Trojaner-Board - 50 Euro-Trojaner - PC gesperrt bei Verbindung mit dem Internet

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - 50 Euro-Trojaner - PC gesperrt bei Verbindung mit dem Internet (https://www.trojaner-board.de/111155-50-euro-trojaner-pc-gesperrt-verbindung-internet.html)

50 Euro-Trojaner - PC gesperrt bei Verbindung mit dem Internet

Hallo ihr,

ich habe das hier oft erwähnte Problem: bei Verbindung mit dem Internet kommt nach gewisser Zeit (oft gleich, manchmal auch erst nach 10 Minuten) ein schwarzer Bildschirm mit Zahlungsaufforderung ("WINDOWS GESPERRT etc.).

Ich brauche Hilfe! Ich bin alles andere als ein Experte.

Mein Betriebssystem ist XP Pro.

Der OTL-Scan sieht folgendermaßen aus:

Zitat:

OTL logfile created on: 08.03.2012 21:38:04 - Run 1
OTL by OldTimer - Version 3.2.36.1 Folder = C:\Dokumente und Einstellungen\toff\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,99 Gb Total Physical Memory | 1,40 Gb Available Physical Memory | 70,45% Memory free
3,84 Gb Paging File | 3,30 Gb Available in Paging File | 85,77% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 51,98 Gb Total Space | 18,24 Gb Free Space | 35,09% Space Free | Partition Type: NTFS

Computer Name: APFELMUS | User Name: toff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.03.08 21:37:34 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\toff\Desktop\OTL.exe
PRC - [2011.07.01 13:37:30 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.28 13:14:13 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.18 18:56:37 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.01.10 14:22:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.09.27 10:58:24 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010.05.20 23:59:32 | 000,305,152 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\swriter.exe
PRC - [2010.05.20 23:59:30 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2010.05.20 23:59:28 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2007.06.13 14:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.01.31 22:24:28 | 000,147,456 | ---- | M] (Lenovo) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2006.01.31 22:23:08 | 000,040,960 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2006.01.31 22:19:26 | 000,409,600 | ---- | M] (Lenovo) -- C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2006.01.31 22:12:04 | 000,098,304 | ---- | M] (Lenovo) -- C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2005.12.21 18:34:58 | 000,077,824 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
PRC - [2005.12.21 18:27:00 | 000,032,768 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Common\Logger\logmon.exe
PRC - [2005.12.21 18:20:56 | 001,384,448 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
PRC - [2005.12.21 18:13:20 | 002,369,072 | ---- | M] (Lenovo Group Limited) -- C:\Programme\IBM ThinkVantage\Client Security Solution\pwmgr.exe
PRC - [2005.12.21 18:08:02 | 001,996,336 | ---- | M] (Lenovo Group Limited) -- C:\Programme\IBM ThinkVantage\Client Security Solution\cssauth.exe
PRC - [2005.12.21 17:17:54 | 000,722,480 | ---- | M] (IBM) -- C:\Programme\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
PRC - [2005.12.14 11:51:12 | 000,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2005.12.01 01:09:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE
PRC - [2005.11.15 13:13:24 | 000,049,152 | R--- | M] (Utimaco Safeware AG) -- C:\Programme\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
PRC - [2005.11.01 15:04:02 | 000,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2005.10.28 19:08:32 | 000,335,872 | ---- | M] (Google Inc.) -- C:\Programme\Picasa2\PicasaMediaDetector.exe
PRC - [2005.10.26 00:44:30 | 000,086,016 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
PRC - [2005.09.15 13:57:42 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe
PRC - [2005.08.01 17:32:40 | 000,040,960 | ---- | M] () -- C:\Programme\ThinkVantage\SystemUpdate\UCLauncherService.exe
PRC - [2005.08.01 05:10:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005.07.05 14:57:12 | 000,077,824 | ---- | M] () -- C:\Programme\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
PRC - [2005.06.06 21:26:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
PRC - [2004.07.27 16:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe

========== Modules (No Company Name) ==========

MOD - [2011.03.18 18:56:37 | 001,874,904 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2010.11.18 10:43:04 | 000,166,400 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxslt.dll
MOD - [2010.09.27 11:03:08 | 000,201,512 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
MOD - [2010.06.17 14:27:02 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2010.05.04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2006.01.31 22:24:24 | 000,413,696 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcSvcHlpr.dll
MOD - [2006.01.31 22:23:58 | 000,188,416 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcGolan.dll
MOD - [2006.01.31 22:23:24 | 000,114,688 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcLocMigrator.dll
MOD - [2006.01.31 22:23:08 | 000,073,728 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll
MOD - [2006.01.31 22:23:08 | 000,040,960 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
MOD - [2006.01.31 22:22:56 | 000,499,712 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\ACon.dll
MOD - [2006.01.31 22:19:06 | 000,007,680 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\ACTurinSupport.dll
MOD - [2006.01.31 22:14:36 | 000,094,208 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\ThinQCon.dll
MOD - [2006.01.31 22:02:14 | 000,090,112 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcSvcStub.dll
MOD - [2006.01.31 22:00:02 | 000,143,360 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgr.dll
MOD - [2006.01.31 21:59:56 | 000,077,824 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
MOD - [2006.01.31 21:59:50 | 000,151,552 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcLocSettings.dll
MOD - [2006.01.31 21:59:26 | 000,069,632 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\ACHelper.dll
MOD - [2006.01.25 01:03:00 | 000,057,344 | ---- | M] () -- C:\Programme\ThinkVantage\PrdCtr\GR\LPRESMGR.DLL
MOD - [2005.12.21 18:34:58 | 000,077,824 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
MOD - [2005.12.21 18:27:00 | 000,032,768 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Common\Logger\logmon.exe
MOD - [2005.12.21 18:23:06 | 000,139,264 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\CDRecord.dll
MOD - [2005.12.21 18:20:56 | 001,384,448 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
MOD - [2005.12.21 18:19:10 | 000,155,648 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\ui.dll
MOD - [2005.12.21 18:19:02 | 000,069,632 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\zlib.dll
MOD - [2005.12.21 18:15:14 | 000,671,744 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\rr_res.dll
MOD - [2005.12.07 01:12:00 | 000,073,728 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\PWRMGRIF.DLL
MOD - [2005.12.07 01:12:00 | 000,040,960 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\GR\PWRMGRRT.DLL
MOD - [2005.11.30 20:16:02 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\tphklock.dll
MOD - [2005.11.28 11:59:16 | 000,876,544 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\Libeay32.dll
MOD - [2005.11.28 11:59:16 | 000,208,965 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2005.11.28 11:59:16 | 000,053,322 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\IntStngs.dll
MOD - [2005.11.17 02:22:00 | 000,057,344 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\GR\EZMAPRES.DLL
MOD - [2005.10.28 20:29:52 | 000,208,896 | ---- | M] () -- C:\Programme\Lenovo\PkgMgr\HOTKEY\tpfnf7.dll
MOD - [2005.08.05 21:22:58 | 000,081,920 | ---- | M] () -- C:\Programme\ThinkPad\TpShocks\MUI\0407\TpShocks.dll
MOD - [2005.08.01 17:32:40 | 000,040,960 | ---- | M] () -- C:\Programme\ThinkVantage\SystemUpdate\UCLauncherService.exe
MOD - [2005.08.01 17:32:36 | 000,147,456 | ---- | M] () -- C:\Programme\ThinkVantage\SystemUpdate\UCLauncherCommon.dll
MOD - [2005.07.20 03:34:28 | 000,126,976 | ---- | M] () -- C:\Programme\ThinkVantage\AMSG\ahlprunl.dll
MOD - [2005.07.05 23:45:08 | 000,028,672 | ---- | M] () -- C:\WINDOWS\system32\notifyf2.dll
MOD - [2005.07.05 14:57:12 | 000,077,824 | ---- | M] () -- C:\Programme\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
MOD - [2005.06.30 03:54:50 | 000,180,224 | ---- | M] () -- C:\Programme\ThinkVantage\AMSG\AcpPollingEngine.dll
MOD - [2005.06.06 21:26:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (PsaSrv)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2012.02.15 13:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.07.01 13:37:30 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.28 13:14:13 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.09.27 10:58:24 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2006.01.31 22:24:28 | 000,147,456 | ---- | M] (Lenovo) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2006.01.31 22:23:08 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2005.12.21 18:34:58 | 000,077,824 | ---- | M] () [Auto | Running] -- C:\Programme\IBM ThinkVantage\Common\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2005.12.21 18:20:56 | 001,384,448 | ---- | M] () [Auto | Running] -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2005.12.21 17:17:54 | 000,722,480 | ---- | M] (IBM) [Auto | Running] -- C:\Programme\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe -- (TSSCoreService)
SRV - [2005.12.14 11:51:12 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2005.12.01 01:09:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)
SRV - [2005.11.01 15:04:02 | 000,258,103 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2005.08.01 17:32:40 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Programme\ThinkVantage\SystemUpdate\UCLauncherService.exe -- (UCLauncherService)
SRV - [2005.06.06 21:26:22 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
SRV - [2004.10.22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004.08.11 00:46:56 | 000,483,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Windows Media Connect\mswmccds.exe -- (WmcCds) Windows Media Connect (WMC)
SRV - [2004.08.10 21:50:42 | 000,028,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Connect\mswmcls.exe -- (WmcCdsLs)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2011.07.01 13:37:31 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.01 13:37:31 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.11.13 23:36:20 | 000,016,256 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2010.09.27 10:56:00 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.06.17 14:26:52 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.11.16 17:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007.11.14 18:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2007.01.18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.01.13 00:33:22 | 000,006,016 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2005.12.21 17:14:58 | 000,012,544 | ---- | M] (IBM) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ibmfilter.sys -- (ibmfilter)
DRV - [2005.12.07 01:12:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2005.12.01 01:09:00 | 000,005,120 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2005.11.30 01:51:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2005.11.30 01:51:00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2005.11.28 12:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005.11.27 07:36:08 | 001,427,968 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2005.11.21 02:41:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2005.11.15 13:11:28 | 000,046,142 | R--- | M] (Utimaco Safeware AG) [Kernel | Auto | Running] -- C:\Programme\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys -- (PrivateDisk)
DRV - [2005.11.08 09:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2005.11.01 14:53:14 | 001,342,122 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2005.11.01 14:51:06 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005.08.01 05:10:00 | 000,092,700 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005.08.01 05:10:00 | 000,087,004 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005.08.01 05:10:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005.08.01 05:10:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005.08.01 05:10:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005.08.01 05:10:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005.08.01 05:10:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005.07.07 09:03:34 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005.07.07 09:02:56 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.lenovo.com/de/de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.lenovo.com/de/de
IE - HKCU\..\SearchScopes,DefaultScope = Google
IE - HKCU\..\SearchScopes\Google: "URL" = hxxp://www.google.com/search?sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&q=%s
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.lemonde.fr/"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.04 11:41:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.03.24 22:09:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.01.04 11:41:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2011.09.14 23:09:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins

