12160         (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2011/07/14 20:47:24.0437 0628        ql1240          (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2011/07/14 20:47:24.0468 0628        ql1280          (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2011/07/14 20:47:24.0500 0628        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/07/14 20:47:24.0531 0628        Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/07/14 20:47:24.0562 0628        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/07/14 20:47:24.0578 0628        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/07/14 20:47:24.0625 0628        Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/07/14 20:47:24.0640 0628        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/07/14 20:47:24.0671 0628        rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/07/14 20:47:24.0734 0628        RDPWD           (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/07/14 20:47:24.0859 0628        redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/07/14 20:47:24.0968 0628        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/07/14 20:47:25.0000 0628        serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/07/14 20:47:25.0031 0628        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/07/14 20:47:25.0078 0628        Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys

2011/07/14 20:47:25.0156 0628        ShockMgr        (1a9b76c8e0d77bcaca24fdf36781b59d) C:\WINDOWS\system32\drivers\ShockMgr.sys

2011/07/14 20:47:25.0187 0628        Shockprf        (70d82eb75e7e3b2980d6bf5b26051f4b) C:\WINDOWS\system32\drivers\Shockprf.sys

2011/07/14 20:47:25.0250 0628        sisagp          (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2011/07/14 20:47:25.0312 0628        SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/07/14 20:47:25.0343 0628        Smapint         (26341d0dd225d19fd50e0ee3c3c77502) C:\WINDOWS\system32\drivers\Smapint.sys

2011/07/14 20:47:25.0406 0628        smi2            (3ba9d0c8a0fbd9fb4029b6cd87c8ce0b) C:\Programme\SMI2\smi2.sys

2011/07/14 20:47:25.0484 0628        smihlp          (519b79e94950b9a13eb95cb01d932e8d) C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys

2011/07/14 20:47:25.0578 0628        Sparrow         (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2011/07/14 20:47:25.0640 0628        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/07/14 20:47:25.0656 0628        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/07/14 20:47:25.0734 0628        Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/07/14 20:47:25.0828 0628        streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/07/14 20:47:25.0890 0628        SVKP            (f05028b163b92c302a74409d683ac9b0) C:\WINDOWS\system32\SVKP.sys

2011/07/14 20:47:25.0984 0628        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/07/14 20:47:26.0015 0628        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/07/14 20:47:26.0078 0628        symc810         (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2011/07/14 20:47:26.0109 0628        symc8xx         (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2011/07/14 20:47:26.0140 0628        sym_hi          (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2011/07/14 20:47:26.0234 0628        sym_u3          (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2011/07/14 20:47:26.0265 0628        SynTP           (7c02db7416d52c02b131d0e3a8d2337c) C:\WINDOWS\system32\DRIVERS\SynTP.sys

2011/07/14 20:47:26.0328 0628        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/07/14 20:47:26.0406 0628        Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/07/14 20:47:26.0484 0628        TcUsb           (fc6fe02f400308606a911640e72326b5) C:\WINDOWS\system32\Drivers\tcusb.sys

2011/07/14 20:47:26.0546 0628        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/07/14 20:47:26.0578 0628        TDSMAPI         (564b337034271b7bddcabfddc91c6b7a) C:\WINDOWS\system32\drivers\TDSMAPI.SYS

2011/07/14 20:47:26.0625 0628        TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/07/14 20:47:26.0656 0628        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/07/14 20:47:26.0718 0628        TosIde          (d213a9247dc347f305a2d4cc9b951487) C:\WINDOWS\system32\DRIVERS\toside.sys

2011/07/14 20:47:26.0750 0628        TPHKDRV         (29f3601d4233a53f819010fee8c04a60) C:\WINDOWS\system32\drivers\TPHKDRV.sys

2011/07/14 20:47:26.0781 0628        TPPWRIF         (44672de6cea9569c21c4b7a8d2560750) C:\WINDOWS\system32\drivers\Tppwrif.sys

2011/07/14 20:47:26.0812 0628        TSMAPIP         (f2aba3066d7921d7fcdbd66dea88be11) C:\WINDOWS\system32\drivers\TSMAPIP.SYS

2011/07/14 20:47:26.0906 0628        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/07/14 20:47:27.0000 0628        ultra           (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2011/07/14 20:47:27.0046 0628        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/07/14 20:47:27.0140 0628        usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/07/14 20:47:27.0171 0628        usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/07/14 20:47:27.0203 0628        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/07/14 20:47:27.0234 0628        usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/07/14 20:47:27.0296 0628        usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/07/14 20:47:27.0328 0628        USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/07/14 20:47:27.0343 0628        usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/07/14 20:47:27.0359 0628        VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/07/14 20:47:27.0437 0628        viaagp          (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2011/07/14 20:47:27.0484 0628        ViaIde          (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2011/07/14 20:47:27.0546 0628        VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/07/14 20:47:27.0578 0628        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/07/14 20:47:27.0625 0628        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/07/14 20:47:27.0718 0628        winachsf        (11ec1afceb5c917ce73d3c301ff4291e) C:\WINDOWS\system32\DRIVERS\hsx_cnxt.sys

2011/07/14 20:47:27.0953 0628        WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/07/14 20:47:28.0031 0628        WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/07/14 20:47:28.0093 0628        MBR (0x1B8)     (bce4f99accb3d36aab87884ce34858f0) \Device\Harddisk0\DR0

2011/07/14 20:47:28.0312 0628        Boot (0x1200)   (e21f79a86536e7c80ad7525604af25f8) \Device\Harddisk0\DR0\Partition0

2011/07/14 20:47:28.0328 0628        ================================================================================

2011/07/14 20:47:28.0328 0628        Scan finished

2011/07/14 20:47:28.0328 0628        ================================================================================

2011/07/14 20:47:28.0343 5244        Detected object count: 0

2011/07/14 20:47:28.0343 5244        Actual detected object count: 0

2011/07/14 20:47:53.0468 4976        Deinitialize success

Hier das log des Mbam

Code:

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org
 

Datenbank Version: 7139
 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702
 

14.07.2011 21:01:37

mbam-log-2011-07-14 (21-01-37).txt
 

Art des Suchlaufs: Quick-Scan

Durchsuchte Objekte: 174243

Laufzeit: 4 Minute(n), 14 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 0
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

(Keine bösartigen Objekte gefunden)

Haben wir dem Trojaner den Gar ausgemacht? :Boogie:

Gruss
West79