[2010.11.19 01:24:28 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\toff\Anwendungsdaten\Mozilla\Extensions
[2012.03.03 21:27:42 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\toff\Anwendungsdaten\Mozilla\Firefox\Profiles\xpd9hs47.default\extensions
[2011.03.24 22:09:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\TOFF\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\XPD9HS47.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.01.04 11:41:56 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAMME\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2011.03.18 18:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2010.01.01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2010.01.01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010.11.24 23:00:39 | 000,001,017 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 im.adtech.de
O1 - Hosts: 127.0.0.1 adserver.adtech.de
O1 - Hosts: 127.0.0.1 adtech.de
O1 - Hosts: 127.0.0.1 ar.atwola.com
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O1 - Hosts: 127.0.0.1 71i.de
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BLOG] C:\Programme\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [cssauth] C:\Programme\IBM ThinkVantage\Client Security Solution\cssauth.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [ISUSPM Startup] c:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] c:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [PCDrProfiler] File not found
O4 - HKLM..\Run: [PDService.exe] C:\Programme\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe (Utimaco Safeware AG)
O4 - HKLM..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [suScheduler] C:\Programme\ThinkVantage\SystemUpdate\UCLauncher.exe ()
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Programme\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKCU..\Run: [SkypeM] C:\Dokumente und Einstellungen\toff\Lokale Einstellungen\Anwendungsdaten\Skype\Skype.exe (Activision Blizzard, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk = C:\WINDOWS\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : IBM Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: ThinkPad-Software - Aktualisierung - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Programme\Lenovo\PkgMgr\\PkgMgr.exe ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab (Java Plug-in 1.4.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Programme\TXJLkIgyXCÁ½Ëucjxaunp.exe\ucjxaunp.exe) - File not found
O20 - Winlogon\Notify\ACNotify: DllName - (ACNotify.dll) - C:\Programme\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo)
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\tpfnf2: DllName - (notifyf2.dll) - C:\WINDOWS\System32\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - (tphklock.dll) - C:\WINDOWS\System32\tphklock.dll ()
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.11.13 23:46:27 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012.03.08 21:37:29 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\toff\Desktop\OTL.exe
[2012.03.04 20:44:30 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype
[2012.03.03 21:04:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Skype
[2012.03.03 21:04:35 | 000,000,000 | R--D | C] -- C:\Programme\Skype
[2012.03.03 15:10:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCDr
[2012.03.03 09:46:58 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\toff\Recent
[2012.03.02 23:32:08 | 000,057,344 | ---- | C] (Activision Blizzard, Inc.) -- C:\WINDOWS\System32\a.exe
[2012.02.22 12:04:49 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\toff\Startmenü\Programme\Verwaltung
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.03.08 21:40:59 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2012.03.08 21:37:34 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\toff\Desktop\OTL.exe
[2012.03.08 21:32:10 | 000,002,423 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk
[2012.03.08 21:32:07 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.03.08 21:20:27 | 000,000,122 | -H-- | M] () -- C:\Dokumente und Einstellungen\toff\Desktop\.~lock.Antrag Prüfungsausschuss.odt#
[2012.03.08 18:35:53 | 000,013,386 | ---- | M] () -- C:\Dokumente und Einstellungen\toff\Desktop\2012 Ermäßigungsantrag.pdf
[2012.03.08 18:22:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.03.04 18:22:01 | 000,011,244 | ---- | M] () -- C:\Dokumente und Einstellungen\toff\Eigene Dateien\FTSV.odt
[2012.03.03 18:00:13 | 000,009,570 | ---- | M] () -- C:\Dokumente und Einstellungen\toff\Desktop\Vorlage Exzerpt.odt
[2012.03.02 23:32:09 | 000,057,344 | ---- | M] (Activision Blizzard, Inc.) -- C:\WINDOWS\System32\a.exe
[2012.03.01 17:01:07 | 000,012,427 | ---- | M] () -- C:\Dokumente und Einstellungen\toff\Desktop\Antrag Prüfungsausschuss.odt
[2012.02.16 14:35:40 | 000,008,839 | ---- | M] () -- C:\Dokumente und Einstellungen\toff\Desktop\Semesterplan.ods
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.03.08 21:20:27 | 000,000,122 | -H-- | C] () -- C:\Dokumente und Einstellungen\toff\Desktop\.~lock.Antrag Prüfungsausschuss.odt#
[2012.03.08 18:35:52 | 000,013,386 | ---- | C] () -- C:\Dokumente und Einstellungen\toff\Desktop\2012 Ermäßigungsantrag.pdf
[2012.03.03 17:04:40 | 000,011,244 | ---- | C] () -- C:\Dokumente und Einstellungen\toff\Eigene Dateien\FTSV.odt
[2012.02.24 17:33:07 | 000,012,427 | ---- | C] () -- C:\Dokumente und Einstellungen\toff\Desktop\Antrag Prüfungsausschuss.odt
[2011.09.24 19:57:26 | 000,000,044 | ---- | C] () -- C:\WINDOWS\SMWizard.INI
[2010.12.25 14:31:24 | 000,006,144 | ---- | C] () -- C:\Dokumente und Einstellungen\toff\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.11 23:35:16 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010.12.11 23:35:15 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010.12.11 23:35:11 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010.12.11 23:35:11 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010.12.11 23:35:10 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010.12.09 19:25:48 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010.11.14 00:06:48 | 000,002,458 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2010.11.14 00:03:14 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll
[2010.11.14 00:03:14 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll
[2010.11.14 00:01:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2010.11.14 00:01:05 | 000,000,487 | ---- | C] () -- C:\WINDOWS\System32\IPSCTRL.INI
[2010.11.13 23:46:21 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\toff\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2010.11.13 23:38:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010.11.13 23:38:26 | 000,016,384 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE
[2010.11.13 23:38:25 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2010.11.13 23:38:10 | 000,006,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2010.11.13 23:36:19 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\psasrv.exe
[2010.11.13 23:32:10 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\profile.dat
[2010.11.13 23:30:40 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2010.11.13 23:30:40 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2010.11.13 23:30:40 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2010.11.13 23:30:40 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2010.11.13 23:30:40 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2010.11.13 23:30:40 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2010.11.13 23:29:37 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2010.11.13 23:29:18 | 000,000,148 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010.11.13 23:20:03 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2010.11.13 23:19:42 | 000,009,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2010.11.13 23:18:34 | 000,147,520 | ---- | C] () -- C:\WINDOWS\_tpiu000.exe
[2010.11.13 23:18:18 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TpKmpSvc.exe
[2010.09.27 11:03:08 | 000,201,512 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2010.09.27 10:57:26 | 000,197,416 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll

< End of report >

Zitat:

OTL Extras logfile created on: 08.03.2012 21:38:04 - Run 1
OTL by OldTimer - Version 3.2.36.1 Folder = C:\Dokumente und Einstellungen\toff\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,99 Gb Total Physical Memory | 1,40 Gb Available Physical Memory | 70,45% Memory free
3,84 Gb Paging File | 3,30 Gb Available in Paging File | 85,77% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 51,98 Gb Total Space | 18,24 Gb Free Space | 35,09% Space Free | Partition Type: NTFS

Computer Name: APFELMUS | User Name: toff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Opera\opera.exe" "%1"
https [open] -- "C:\Programme\Opera\opera.exe" "%1"
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\ThinkVantage\SystemUpdate\jre\bin\javaw.exe" = C:\Programme\ThinkVantage\SystemUpdate\jre\bin\javaw.exe:*:Enabled:ThinkVantage System Update -- (IBM)
"C:\Programme\ICQ7.5\ICQ.exe" = C:\Programme\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5 -- (ICQ, LLC.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\ThinkVantage\SystemUpdate\jre\bin\javaw.exe" = C:\Programme\ThinkVantage\SystemUpdate\jre\bin\javaw.exe:*:Enabled:ThinkVantage System Update -- (IBM)
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser
"C:\Programme\ICQ7.5\ICQ.exe" = C:\Programme\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5 -- (ICQ, LLC.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = RecordNow Data
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad-Dienstprogramm 'EasyEject'
"{1CE60928-8325-49A8-8B06-633E48DD2B67}" = Cisco Systems VPN Client 5.0.07.0410
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = Dienstprogramm 'ThinkPad-Tastaturanpassung'
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2A43FF29-0D97-4445-B82D-9324F176AED5}" = ThinkVantage System Update
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{72806716-7088-41B2-8FA6-717A2A164DAB}" = ThinkVantage System für aktiven Festplattenschutz
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = ThinkPad-UltraNav-Assistent
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Energie-Manager
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = RecordNow Audio
"{AC76BA86-7AD7-1031-7B44-A70000000000}" = Adobe Reader 7.0 - Deutsch
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = RecordNow Copy
"{BF90215F-2D7B-4C84-8A24-A03BC41B95DD}" = Rescue and Recovery - Client Security Solution
"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D728E945-256D-4477-B377-6BBA693714AC}" = Ergänzung zu Productivity Center für ThinkPad
"{E5072660-B723-422B-BB74-EAA300BF716B}" = System Migration Assistant
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E922961C-6DB6-41DE-9FEA-426DF3E9F81C}" = IBM 32-bit Runtime Environment for Java 2, v1.4.2
"{EA664480-3844-11D5-8C25-444553540000}" = Funktion "TrackPoint-Eingabehilfen"
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F386C340-DF4B-4BBA-9503-420FB7EDB395}" = Wallpapers
"{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}" = Windows Media Connect
"{F6A04D96-C6D7-498C-9099-BCAD0D99778D}" = Diskeeper Lite
"{FC081D4D-DF1B-4CF1-B530-027E4118D846}" = ThinkPad-Konfiguration
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AwayTask" = ThinkVantage Away Manager
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
"DivX Setup" = DivX-Setup
"InstallShield_{E922961C-6DB6-41DE-9FEA-426DF3E9F81C}" = IBM 32-bit Runtime Environment for Java 2, v1.4.2
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.6.0
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"Mozilla Thunderbird 10.0.2 (x86 de)" = Mozilla Thunderbird 10.0.2 (x86 de)
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"PCMCIAPW" = ThinkPad PC Card Power Policy
"Picasa2" = Picasa 2
"Power Management Driver" = ThinkPad Power Management Driver
"Presentation Director" = ThinkPad-Präsentationsdirektor
"ProInst" = Intel(R) PROSet/Wireless Software
"PROSet" = Intel(R) PRO Network Connections Drivers
"Remove Multimedia Center" = Remove Multimedia Center
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"ThinkPadSoftwareInstaller" = Software Installer
"Windows Media Connect" = Windows Media Connect
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 03.03.2012 05:55:38 | Computer Name = APFELMUS | Source = COM+ | ID = 135761
Description = In der Laufzeitumgebung wurde ein inkonsistenter interner Status erkannt.
Dies deutet auf eine potenzielle Instabilität des Prozesses hin. Diese Instabilität
wird durch die in der COM+-Anwendung ausgeführten benutzerdefinierten Komponenten,
die von ihnen verwendeten Komponenten oder durch andere Faktoren verursacht. Fehler
in d:\qxp_slp\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 80080005:
InitEventCollector fail

Error - 03.03.2012 05:55:38 | Computer Name = APFELMUS | Source = VSS | ID = 12292
Description = Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse
mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80080005] ist ein Fehler aufgetreten.

Error - 03.03.2012 05:55:40 | Computer Name = APFELMUS | Source = COM+ | ID = 135894
Description = Ein aufgetretener Zustand zeigt an, dass die COM+-Anwendung einen
instabilen Status hat oder nicht ordnungsgemäß funktioniert. Assertionsfehler: SUCCEEDED(hr)

Serveranwendungs-ID:
{02D4B3F1-FD88-11D1-960D-00805FC79235} Serveranwendungsinstanz-ID: {66CDB13A-CCAE-42FE-B6DC-9B6E46740F59}
Serveranwendungsname:
System Application Da ein schwerwiegender Fehler vorliegt, wurde der Prozess beendet.
Fehlercode
= 0x8000ffff: Schwerwiegender Fehler COM+-Dienste - interne Informationen: Datei:
d:\qxp_slp\com\com1x\src\comsvcs\tracker\trksvr\trksvrimpl.cpp, Zeile: 3000 Dateiversion
von 'Comsvcs.dll': ENU 2001.12.4414.308 s

Error - 03.03.2012 05:55:45 | Computer Name = APFELMUS | Source = COM+ | ID = 135894
Description = Ein aufgetretener Zustand zeigt an, dass die COM+-Anwendung einen
instabilen Status hat oder nicht ordnungsgemäß funktioniert. Assertionsfehler: SUCCEEDED(hr)

Serveranwendungs-ID:
{02D4B3F1-FD88-11D1-960D-00805FC79235} Serveranwendungsinstanz-ID: {7F81C6A6-C308-4160-B3B0-53EE3BA75EDA}
Serveranwendungsname:
System Application Da ein schwerwiegender Fehler vorliegt, wurde der Prozess beendet.
Fehlercode
= 0x8000ffff: Schwerwiegender Fehler COM+-Dienste - interne Informationen: Datei:
d:\qxp_slp\com\com1x\src\comsvcs\tracker\trksvr\trksvrimpl.cpp, Zeile: 3000 Dateiversion
von 'Comsvcs.dll': ENU 2001.12.4414.308 s

Error - 03.03.2012 06:04:13 | Computer Name = APFELMUS | Source = COM+ | ID = 135894
Description = Ein aufgetretener Zustand zeigt an, dass die COM+-Anwendung einen
instabilen Status hat oder nicht ordnungsgemäß funktioniert. Assertionsfehler: SUCCEEDED(hr)

Serveranwendungs-ID:
{02D4B3F1-FD88-11D1-960D-00805FC79235} Serveranwendungsinstanz-ID: {60C3BB8D-993D-4A73-821B-7396CDB9514E}
Serveranwendungsname:
System Application Da ein schwerwiegender Fehler vorliegt, wurde der Prozess beendet.
Fehlercode
= 0x8000ffff: Schwerwiegender Fehler COM+-Dienste - interne Informationen: Datei:
d:\qxp_slp\com\com1x\src\comsvcs\tracker\trksvr\trksvrimpl.cpp, Zeile: 3000 Dateiversion
von 'Comsvcs.dll': ENU 2001.12.4414.308 s

Error - 03.03.2012 06:04:13 | Computer Name = APFELMUS | Source = COM+ | ID = 135761
Description = In der Laufzeitumgebung wurde ein inkonsistenter interner Status erkannt.
Dies deutet auf eine potenzielle Instabilität des Prozesses hin. Diese Instabilität
wird durch die in der COM+-Anwendung ausgeführten benutzerdefinierten Komponenten,
die von ihnen verwendeten Komponenten oder durch andere Faktoren verursacht. Fehler
in d:\qxp_slp\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 80080005:
InitEventCollector fail

Error - 03.03.2012 06:04:13 | Computer Name = APFELMUS | Source = VSS | ID = 12292
Description = Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse
mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80080005] ist ein Fehler aufgetreten.

Error - 03.03.2012 06:04:16 | Computer Name = APFELMUS | Source = COM+ | ID = 135894
Description = Ein aufgetretener Zustand zeigt an, dass die COM+-Anwendung einen
instabilen Status hat oder nicht ordnungsgemäß funktioniert. Assertionsfehler: SUCCEEDED(hr)

Serveranwendungs-ID:
{02D4B3F1-FD88-11D1-960D-00805FC79235} Serveranwendungsinstanz-ID: {F728A96B-E037-48CB-8934-515602961601}
Serveranwendungsname:
System Application Da ein schwerwiegender Fehler vorliegt, wurde der Prozess beendet.
Fehlercode
= 0x8000ffff: Schwerwiegender Fehler COM+-Dienste - interne Informationen: Datei:
d:\qxp_slp\com\com1x\src\comsvcs\tracker\trksvr\trksvrimpl.cpp, Zeile: 3000 Dateiversion
von 'Comsvcs.dll': ENU 2001.12.4414.308 s

Error - 03.03.2012 06:04:22 | Computer Name = APFELMUS | Source = COM+ | ID = 135894
Description = Ein aufgetretener Zustand zeigt an, dass die COM+-Anwendung einen
instabilen Status hat oder nicht ordnungsgemäß funktioniert. Assertionsfehler: SUCCEEDED(hr)

Serveranwendungs-ID:
{02D4B3F1-FD88-11D1-960D-00805FC79235} Serveranwendungsinstanz-ID: {0F46B27C-8392-4F39-A91A-262B53D8D32B}
Serveranwendungsname:
System Application Da ein schwerwiegender Fehler vorliegt, wurde der Prozess beendet.
Fehlercode
= 0x8000ffff: Schwerwiegender Fehler COM+-Dienste - interne Informationen: Datei:
d:\qxp_slp\com\com1x\src\comsvcs\tracker\trksvr\trksvrimpl.cpp, Zeile: 3000 Dateiversion
von 'Comsvcs.dll': ENU 2001.12.4414.308 s

Error - 07.03.2012 04:49:20 | Computer Name = APFELMUS | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung tvtsched.exe, Version 3.0.9.0, fehlgeschlagenes
Modul tvtsched.exe, Version 3.0.9.0, Fehleradresse 0x00001ffa.

[ System Events ]
Error - 05.03.2012 07:59:56 | Computer Name = APFELMUS | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.2 für die Netzwerkkarte mit der Netzwerkadresse
0013029A488B wurde durch den DHCP-Server 132.230.201.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).

Error - 06.03.2012 06:39:23 | Computer Name = APFELMUS | Source = PlugPlayManager | ID = 12
Description = Das Gerät "Intel(R) PRO/1000 PL Network Connection" (PCI\VEN_8086&DEV_109A&SUBSYS_200117AA&REV_00\4&192ac53f&0&00E0)
wurde ohne vorbereitende Maßnahmen vom System entfernt.

Error - 06.03.2012 15:08:07 | Computer Name = APFELMUS | Source = PlugPlayManager | ID = 12
Description = Das Gerät "Intel(R) PRO/1000 PL Network Connection" (PCI\VEN_8086&DEV_109A&SUBSYS_200117AA&REV_00\4&192ac53f&0&00E0)
wurde ohne vorbereitende Maßnahmen vom System entfernt.

Error - 06.03.2012 17:33:00 | Computer Name = APFELMUS | Source = PlugPlayManager | ID = 12
Description = Das Gerät "Intel(R) PRO/1000 PL Network Connection" (PCI\VEN_8086&DEV_109A&SUBSYS_200117AA&REV_00\4&192ac53f&0&00E0)
wurde ohne vorbereitende Maßnahmen vom System entfernt.

Error - 07.03.2012 04:49:09 | Computer Name = APFELMUS | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error - 07.03.2012 04:50:55 | Computer Name = APFELMUS | Source = Service Control Manager | ID = 7034
Description = Dienst "TVT Scheduler" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.

Error - 07.03.2012 12:51:42 | Computer Name = APFELMUS | Source = PlugPlayManager | ID = 12
Description = Das Gerät "Intel(R) PRO/1000 PL Network Connection" (PCI\VEN_8086&DEV_109A&SUBSYS_200117AA&REV_00\4&192ac53f&0&00E0)
wurde ohne vorbereitende Maßnahmen vom System entfernt.

Error - 07.03.2012 15:00:45 | Computer Name = APFELMUS | Source = PlugPlayManager | ID = 12
Description = Das Gerät "Intel(R) PRO/1000 PL Network Connection" (PCI\VEN_8086&DEV_109A&SUBSYS_200117AA&REV_00\4&192ac53f&0&00E0)
wurde ohne vorbereitende Maßnahmen vom System entfernt.

Error - 07.03.2012 18:44:29 | Computer Name = APFELMUS | Source = PlugPlayManager | ID = 12
Description = Das Gerät "Intel(R) PRO/1000 PL Network Connection" (PCI\VEN_8086&DEV_109A&SUBSYS_200117AA&REV_00\4&192ac53f&0&00E0)
wurde ohne vorbereitende Maßnahmen vom System entfernt.

Error - 08.03.2012 16:20:11 | Computer Name = APFELMUS | Source = PlugPlayManager | ID = 12
Description = Das Gerät "Intel(R) PRO/1000 PL Network Connection" (PCI\VEN_8086&DEV_109A&SUBSYS_200117AA&REV_00\4&192ac53f&0&00E0)
wurde ohne vorbereitende Maßnahmen vom System entfernt.

< End of report >

Schonmal vielen Dank im Voraus für eure Antwort!

VG Toff

Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung?

Abgesicherter Modus zur Bereinigung

Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

Hallo Arne,

sorry, hatte gestern keine Möglichkeit zu antworten. Ich habe versucht den abgesichterten Modus zu starten - funktioniert irgendwie allgemein nicht. Ich habe ein altes Think-Pad T 60; die haben da einen eigenen abgesichterten Think-Pad-Modus, hab ich den Eindruck, mit dem bekomme ich aber keine Internetverbindung. Vielleicht bin ich auch unfähig...

Seltsamerweise funktioniert das Internet gerade auch im Standart-Modus - es braucht wie gesagt immer unterschiedlich lang, bis ich den schwarzen Bildschirm mit der Zahlungsaufforderung sehe.

Ich bin mir deshalb auch sehr unsicher, wie drastisch mein Problem wirklich ist...

Viele Grüße

Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

Hallo,

ich habe die Scans gemacht; hier erst das ESET-Log:

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=e8a6457747e3a247a5cefe4d579e1bf4

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-03-10 06:18:07

# local_time=2012-03-10 07:18:07 (+0100, Westeuropäische Normalzeit)

# country="Germany"

# lang=1033

# osver=5.1.2600 NT Service Pack 2

# compatibility_mode=1797 16775145 100 93 728050 67937163 720805 0

# compatibility_mode=8192 67108863 100 0 3785 3785 0 0

# scanned=50971

# found=0

# cleaned=0

# scan_time=3144

Und zweitens das Malwarebytes-Log:

Code:

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org
 

Datenbank Version: v2012.03.10.03
 

Windows XP Service Pack 2 x86 NTFS

Internet Explorer 6.0.2900.2180

toff :: APFELMUS [Administrator]
 

10.03.2012 17:45:40

mbam-log-2012-03-10 (17-45-40).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 227833

Laufzeit: 24 Minute(n), 19 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SkypeM (Trojan.VUPX.ABI2) -> Daten: C:\Dokumente und Einstellungen\toff\Lokale Einstellungen\Anwendungsdaten\Skype\Skype.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

Infizierte Dateiobjekte der Registrierung: 3

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRun (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.

HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 2

C:\Dokumente und Einstellungen\toff\Lokale Einstellungen\Anwendungsdaten\Skype\Skype.exe (Trojan.VUPX.ABI2) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\WINDOWS\system32\a.exe (Trojan.VUPX.ABI2) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

Vielen Dank schonmal!!!

Funktioniert der normale Modus wieder?

Ja, funktioniert prima.
Vielen herzlichen Dank für deine Hilfe!!!

Glaubst du, das ist ausreichend?

Darf ich dich noch mit einem kleinen Problem belasten? Meine Festplatte (50 Gigabyte glaube ich) zeigt mir an, dass 38 Gigabyte belegt seien. Wenn ich im Laufwerk selbst alle Inhalte zusammen markiere, kommt die Rechnung auf 12 Gigabyte, was mir auch wesentlich realistische erscheint, ich habe wirklich nicht viele Daten auf dem Rechner. Kann das ein Anzeigefehler sein...oder sonstwas, um das ich mir Sorgen machen müsste?

Wenn du dich für die Frage nicht zuständig fühlst oder keine Antwort parat hast, kein Problem! Ich bin schon glücklich, dass er wieder läuft.

Viele Grüße,
Toff

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Gemacht, hier das log:

OTL

Code:

OTL logfile created on: 12.03.2012 22:10:08 - Run 1

OTL by OldTimer - Version 3.2.36.3     Folder = C:\Dokumente und Einstellungen\toff\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,99 Gb Total Physical Memory | 1,54 Gb Available Physical Memory | 77,19% Memory free

3,84 Gb Paging File | 3,43 Gb Available in Paging File | 89,26% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 51,98 Gb Total Space | 18,01 Gb Free Space | 34,65% Space Free | Partition Type: NTFS

 

Computer Name: APFELMUS | User Name: toff | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.03.12 22:09:11 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\toff\Desktop\OTL.exe

PRC - [2011.07.01 13:37:30 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe

PRC - [2011.04.28 13:14:13 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe

PRC - [2011.01.10 14:22:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010.09.27 11:00:18 | 001,549,088 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\vpngui.exe

PRC - [2010.09.27 10:58:24 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe

PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe

PRC - [2007.06.13 14:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2006.01.31 22:24:28 | 000,147,456 | ---- | M] (Lenovo) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe

PRC - [2006.01.31 22:23:08 | 000,040,960 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

PRC - [2006.01.31 22:19:26 | 000,409,600 | ---- | M] (Lenovo) -- C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe

PRC - [2006.01.31 22:12:04 | 000,098,304 | ---- | M] (Lenovo) -- C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe

PRC - [2005.12.21 18:34:58 | 000,077,824 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Common\Scheduler\tvtsched.exe

PRC - [2005.12.21 18:27:00 | 000,032,768 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Common\Logger\logmon.exe

PRC - [2005.12.21 18:20:56 | 001,384,448 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\rrservice.exe

PRC - [2005.12.21 18:13:20 | 002,369,072 | ---- | M] (Lenovo Group Limited) -- C:\Programme\IBM ThinkVantage\Client Security Solution\pwmgr.exe

PRC - [2005.12.21 18:08:02 | 001,996,336 | ---- | M] (Lenovo Group Limited) -- C:\Programme\IBM ThinkVantage\Client Security Solution\cssauth.exe

PRC - [2005.12.21 17:17:54 | 000,722,480 | ---- | M] (IBM) -- C:\Programme\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe

PRC - [2005.12.14 11:51:12 | 000,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe

PRC - [2005.12.01 01:09:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE

PRC - [2005.11.15 13:13:24 | 000,049,152 | R--- | M] (Utimaco Safeware AG) -- C:\Programme\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe

PRC - [2005.11.01 15:04:02 | 000,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe

PRC - [2005.10.26 00:44:30 | 000,086,016 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe

PRC - [2005.09.15 13:57:42 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe

PRC - [2005.08.01 17:32:40 | 000,040,960 | ---- | M] () -- C:\Programme\ThinkVantage\SystemUpdate\UCLauncherService.exe

PRC - [2005.08.01 05:10:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE

PRC - [2005.07.05 14:57:12 | 000,077,824 | ---- | M] () -- C:\Programme\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe

PRC - [2005.06.06 21:26:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe

PRC - [2004.07.27 16:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2010.09.27 11:03:08 | 000,201,512 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll

MOD - [2010.06.17 14:27:02 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll

MOD - [2006.01.31 22:24:24 | 000,413,696 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcSvcHlpr.dll

MOD - [2006.01.31 22:23:58 | 000,188,416 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcGolan.dll

MOD - [2006.01.31 22:23:24 | 000,114,688 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcLocMigrator.dll

MOD - [2006.01.31 22:23:08 | 000,073,728 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll

MOD - [2006.01.31 22:23:08 | 000,040,960 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

MOD - [2006.01.31 22:22:56 | 000,499,712 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\ACon.dll

MOD - [2006.01.31 22:19:06 | 000,007,680 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\ACTurinSupport.dll

MOD - [2006.01.31 22:14:36 | 000,094,208 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\ThinQCon.dll

MOD - [2006.01.31 22:02:14 | 000,090,112 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcSvcStub.dll

MOD - [2006.01.31 22:00:02 | 000,143,360 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgr.dll

MOD - [2006.01.31 21:59:56 | 000,077,824 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcCryptHlpr.dll

MOD - [2006.01.31 21:59:50 | 000,151,552 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcLocSettings.dll

MOD - [2006.01.31 21:59:26 | 000,069,632 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\ACHelper.dll

MOD - [2006.01.25 01:03:00 | 000,057,344 | ---- | M] () -- C:\Programme\ThinkVantage\PrdCtr\GR\LPRESMGR.DLL

MOD - [2005.12.21 18:34:58 | 000,077,824 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Common\Scheduler\tvtsched.exe

MOD - [2005.12.21 18:27:00 | 000,032,768 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Common\Logger\logmon.exe

MOD - [2005.12.21 18:23:06 | 000,139,264 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\CDRecord.dll

MOD - [2005.12.21 18:20:56 | 001,384,448 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\rrservice.exe

MOD - [2005.12.21 18:19:10 | 000,155,648 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\ui.dll

MOD - [2005.12.21 18:19:02 | 000,069,632 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\zlib.dll

MOD - [2005.12.21 18:15:14 | 000,671,744 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\rr_res.dll

MOD - [2005.12.07 01:12:00 | 000,073,728 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\PWRMGRIF.DLL

MOD - [2005.12.07 01:12:00 | 000,040,960 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\GR\PWRMGRRT.DLL

MOD - [2005.11.30 20:16:02 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\tphklock.dll

MOD - [2005.11.28 11:59:16 | 000,876,544 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\Libeay32.dll

MOD - [2005.11.28 11:59:16 | 000,208,965 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\iWMSProv.dll

MOD - [2005.11.28 11:59:16 | 000,053,322 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\IntStngs.dll

MOD - [2005.11.17 02:22:00 | 000,057,344 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\GR\EZMAPRES.DLL

MOD - [2005.10.28 20:29:52 | 000,208,896 | ---- | M] () -- C:\Programme\Lenovo\PkgMgr\HOTKEY\tpfnf7.dll

MOD - [2005.09.21 02:57:56 | 004,325,376 | ---- | M] () -- C:\Programme\Cisco Systems\VPN Client\qt-mt335.dll

MOD - [2005.08.05 21:22:58 | 000,081,920 | ---- | M] () -- C:\Programme\ThinkPad\TpShocks\MUI\0407\TpShocks.dll

MOD - [2005.08.01 17:32:40 | 000,040,960 | ---- | M] () -- C:\Programme\ThinkVantage\SystemUpdate\UCLauncherService.exe

MOD - [2005.08.01 17:32:36 | 000,147,456 | ---- | M] () -- C:\Programme\ThinkVantage\SystemUpdate\UCLauncherCommon.dll

MOD - [2005.07.20 03:34:28 | 000,126,976 | ---- | M] () -- C:\Programme\ThinkVantage\AMSG\ahlprunl.dll

MOD - [2005.07.05 23:45:08 | 000,028,672 | ---- | M] () -- C:\WINDOWS\system32\notifyf2.dll

MOD - [2005.07.05 14:57:12 | 000,077,824 | ---- | M] () -- C:\Programme\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe

MOD - [2005.06.30 03:54:50 | 000,180,224 | ---- | M] () -- C:\Programme\ThinkVantage\AMSG\AcpPollingEngine.dll

MOD - [2005.06.06 21:26:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - File not found [On_Demand | Stopped] --  -- (PsaSrv)

SRV - File not found [Disabled | Stopped] --  -- (HidServ)

SRV - [2012.02.15 13:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2011.07.01 13:37:30 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.04.28 13:14:13 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010.09.27 10:58:24 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)

SRV - [2006.01.31 22:24:28 | 000,147,456 | ---- | M] (Lenovo) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)

SRV - [2006.01.31 22:23:08 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)

SRV - [2005.12.21 18:34:58 | 000,077,824 | ---- | M] () [Auto | Running] -- C:\Programme\IBM ThinkVantage\Common\Scheduler\tvtsched.exe -- (TVT Scheduler)

SRV - [2005.12.21 18:20:56 | 001,384,448 | ---- | M] () [Auto | Running] -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)

SRV - [2005.12.21 17:17:54 | 000,722,480 | ---- | M] (IBM) [Auto | Running] -- C:\Programme\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe -- (TSSCoreService)

SRV - [2005.12.14 11:51:12 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)

SRV - [2005.12.01 01:09:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)

SRV - [2005.11.01 15:04:02 | 000,258,103 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)

SRV - [2005.08.01 17:32:40 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Programme\ThinkVantage\SystemUpdate\UCLauncherService.exe -- (UCLauncherService)

SRV - [2005.06.06 21:26:22 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)

SRV - [2004.10.22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)

SRV - [2004.08.11 00:46:56 | 000,483,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Windows Media Connect\mswmccds.exe -- (WmcCds) Windows Media Connect (WMC)

SRV - [2004.08.10 21:50:42 | 000,028,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Connect\mswmcls.exe -- (WmcCdsLs)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] --  -- (Changer)

DRV - [2011.07.01 13:37:31 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2011.07.01 13:37:31 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2010.11.13 23:36:20 | 000,016,256 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)

DRV - [2010.09.27 10:56:00 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)

DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2010.06.17 14:26:52 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2008.11.16 17:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)

DRV - [2007.11.14 18:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)

DRV - [2007.01.18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)

DRV - [2006.01.13 00:33:22 | 000,006,016 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)

DRV - [2005.12.21 17:14:58 | 000,012,544 | ---- | M] (IBM) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ibmfilter.sys -- (ibmfilter)

DRV - [2005.12.07 01:12:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)

DRV - [2005.12.01 01:09:00 | 000,005,120 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)

DRV - [2005.11.30 01:51:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)

DRV - [2005.11.30 01:51:00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)

DRV - [2005.11.28 12:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)

DRV - [2005.11.27 07:36:08 | 001,427,968 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)

DRV - [2005.11.21 02:41:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)

DRV - [2005.11.15 13:11:28 | 000,046,142 | R--- | M] (Utimaco Safeware AG) [Kernel | Auto | Running] -- C:\Programme\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys -- (PrivateDisk)

DRV - [2005.11.08 09:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)

DRV - [2005.11.01 14:53:14 | 001,342,122 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)

DRV - [2005.11.01 14:51:06 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)

DRV - [2005.08.01 05:10:00 | 000,092,700 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)

DRV - [2005.08.01 05:10:00 | 000,087,004 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)

DRV - [2005.08.01 05:10:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)

DRV - [2005.08.01 05:10:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)

DRV - [2005.08.01 05:10:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)

DRV - [2005.08.01 05:10:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)

DRV - [2005.08.01 05:10:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)

DRV - [2005.07.07 09:03:34 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)

DRV - [2005.07.07 09:02:56 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.lenovo.com/de/de

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-625425684-1169080742-3091018802-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie

IE - HKU\S-1-5-21-625425684-1169080742-3091018802-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com

IE - HKU\S-1-5-21-625425684-1169080742-3091018802-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.lenovo.com/de/de

IE - HKU\S-1-5-21-625425684-1169080742-3091018802-1005\..\SearchScopes,DefaultScope = Google

IE - HKU\S-1-5-21-625425684-1169080742-3091018802-1005\..\SearchScopes\Google: "URL" = hxxp://www.google.com/search?sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&q=%s

IE - HKU\S-1-5-21-625425684-1169080742-3091018802-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.update: false

FF - prefs.js..browser.startup.homepage: "hxxp://www.lemonde.fr/"

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.04 11:41:56 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.03.24 22:09:55 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.01.04 11:41:53 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2011.09.14 23:09:24 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins

 

[2010.11.19 01:24:28 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\toff\Anwendungsdaten\Mozilla\Extensions

[2012.03.03 21:27:42 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\toff\Anwendungsdaten\Mozilla\Firefox\Profiles\xpd9hs47.default\extensions

[2011.03.24 22:09:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\TOFF\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\XPD9HS47.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

[2012.01.04 11:41:56 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAMME\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5

[2011.03.18 18:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll

[2010.01.01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml

[2010.01.01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml

[2010.01.01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml

[2010.01.01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml

[2010.01.01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml

[2010.01.01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2010.11.24 23:00:39 | 000,001,017 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: 127.0.0.1 im.adtech.de

O1 - Hosts: 127.0.0.1 adserver.adtech.de

O1 - Hosts: 127.0.0.1 adtech.de

O1 - Hosts: 127.0.0.1 ar.atwola.com

O1 - Hosts: 127.0.0.1 atwola.com

O1 - Hosts: 127.0.0.1 adserver.71i.de

O1 - Hosts: 127.0.0.1 adicqserver.71i.de

O1 - Hosts: 127.0.0.1 71i.de

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)

O3 - HKU\S-1-5-21-625425684-1169080742-3091018802-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O4 - HKLM..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)

O4 - HKLM..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)

O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [BLOG] C:\Programme\ThinkPad\Utilities\BATLOGEX.DLL ()

O4 - HKLM..\Run: [cssauth] C:\Programme\IBM ThinkVantage\Client Security Solution\cssauth.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [DiskeeperSystray] C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)

O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)

O4 - HKLM..\Run: [ISUSPM Startup] c:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [ISUSScheduler] c:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [PCDrProfiler]  File not found

O4 - HKLM..\Run: [PDService.exe] C:\Programme\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe (Utimaco Safeware AG)

O4 - HKLM..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.)

O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)

O4 - HKLM..\Run: [suScheduler] C:\Programme\ThinkVantage\SystemUpdate\UCLauncher.exe ()

O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [TPKMAPHELPER] C:\Programme\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk = C:\WINDOWS\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-625425684-1169080742-3091018802-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()

O9 - Extra 'Tools' menuitem : IBM Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found

O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: ThinkPad-Software - Aktualisierung - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Programme\Lenovo\PkgMgr\\PkgMgr.exe ()

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab (Java Plug-in 1.4.2)

O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab (Java Plug-in 1.4.2)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F44FC95-73F9-4895-B256-1BA0BA76AB38}: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Programme\TXJLkIgyXCÁ½Ëucjxaunp.exe\ucjxaunp.exe) -  File not found

O20 - Winlogon\Notify\ACNotify: DllName - (ACNotify.dll) - C:\Programme\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo)

O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found

O20 - Winlogon\Notify\tpfnf2: DllName - (notifyf2.dll) - C:\WINDOWS\System32\notifyf2.dll ()

O20 - Winlogon\Notify\tphotkey: DllName - (tphklock.dll) - C:\WINDOWS\System32\tphklock.dll ()

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010.11.13 23:46:27 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: 6to4 -  File not found

NetSvcs: HidServ -  File not found

NetSvcs: Ias -  File not found

NetSvcs: Iprip -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: WmdmPmSp -  File not found

 

 

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung

ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - 

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe

ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

 

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3fhg - C:\WINDOWS\System32\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

Drivers32: VIDC.YV12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.03.12 22:09:06 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\toff\Desktop\OTL.exe

[2012.03.10 18:22:37 | 000,000,000 | ---D | C] -- C:\Programme\ESET

[2012.03.10 17:43:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\toff\Anwendungsdaten\Malwarebytes

[2012.03.10 17:43:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware

[2012.03.10 17:42:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2012.03.10 17:42:57 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012.03.10 17:42:57 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2012.03.04 20:44:30 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype

[2012.03.03 21:04:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Skype

[2012.03.03 21:04:35 | 000,000,000 | R--D | C] -- C:\Programme\Skype

[2012.03.03 15:10:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCDr

[2012.03.03 09:46:58 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\toff\Recent

[2012.02.22 12:04:49 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\toff\Startmenü\Programme\Verwaltung

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.03.12 22:12:57 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job

[2012.03.12 22:09:11 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\toff\Desktop\OTL.exe

[2012.03.12 22:07:43 | 000,010,996 | ---- | M] () -- C:\Dokumente und Einstellungen\toff\Desktop\Muchemblet Société Policée.odt

[2012.03.12 20:03:53 | 001,064,521 | ---- | M] () -- C:\Dokumente und Einstellungen\toff\Desktop\johanna.jpg

[2012.03.12 13:21:50 | 000,002,423 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk

[2012.03.12 13:21:30 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012.03.12 13:20:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012.03.11 19:25:54 | 000,011,545 | ---- | M] () -- C:\Dokumente und Einstellungen\toff\Desktop\Linke Körperverhalten.odt

[2012.03.11 18:54:55 | 000,012,982 | ---- | M] () -- C:\Dokumente und Einstellungen\toff\Desktop\Serna Der Adlige.odt

[2012.03.11 13:49:36 | 000,015,463 | ---- | M] () -- C:\Dokumente und Einstellungen\toff\Desktop\Marraud Noblesse.odt

[2012.03.11 08:15:24 | 000,114,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012.03.10 23:41:19 | 000,019,007 | ---- | M] () -- C:\Dokumente und Einstellungen\toff\Eigene Dateien\BENES.ODT

[2012.03.10 22:28:08 | 000,009,685 | ---- | M] () -- C:\Dokumente und Einstellungen\toff\Desktop\Vorlage Exzerpt.odt

[2012.03.09 20:43:05 | 000,010,773 | ---- | M] () -- C:\Dokumente und Einstellungen\toff\Desktop\Davetian Civility.odt

[2012.03.09 19:56:07 | 000,010,500 | ---- | M] () -- C:\Dokumente und Einstellungen\toff\Desktop\Honnetete.odt

[2012.03.09 19:08:10 | 000,015,351 | ---- | M] () -- C:\Dokumente und Einstellungen\toff\Desktop\Pompe Natürlichkeitsideal.odt

[2012.03.04 18:22:01 | 000,011,244 | ---- | M] () -- C:\Dokumente und Einstellungen\toff\Eigene Dateien\FTSV.odt

[2012.03.01 17:01:07 | 000,012,427 | ---- | M] () -- C:\Dokumente und Einstellungen\toff\Desktop\Antrag Prüfungsausschuss.odt

[2012.02.16 14:35:40 | 000,008,839 | ---- | M] () -- C:\Dokumente und Einstellungen\toff\Desktop\Semesterplan.ods

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.03.12 21:29:06 | 000,010,996 | ---- | C] () -- C:\Dokumente und Einstellungen\toff\Desktop\Muchemblet Société Policée.odt

[2012.03.12 20:03:52 | 001,064,521 | ---- | C] () -- C:\Dokumente und Einstellungen\toff\Desktop\johanna.jpg

[2012.03.11 18:56:32 | 000,011,545 | ---- | C] () -- C:\Dokumente und Einstellungen\toff\Desktop\Linke Körperverhalten.odt

[2012.03.11 18:54:54 | 000,012,982 | ---- | C] () -- C:\Dokumente und Einstellungen\toff\Desktop\Serna Der Adlige.odt

[2012.03.10 22:49:47 | 000,019,007 | ---- | C] () -- C:\Dokumente und Einstellungen\toff\Eigene Dateien\BENES.ODT

[2012.03.10 16:54:40 | 000,015,463 | ---- | C] () -- C:\Dokumente und Einstellungen\toff\Desktop\Marraud Noblesse.odt

[2012.03.09 20:43:04 | 000,010,773 | ---- | C] () -- C:\Dokumente und Einstellungen\toff\Desktop\Davetian Civility.odt

[2012.03.09 19:56:06 | 000,010,500 | ---- | C] () -- C:\Dokumente und Einstellungen\toff\Desktop\Honnetete.odt

[2012.03.09 13:29:05 | 000,015,351 | ---- | C] () -- C:\Dokumente und Einstellungen\toff\Desktop\Pompe Natürlichkeitsideal.odt

[2012.03.03 17:04:40 | 000,011,244 | ---- | C] () -- C:\Dokumente und Einstellungen\toff\Eigene Dateien\FTSV.odt

[2012.02.24 17:33:07 | 000,012,427 | ---- | C] () -- C:\Dokumente und Einstellungen\toff\Desktop\Antrag Prüfungsausschuss.odt

[2011.09.24 19:57:26 | 000,000,044 | ---- | C] () -- C:\WINDOWS\SMWizard.INI

[2010.12.25 14:31:24 | 000,006,144 | ---- | C] () -- C:\Dokumente und Einstellungen\toff\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.12.11 23:35:16 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2010.12.11 23:35:15 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini

[2010.12.11 23:35:11 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2010.12.11 23:35:11 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2010.12.11 23:35:10 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2010.12.09 19:25:48 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2010.11.14 00:06:48 | 000,002,458 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2010.11.14 00:03:14 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll

[2010.11.14 00:03:14 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll

[2010.11.14 00:01:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI

[2010.11.14 00:01:05 | 000,000,487 | ---- | C] () -- C:\WINDOWS\System32\IPSCTRL.INI

[2010.11.13 23:46:21 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\toff\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat

[2010.11.13 23:38:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2010.11.13 23:38:26 | 000,016,384 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE

[2010.11.13 23:38:25 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS

[2010.11.13 23:38:10 | 000,006,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys

[2010.11.13 23:36:19 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\psasrv.exe

[2010.11.13 23:32:10 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\profile.dat

[2010.11.13 23:30:40 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll

[2010.11.13 23:30:40 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll

[2010.11.13 23:30:40 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll

[2010.11.13 23:30:40 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll

[2010.11.13 23:30:40 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll

[2010.11.13 23:30:40 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

[2010.11.13 23:29:37 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys

[2010.11.13 23:29:18 | 000,000,148 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2010.11.13 23:20:03 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll

[2010.11.13 23:19:42 | 000,009,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS

[2010.11.13 23:18:34 | 000,147,520 | ---- | C] () -- C:\WINDOWS\_tpiu000.exe

[2010.11.13 23:18:18 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TpKmpSvc.exe

[2010.09.27 11:03:08 | 000,201,512 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll

[2010.09.27 10:57:26 | 000,197,416 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll

 
 ========== LOP Check ==========

 

[2010.11.13 23:27:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\IBM

[2010.11.13 23:49:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ThinkVantage

[2010.11.13 23:28:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lenovo

[2012.03.03 15:11:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCDr

[2011.05.20 18:00:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Swiss Academic Software

[2010.11.13 23:49:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ThinkVantage

[2010.11.13 23:27:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\IBM

[2010.11.13 23:49:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\ThinkVantage

[2010.11.13 23:35:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Lenovo

[2012.01.04 14:15:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\toff\Anwendungsdaten\DDMSettings

[2010.11.13 23:27:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\toff\Anwendungsdaten\IBM

[2012.03.10 20:59:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\toff\Anwendungsdaten\ICQ

[2010.11.18 10:54:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\toff\Anwendungsdaten\OpenOffice.org

[2010.11.14 01:11:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\toff\Anwendungsdaten\Opera

[2011.10.26 09:35:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\toff\Anwendungsdaten\stickies

[2010.11.13 23:49:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\toff\Anwendungsdaten\ThinkVantage

[2011.07.12 21:31:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\toff\Anwendungsdaten\Thunderbird

[2012.03.12 22:12:57 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2011.01.30 22:04:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\toff\Anwendungsdaten\Adobe

[2010.11.14 01:41:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\toff\Anwendungsdaten\AdobeUM

[2011.06.24 13:26:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\toff\Anwendungsdaten\Avira

[2012.01.04 14:15:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\toff\Anwendungsdaten\DDMSettings

[2012.01.11 16:04:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\toff\Anwendungsdaten\DivX

[2010.11.13 23:38:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\toff\Anwendungsdaten\Google

[2010.11.13 23:27:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\toff\Anwendungsdaten\IBM

[2012.03.10 20:59:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\toff\Anwendungsdaten\ICQ

[2004.08.10 13:35:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\toff\Anwendungsdaten\Identities

[2010.11.14 01:08:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\toff\Anwendungsdaten\Macromedia

[2012.03.10 17:43:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\toff\Anwendungsdaten\Malwarebytes

[2010.11.17 00:07:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\toff\Anwendungsdaten\Media Player Classic

[2011.07.16 18:28:44 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\toff\Anwendungsdaten\Microsoft

[2010.11.19 01:24:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\toff\Anwendungsdaten\Mozilla

[2010.11.18 10:54:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\toff\Anwendungsdaten\OpenOffice.org

[2010.11.14 01:11:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\toff\Anwendungsdaten\Opera

[2012.03.12 20:11:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\toff\Anwendungsdaten\Skype

[2011.10.26 09:35:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\toff\Anwendungsdaten\stickies

[2010.11.13 23:31:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\toff\Anwendungsdaten\Symantec

[2010.11.13 23:49:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\toff\Anwendungsdaten\ThinkVantage

[2011.07.12 21:31:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\toff\Anwendungsdaten\Thunderbird

 
 < %APPDATA%\*.exe /s >

 
 < %SYSTEMDRIVE%\*.exe >

 

 
 < MD5 for: AGP440.SYS  >

[2004.08.04 05:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys

[2004.08.04 05:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\agp440.sys

[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\AGP440.SYS

 
 < MD5 for: ATAPI.SYS  >

[2004.08.04 05:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys

[2004.08.04 05:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\atapi.sys

[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

 
 < MD5 for: EVENTLOG.DLL  >

[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\eventlog.dll

[2004.08.04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\system32\eventlog.dll

 
 < MD5 for: IASTOR.SYS  >

[2005.10.12 12:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\DRIVERS\OTHER\IASTOR.SYS

[2005.10.12 12:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\IBMTOOLS\drivers\IMSM\IASTOR.SYS

[2005.10.12 12:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\system32\drivers\IASTOR.SYS

 
 < MD5 for: NETLOGON.DLL  >

[2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\netlogon.dll

[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\system32\dllcache\netlogon.dll

[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\system32\netlogon.dll

 
 < MD5 for: SCECLI.DLL  >

[2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\scecli.dll

[2004.08.04 05:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\system32\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2007.03.08 16:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\system32\dllcache\user32.dll

[2007.03.08 16:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\system32\user32.dll

[2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\userinit.exe

[2004.08.04 05:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\userinit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2005.04.01 19:33:14 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=B0B3908F5432F9DBBCD83CA4C33F0D82 -- C:\WINDOWS\system32\winlogon.exe

[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2004.08.04 05:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2004.08.10 13:16:54 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav

[2004.08.10 13:16:54 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav

[2004.08.10 13:16:54 | 000,417,792 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

 
 <           >
 

< End of report >

Zitat:

O2 - BHO: (DivX Plus Web Player HTML5 <video>)

Gehörst du auch zur der Fraktion, die sich Serien und Kinofilme über dubiose Portale anschaut?
Wenn ja: in Zukunft Finger weg, diese illegalen Portale verbreiten Malware und wenn du in Zukunft malwarefrei sein wilst, musst du auf legale Alternativen ausweichen und auf solche riskanten Streamingseiten verzichten!

Ja, ist mir klar, das muss ich wohl daher haben.

Und ja, natürlich hast du Recht.

Ich denke, man unterschätzt immer, dass das ganz konkret schaden kann (von einem moralischen und rechtlichen Standpunkt der Argumentation mal abgesehen).

Ja, lass einfach die Finger von diesen Seiten ;)

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

IE - HKU\S-1-5-21-625425684-1169080742-3091018802-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

IE - HKU\S-1-5-21-625425684-1169080742-3091018802-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKU\S-1-5-21-625425684-1169080742-3091018802-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.lenovo.com/de/de

IE - HKU\S-1-5-21-625425684-1169080742-3091018802-1005\..\SearchScopes,DefaultScope = Google

IE - HKU\S-1-5-21-625425684-1169080742-3091018802-1005\..\SearchScopes\Google: "URL" = http://www.google.com/search?sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&q=%s

O3 - HKU\S-1-5-21-625425684-1169080742-3091018802-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O4 - HKLM..\Run: [PCDrProfiler]  File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-625425684-1169080742-3091018802-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra 'Tools' menuitem : IBM Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found

O20 - HKLM Winlogon: UserInit - (C:\Programme\TXJLkIgyXCÁ½Ëucjxaunp.exe\ucjxaunp.exe) -  File not found

:Files

C:\Programme\TXJLkIgy*

:Commands

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Gemacht;

hier das log:

Code:

All processes killed

========== OTL ==========

HKU\S-1-5-21-625425684-1169080742-3091018802-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!

HKU\S-1-5-21-625425684-1169080742-3091018802-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!

HKU\S-1-5-21-625425684-1169080742-3091018802-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKEY_USERS\S-1-5-21-625425684-1169080742-3091018802-1005\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-625425684-1169080742-3091018802-1005\Software\Microsoft\Internet Explorer\SearchScopes\ deleted successfully.

Registry value HKEY_USERS\S-1-5-21-625425684-1169080742-3091018802-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PCDrProfiler deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning deleted successfully.

Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.

Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

Registry value HKEY_USERS\S-1-5-21-625425684-1169080742-3091018802-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Programme\TXJLkIgyXCÁ½Ëucjxaunp.exe\ucjxaunp.exe deleted successfully.

========== FILES ==========

C:\Programme\TXJLkIgyXCÁ½Ëucjxaunp.exe folder moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32768 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32768 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: toff

->Temp folder emptied: 3947994 bytes

->Temporary Internet Files folder emptied: 14440060 bytes

->FireFox cache emptied: 49657916 bytes

->Opera cache emptied: 12034 bytes

->Flash cache emptied: 3593 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 2951 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 3401908 bytes

RecycleBin emptied: 13136192 bytes

 

Total Files Cleaned = 81,00 mb

 

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.36.3 log created on 03132012_202600
 

Files\Folders moved on Reboot...
 

Registry entries deleted on Reboot...

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Voilà:

Code:

20:56:22.0281 2188        TDSS rootkit removing tool 2.7.20.0 Mar  9 2012 17:10:43

20:56:22.0484 2188        ============================================================

20:56:22.0484 2188        Current date / time: 2012/03/13 20:56:22.0484

20:56:22.0484 2188        SystemInfo:

20:56:22.0484 2188        

20:56:22.0484 2188        OS Version: 5.1.2600 ServicePack: 2.0

20:56:22.0484 2188        Product type: Workstation

20:56:22.0484 2188        ComputerName: APFELMUS

20:56:22.0500 2188        UserName: toff

20:56:22.0500 2188        Windows directory: C:\WINDOWS

20:56:22.0500 2188        System windows directory: C:\WINDOWS

20:56:22.0500 2188        Processor architecture: Intel x86

20:56:22.0500 2188        Number of processors: 2

20:56:22.0500 2188        Page size: 0x1000

20:56:22.0500 2188        Boot type: Normal boot

20:56:22.0500 2188        ============================================================

20:56:23.0531 2188        Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1E48, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050

20:56:23.0546 2188        \Device\Harddisk0\DR0:

20:56:23.0546 2188        MBR used

20:56:23.0546 2188        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x67F7061

20:56:23.0578 2188        Initialize success

20:56:23.0578 2188        ============================================================

20:56:45.0421 2680        ============================================================

20:56:45.0421 2680        Scan started

20:56:45.0421 2680        Mode: Manual; SigCheck; TDLFS; 

20:56:45.0421 2680        ============================================================

20:56:46.0281 2680        Abiosdsk - ok

20:56:46.0375 2680        abp480n5        (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

20:56:46.0640 2680        abp480n5 - ok

20:56:46.0687 2680        ac97intc        (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys

20:56:46.0890 2680        ac97intc - ok

20:56:46.0984 2680        ACPI            (94b4741d2cf9ed38140b831293d1601a) C:\WINDOWS\system32\DRIVERS\ACPI.sys

20:56:47.0187 2680        ACPI - ok

20:56:47.0265 2680        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

20:56:47.0500 2680        ACPIEC - ok

20:56:47.0609 2680        ADIHdAudAddService (b7c4f2a40b7d2289eb944fff30f385ff) C:\WINDOWS\system32\drivers\ADIHdAud.sys

20:56:47.0625 2680        ADIHdAudAddService - ok

20:56:47.0671 2680        adpu160m        (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

20:56:47.0875 2680        adpu160m - ok

20:56:47.0921 2680        AEAudioService  (c984de22ed71414abc42c1e03d412e33) C:\WINDOWS\system32\drivers\AEAudio.sys

20:56:47.0953 2680        AEAudioService - ok

20:56:48.0031 2680        aec             (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys

20:56:48.0593 2680        aec - ok

20:56:48.0687 2680        AegisP          (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys

20:56:48.0703 2680        AegisP ( UnsignedFile.Multi.Generic ) - warning

20:56:48.0703 2680        AegisP - detected UnsignedFile.Multi.Generic (1)

20:56:48.0828 2680        AFD             (6a0397376853e604de8e1e7a87fc08ac) C:\WINDOWS\System32\drivers\afd.sys

20:56:48.0859 2680        AFD - ok

20:56:48.0921 2680        agp440          (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys

20:56:49.0125 2680        agp440 - ok

20:56:49.0171 2680        agpCPQ          (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

20:56:49.0375 2680        agpCPQ - ok

20:56:49.0437 2680        Aha154x         (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

20:56:49.0578 2680        Aha154x - ok

20:56:49.0625 2680        aic78u2         (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

20:56:49.0828 2680        aic78u2 - ok

20:56:49.0859 2680        aic78xx         (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

20:56:50.0062 2680        aic78xx - ok

20:56:50.0125 2680        AliIde          (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

20:56:50.0343 2680        AliIde - ok

20:56:50.0484 2680        alim1541        (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys

20:56:50.0703 2680        alim1541 - ok

20:56:50.0750 2680        amdagp          (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys

20:56:50.0953 2680        amdagp - ok

20:56:51.0031 2680        amsint          (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

20:56:51.0140 2680        amsint - ok

20:56:51.0203 2680        ANC             (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS

20:56:51.0203 2680        ANC ( UnsignedFile.Multi.Generic ) - warning

20:56:51.0203 2680        ANC - detected UnsignedFile.Multi.Generic (1)

20:56:51.0250 2680        asc             (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

20:56:51.0453 2680        asc - ok

20:56:51.0500 2680        asc3350p        (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

20:56:51.0625 2680        asc3350p - ok

20:56:51.0687 2680        asc3550         (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

20:56:51.0921 2680        asc3550 - ok

20:56:51.0984 2680        AsyncMac        (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

20:56:52.0171 2680        AsyncMac - ok

20:56:52.0250 2680        atapi           (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys

20:56:52.0437 2680        atapi - ok

20:56:52.0500 2680        Atdisk - ok

20:56:52.0546 2680        Atmarpc         (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

20:56:52.0765 2680        Atmarpc - ok

20:56:52.0812 2680        atmeltpm        (dbf0d7e2df33b469eb55406fea759350) C:\WINDOWS\system32\DRIVERS\atmeltpm.sys

20:56:52.0843 2680        atmeltpm - ok

20:56:52.0953 2680        audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

20:56:53.0156 2680        audstub - ok

20:56:53.0328 2680        avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys

20:56:53.0343 2680        avgio - ok

20:56:53.0437 2680        avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

20:56:53.0468 2680        avgntflt - ok

20:56:53.0515 2680        avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys

20:56:53.0531 2680        avipbb - ok

20:56:53.0625 2680        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

20:56:53.0812 2680        Beep - ok

20:56:53.0968 2680        BTKRNL          (7512c4f3f408dd9804500e275517a758) C:\WINDOWS\system32\DRIVERS\btkrnl.sys

20:56:54.0078 2680        BTKRNL ( UnsignedFile.Multi.Generic ) - warning

20:56:54.0078 2680        BTKRNL - detected UnsignedFile.Multi.Generic (1)

20:56:54.0140 2680        BTWUSB          (eb68b380da558ba4f5d54519ec734dc9) C:\WINDOWS\system32\Drivers\btwusb.sys

20:56:54.0171 2680        BTWUSB ( UnsignedFile.Multi.Generic ) - warning

20:56:54.0171 2680        BTWUSB - detected UnsignedFile.Multi.Generic (1)

20:56:54.0265 2680        cbidf           (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

20:56:54.0468 2680        cbidf - ok

20:56:54.0515 2680        cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

20:56:54.0703 2680        cbidf2k - ok

20:56:54.0781 2680        cd20xrnt        (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

20:56:54.0921 2680        cd20xrnt - ok

20:56:54.0968 2680        Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

20:56:55.0156 2680        Cdaudio - ok

20:56:55.0187 2680        Cdfs            (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys

20:56:55.0390 2680        Cdfs - ok

20:56:55.0468 2680        Cdrom           (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys

20:56:55.0671 2680        Cdrom - ok

20:56:55.0750 2680        Changer - ok

20:56:56.0125 2680        CmBatt          (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

20:56:56.0312 2680        CmBatt - ok

20:56:56.0406 2680        CmdIde          (c687f81290303d90099b027a6474f99f) C:\WINDOWS\system32\DRIVERS\cmdide.sys

20:56:56.0609 2680        CmdIde - ok

20:56:56.0656 2680        Compbatt        (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys

20:56:56.0843 2680        Compbatt - ok

20:56:56.0921 2680        Cpqarray        (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

20:56:57.0109 2680        Cpqarray - ok

20:56:57.0187 2680        CVirtA          (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys

20:56:57.0218 2680        CVirtA - ok

20:56:57.0312 2680        CVPNDRVA        (cb90b2762b1a1d0b40496400c55b6ade) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys

20:56:57.0328 2680        CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning

20:56:57.0328 2680        CVPNDRVA - detected UnsignedFile.Multi.Generic (1)

20:56:57.0421 2680        dac2w2k         (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

20:56:57.0640 2680        dac2w2k - ok

20:56:57.0687 2680        dac960nt        (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

20:56:57.0890 2680        dac960nt - ok

20:56:57.0953 2680        Disk            (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys

20:56:58.0140 2680        Disk - ok

20:56:58.0218 2680        DLABOIOM        (efae981c8ba3dad4103a76bcb5955b07) C:\WINDOWS\system32\DLA\DLABOIOM.SYS

20:56:58.0234 2680        DLABOIOM ( UnsignedFile.Multi.Generic ) - warning

20:56:58.0234 2680        DLABOIOM - detected UnsignedFile.Multi.Generic (1)

20:56:58.0281 2680        DLACDBHM        (8d45ac148fd8c1a25204aeca1397fa7e) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

20:56:58.0281 2680        DLACDBHM ( UnsignedFile.Multi.Generic ) - warning

20:56:58.0281 2680        DLACDBHM - detected UnsignedFile.Multi.Generic (1)

20:56:58.0328 2680        DLADResN        (75f07b1ba9a358e401856cf51b6a65d0) C:\WINDOWS\system32\DLA\DLADResN.SYS

20:56:58.0328 2680        DLADResN ( UnsignedFile.Multi.Generic ) - warning

20:56:58.0328 2680        DLADResN - detected UnsignedFile.Multi.Generic (1)

20:56:58.0359 2680        DLAIFS_M        (2aef49904bde7398d0f09b6a603738ef) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS

20:56:58.0375 2680        DLAIFS_M ( UnsignedFile.Multi.Generic ) - warning

20:56:58.0375 2680        DLAIFS_M - detected UnsignedFile.Multi.Generic (1)

20:56:58.0421 2680        DLAOPIOM        (46fa268a829384256179f4ccb6eb308f) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS

20:56:58.0437 2680        DLAOPIOM ( UnsignedFile.Multi.Generic ) - warning

20:56:58.0437 2680        DLAOPIOM - detected UnsignedFile.Multi.Generic (1)

20:56:58.0468 2680        DLAPoolM        (26e89839af248625a4e7c4cf5873375d) C:\WINDOWS\system32\DLA\DLAPoolM.SYS

20:56:58.0484 2680        DLAPoolM ( UnsignedFile.Multi.Generic ) - warning

20:56:58.0484 2680        DLAPoolM - detected UnsignedFile.Multi.Generic (1)

20:56:58.0546 2680        DLARTL_N        (94accf8f7b87fbeaa27266927319e6ba) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS

20:56:58.0578 2680        DLARTL_N ( UnsignedFile.Multi.Generic ) - warning

20:56:58.0578 2680        DLARTL_N - detected UnsignedFile.Multi.Generic (1)

20:56:58.0625 2680        DLAUDFAM        (5e914bd7f68dde3fb4bffe005162c1e6) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS

20:56:58.0640 2680        DLAUDFAM ( UnsignedFile.Multi.Generic ) - warning

20:56:58.0640 2680        DLAUDFAM - detected UnsignedFile.Multi.Generic (1)

20:56:58.0703 2680        DLAUDF_M        (8c3cfb22a7fb3be67e0c321fa10b8b50) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS

20:56:58.0765 2680        DLAUDF_M ( UnsignedFile.Multi.Generic ) - warning

20:56:58.0765 2680        DLAUDF_M - detected UnsignedFile.Multi.Generic (1)

20:56:58.0906 2680        dmboot          (5789b83ba87fc84c3568cf86cacef8ce) C:\WINDOWS\system32\drivers\dmboot.sys

20:56:59.0187 2680        dmboot - ok

20:56:59.0281 2680        dmio            (084eb0a50a4f7b4705c8a57f234e5291) C:\WINDOWS\system32\drivers\dmio.sys

20:56:59.0484 2680        dmio - ok

20:56:59.0562 2680        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

20:56:59.0781 2680        dmload - ok

20:56:59.0812 2680        DMusic          (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys

20:57:00.0000 2680        DMusic - ok

20:57:00.0078 2680        DNE             (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\WINDOWS\system32\DRIVERS\dne2000.sys

20:57:00.0093 2680        DNE - ok

20:57:00.0156 2680        dpti2o          (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

20:57:00.0375 2680        dpti2o - ok

20:57:00.0437 2680        drmkaud         (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys

20:57:00.0625 2680        drmkaud - ok

20:57:00.0640 2680        DRVMCDB         (ab6c5c26fff9b3c456aeaf7e0093c2fe) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

20:57:00.0671 2680        DRVMCDB ( UnsignedFile.Multi.Generic ) - warning

20:57:00.0671 2680        DRVMCDB - detected UnsignedFile.Multi.Generic (1)

20:57:00.0687 2680        DRVNDDM         (4a307ade1638d9358b6eb90076481cc6) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

20:57:00.0687 2680        DRVNDDM ( UnsignedFile.Multi.Generic ) - warning

20:57:00.0687 2680        DRVNDDM - detected UnsignedFile.Multi.Generic (1)

20:57:00.0703 2680        E100B           (a6de5342417fec3c0aa8efebb899c431) C:\WINDOWS\system32\DRIVERS\e100b325.sys

20:57:00.0906 2680        E100B - ok

20:57:00.0984 2680        e1express       (b536197853ea7e19c16d0d886c235683) C:\WINDOWS\system32\DRIVERS\e1e5132.sys

20:57:01.0000 2680        e1express - ok

20:57:01.0046 2680        EGATHDRV        (2d0fc676d159525f6cd74c3302c7a61c) C:\WINDOWS\SYSTEM32\EGATHDRV.SYS

20:57:01.0062 2680        EGATHDRV ( UnsignedFile.Multi.Generic ) - warning

20:57:01.0062 2680        EGATHDRV - detected UnsignedFile.Multi.Generic (1)

20:57:01.0171 2680        Fastfat         (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys

20:57:01.0359 2680        Fastfat - ok

20:57:01.0515 2680        Fdc             (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys

20:57:01.0703 2680        Fdc - ok

20:57:01.0796 2680        Fips            (9e9af89f9b14aa6249065c309ce73bd8) C:\WINDOWS\system32\drivers\Fips.sys

20:57:02.0000 2680        Fips - ok

20:57:02.0046 2680        Flpydisk        (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

20:57:02.0250 2680        Flpydisk - ok

20:57:02.0328 2680        FltMgr          (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

20:57:02.0875 2680        FltMgr - ok

20:57:02.0906 2680        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

20:57:03.0093 2680        Fs_Rec - ok

20:57:03.0171 2680        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

20:57:03.0375 2680        Ftdisk - ok

20:57:03.0453 2680        Gpc             (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys

20:57:03.0703 2680        Gpc - ok

20:57:03.0781 2680        HDAudBus        (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

20:57:03.0812 2680        HDAudBus - ok

20:57:03.0875 2680        hpn             (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

20:57:04.0062 2680        hpn - ok

20:57:04.0140 2680        HSF_DPV         (b1fc0b027df4374f9e5b796cfdf797b3) C:\WINDOWS\system32\DRIVERS\hsx_dpv.sys

20:57:04.0203 2680        HSF_DPV - ok

20:57:04.0265 2680        HSXHWAZL        (3af45f5b4157c88ffae24d89ba408302) C:\WINDOWS\system32\DRIVERS\hsxhwazl.sys

20:57:04.0281 2680        HSXHWAZL - ok

20:57:04.0359 2680        HTTP            (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys

20:57:04.0390 2680        HTTP - ok

20:57:04.0453 2680        i2omgmt         (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys

20:57:04.0640 2680        i2omgmt - ok

20:57:04.0671 2680        i2omp           (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys

20:57:04.0859 2680        i2omp - ok

20:57:04.0937 2680        i8042prt        (7c575018d0413440d75432a78b88c899) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

20:57:05.0125 2680        i8042prt - ok

20:57:05.0250 2680        ialm            (bc1f1ff8d5800398937966cdb0a97fdc) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

20:57:05.0421 2680        ialm - ok

20:57:05.0515 2680        iaStor          (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys

20:57:05.0593 2680        iaStor - ok

20:57:05.0687 2680        ibmfilter       (bd1ddf774e7fd633d701b1fb69b9f081) C:\WINDOWS\system32\drivers\ibmfilter.sys

20:57:05.0703 2680        ibmfilter ( UnsignedFile.Multi.Generic ) - warning

20:57:05.0703 2680        ibmfilter - detected UnsignedFile.Multi.Generic (1)

20:57:05.0828 2680        IBMPMDRV        (067a88764593b1f46a6cfb00c69c11eb) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys

20:57:05.0843 2680        IBMPMDRV - ok

20:57:05.0906 2680        IBMTPCHK        (bfc9f3adaad74e13f9ce16c8bd336f95) C:\WINDOWS\system32\Drivers\IBMBLDID.sys

20:57:05.0921 2680        IBMTPCHK ( UnsignedFile.Multi.Generic ) - warning

20:57:05.0921 2680        IBMTPCHK - detected UnsignedFile.Multi.Generic (1)

20:57:05.0968 2680        Imapi           (12c59b8929121ace2f55acc86682cf12) C:\WINDOWS\system32\DRIVERS\imapi.sys

20:57:06.0500 2680        Imapi - ok

20:57:06.0609 2680        ini910u         (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

20:57:06.0796 2680        ini910u - ok

20:57:06.0875 2680        IntelIde        (d63c33f65f6ebc732116403d88883b2d) C:\WINDOWS\system32\DRIVERS\intelide.sys

20:57:07.0062 2680        IntelIde - ok

20:57:07.0125 2680        intelppm        (c1c2cc1da79c5ee10457ef0a3b8568c7) C:\WINDOWS\system32\DRIVERS\intelppm.sys

20:57:07.0312 2680        intelppm - ok

20:57:07.0375 2680        Ip6Fw           (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

20:57:07.0578 2680        Ip6Fw - ok

20:57:07.0703 2680        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

20:57:07.0875 2680        IpFilterDriver - ok

20:57:07.0921 2680        IpInIp          (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys

20:57:08.0109 2680        IpInIp - ok

20:57:08.0171 2680        IpNat           (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys

20:57:08.0718 2680        IpNat - ok

20:57:08.0781 2680        IPSec           (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys

20:57:08.0968 2680        IPSec - ok

20:57:09.0031 2680        irda            (86c204836feec22510d434982d4221b8) C:\WINDOWS\system32\DRIVERS\irda.sys

20:57:09.0156 2680        irda - ok

20:57:09.0234 2680        IRENUM          (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys

20:57:09.0359 2680        IRENUM - ok

20:57:09.0453 2680        isapnp          (ce9b7afdf0a3d7dd8d1487262316b959) C:\WINDOWS\system32\DRIVERS\isapnp.sys

20:57:09.0640 2680        isapnp - ok

20:57:09.0703 2680        Kbdclass        (b128fc0a5cd83f669d5de4b58f77c7d6) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

20:57:09.0890 2680        Kbdclass - ok

20:57:09.0984 2680        kmixer          (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys

20:57:10.0546 2680        kmixer - ok

20:57:10.0609 2680        KSecDD          (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys

20:57:10.0656 2680        KSecDD - ok

20:57:10.0718 2680        lbrtfdc - ok

20:57:10.0781 2680        mdmxsdk         (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

20:57:10.0796 2680        mdmxsdk - ok

20:57:10.0890 2680        mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

20:57:11.0093 2680        mnmdd - ok

20:57:11.0156 2680        Modem           (91a3da4b12f6f1d760463a7f7857f748) C:\WINDOWS\system32\drivers\Modem.sys

20:57:11.0359 2680        Modem - ok

20:57:11.0390 2680        Mouclass        (71e15ca47fd947552054afb28536268f) C:\WINDOWS\system32\DRIVERS\mouclass.sys

20:57:11.0625 2680        Mouclass - ok

20:57:11.0671 2680        MountMgr        (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys

20:57:11.0875 2680        MountMgr - ok

20:57:11.0984 2680        mraid35x        (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

20:57:12.0187 2680        mraid35x - ok

20:57:12.0234 2680        MRxDAV          (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

20:57:12.0796 2680        MRxDAV - ok

20:57:12.0906 2680        MRxSmb          (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

20:57:12.0953 2680        MRxSmb - ok

20:57:12.0968 2680        Msfs            (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys

20:57:13.0156 2680        Msfs - ok

20:57:13.0171 2680        MSKSSRV         (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys

20:57:13.0406 2680        MSKSSRV - ok

20:57:13.0500 2680        MSPCLOCK        (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

20:57:13.0718 2680        MSPCLOCK - ok

20:57:13.0812 2680        MSPQM           (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys

20:57:14.0000 2680        MSPQM - ok

20:57:14.0078 2680        mssmbios        (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

20:57:14.0265 2680        mssmbios - ok

20:57:14.0328 2680        Mup             (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys

20:57:14.0546 2680        Mup - ok

20:57:14.0625 2680        NDIS            (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys

20:57:14.0828 2680        NDIS - ok

20:57:14.0875 2680        NdisTapi        (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

20:57:15.0062 2680        NdisTapi - ok

20:57:15.0171 2680        Ndisuio         (8d3ce6b579cde8d37acc690b67dc2106) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

20:57:15.0718 2680        Ndisuio - ok

20:57:15.0812 2680        NdisWan         (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

20:57:16.0015 2680        NdisWan - ok

20:57:16.0093 2680        NDProxy         (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys

20:57:16.0296 2680        NDProxy - ok

20:57:16.0328 2680        NetBIOS         (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys

20:57:16.0531 2680        NetBIOS - ok

20:57:16.0593 2680        NetBT           (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys

20:57:16.0796 2680        NetBT - ok

20:57:16.0859 2680        Npfs            (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys

20:57:17.0046 2680        Npfs - ok

20:57:17.0109 2680        NSCIRDA         (6216798d29c3ba9d0d6f40bbbab694a5) C:\WINDOWS\system32\DRIVERS\nscirda.sys

20:57:17.0218 2680        NSCIRDA - ok

20:57:17.0375 2680        Ntfs            (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys

20:57:17.0937 2680        Ntfs - ok

20:57:18.0000 2680        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

20:57:18.0187 2680        Null - ok

20:57:18.0328 2680        nv              (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

20:57:18.0656 2680        nv - ok

20:57:18.0734 2680        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

20:57:18.0953 2680        NwlnkFlt - ok

20:57:19.0062 2680        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

20:57:19.0265 2680        NwlnkFwd - ok

20:57:19.0328 2680        Parport         (b2f17a2edb5450e61973a037f63a595b) C:\WINDOWS\system32\DRIVERS\parport.sys

20:57:19.0515 2680        Parport - ok

20:57:19.0562 2680        PartMgr         (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys

20:57:19.0750 2680        PartMgr - ok

20:57:19.0812 2680        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys

20:57:20.0015 2680        ParVdm - ok

20:57:20.0078 2680        PCI             (6fb463e5b243fbd6f3d3c83f914d94fb) C:\WINDOWS\system32\DRIVERS\pci.sys

20:57:20.0265 2680        PCI - ok

20:57:20.0296 2680        PCIDump - ok

20:57:20.0343 2680        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys

20:57:20.0546 2680        PCIIde - ok

20:57:20.0609 2680        Pcmcia          (e2363f4c1daff89abee5f593e13d8a05) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

20:57:20.0828 2680        Pcmcia - ok

20:57:20.0890 2680        PDCOMP - ok

20:57:20.0890 2680        PDFRAME - ok

20:57:20.0906 2680        PDRELI - ok

20:57:20.0921 2680        PDRFRAME - ok

20:57:20.0953 2680        perc2           (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

20:57:21.0156 2680        perc2 - ok

20:57:21.0218 2680        perc2hib        (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

20:57:21.0406 2680        perc2hib - ok

20:57:21.0546 2680        pmem            (fa292805788528c083f416e151b60ab6) C:\WINDOWS\System32\drivers\pmemnt.sys

20:57:21.0562 2680        pmem ( UnsignedFile.Multi.Generic ) - warning

20:57:21.0562 2680        pmem - detected UnsignedFile.Multi.Generic (1)

20:57:21.0593 2680        PptpMiniport    (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys

20:57:21.0781 2680        PptpMiniport - ok

20:57:21.0968 2680        PrivateDisk     (e580dd7d54415905bb0bab306b659fdf) C:\Programme\IBM ThinkVantage\SafeGuard PrivateDisk\PrivateDiskM.sys

20:57:21.0984 2680        PrivateDisk ( UnsignedFile.Multi.Generic ) - warning

20:57:21.0984 2680        PrivateDisk - detected UnsignedFile.Multi.Generic (1)

20:57:22.0062 2680        PROCDD          (abd39d58dac2cfcee7f0c9a838e989a8) C:\WINDOWS\system32\DRIVERS\PROCDD.SYS

20:57:22.0078 2680        PROCDD ( UnsignedFile.Multi.Generic ) - warning

20:57:22.0078 2680        PROCDD - detected UnsignedFile.Multi.Generic (1)

20:57:22.0109 2680        Processor       (3d7f196e77f986c106e9320b81a5ebbf) C:\WINDOWS\system32\DRIVERS\processr.sys

20:57:22.0296 2680        Processor - ok

20:57:22.0421 2680        psadd           (76df9412c1556fca3d6d94b2c9d94d6b) C:\WINDOWS\system32\Drivers\psadd.sys

20:57:22.0453 2680        psadd ( UnsignedFile.Multi.Generic ) - warning

20:57:22.0453 2680        psadd - detected UnsignedFile.Multi.Generic (1)

20:57:22.0515 2680        PSched          (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys

20:57:22.0718 2680        PSched - ok

20:57:22.0765 2680        Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

20:57:22.0953 2680        Ptilink - ok

20:57:23.0031 2680        PxHelp20        (183ef96bcc2ec3d5294cb2c2c0ecbcd1) C:\WINDOWS\system32\Drivers\PxHelp20.sys

20:57:23.0046 2680        PxHelp20 ( UnsignedFile.Multi.Generic ) - warning

20:57:23.0046 2680        PxHelp20 - detected UnsignedFile.Multi.Generic (1)

20:57:23.0109 2680        ql1080          (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

20:57:23.0312 2680        ql1080 - ok

20:57:23.0390 2680        Ql10wnt         (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

20:57:23.0609 2680        Ql10wnt - ok

20:57:23.0703 2680        ql12160         (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

20:57:23.0906 2680        ql12160 - ok

20:57:24.0031 2680        ql1240          (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

20:57:24.0234 2680        ql1240 - ok

20:57:24.0296 2680        ql1280          (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

20:57:24.0500 2680        ql1280 - ok

20:57:24.0562 2680        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

20:57:24.0750 2680        RasAcd - ok

20:57:24.0843 2680        Rasirda         (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys

20:57:24.0968 2680        Rasirda - ok

20:57:25.0000 2680        Rasl2tp         (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

20:57:25.0187 2680        Rasl2tp - ok

20:57:25.0234 2680        RasPppoe        (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

20:57:25.0437 2680        RasPppoe - ok

20:57:25.0515 2680        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

20:57:25.0718 2680        Raspti - ok

20:57:25.0812 2680        Rdbss           (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys

20:57:26.0375 2680        Rdbss - ok

20:57:26.0500 2680        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

20:57:26.0687 2680        RDPCDD - ok

20:57:26.0781 2680        rdpdr           (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

20:57:26.0984 2680        rdpdr - ok

20:57:27.0046 2680        RDPWD           (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys

20:57:27.0593 2680        RDPWD - ok

20:57:27.0718 2680        redbook         (aa56702e230860565cb8d43680f57f33) C:\WINDOWS\system32\DRIVERS\redbook.sys

20:57:27.0906 2680        redbook - ok

20:57:27.0968 2680        s24trans        (1cc074e0d48383d4e9bffc6a26c2a58a) C:\WINDOWS\system32\DRIVERS\s24trans.sys

20:57:27.0984 2680        s24trans ( UnsignedFile.Multi.Generic ) - warning

20:57:27.0984 2680        s24trans - detected UnsignedFile.Multi.Generic (1)

20:57:28.0125 2680        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

20:57:28.0687 2680        Secdrv - ok

20:57:28.0750 2680        serenum         (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys

20:57:28.0953 2680        serenum - ok

20:57:29.0015 2680        Serial          (cd5b9995afcdb466c9efc048d167e3be) C:\WINDOWS\system32\DRIVERS\serial.sys

20:57:29.0203 2680        Serial - ok

20:57:29.0265 2680        Sfloppy         (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys

20:57:29.0453 2680        Sfloppy - ok

20:57:29.0531 2680        ShockMgr        (1a9b76c8e0d77bcaca24fdf36781b59d) C:\WINDOWS\system32\drivers\ShockMgr.sys

20:57:29.0562 2680        ShockMgr ( UnsignedFile.Multi.Generic ) - warning

20:57:29.0562 2680        ShockMgr - detected UnsignedFile.Multi.Generic (1)

20:57:29.0593 2680        Shockprf        (70d82eb75e7e3b2980d6bf5b26051f4b) C:\WINDOWS\system32\drivers\Shockprf.sys

20:57:29.0609 2680        Shockprf ( UnsignedFile.Multi.Generic ) - warning

20:57:29.0609 2680        Shockprf - detected UnsignedFile.Multi.Generic (1)

20:57:29.0625 2680        Simbad - ok

20:57:29.0656 2680        sisagp          (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys

20:57:29.0843 2680        sisagp - ok

20:57:29.0859 2680        Smapint         (26341d0dd225d19fd50e0ee3c3c77502) C:\WINDOWS\system32\drivers\Smapint.sys

20:57:29.0875 2680        Smapint ( UnsignedFile.Multi.Generic ) - warning

20:57:29.0875 2680        Smapint - detected UnsignedFile.Multi.Generic (1)

20:57:29.0984 2680        smi2            (3ba9d0c8a0fbd9fb4029b6cd87c8ce0b) C:\Programme\SMI2\smi2.sys

20:57:29.0984 2680        smi2 ( UnsignedFile.Multi.Generic ) - warning

20:57:29.0984 2680        smi2 - detected UnsignedFile.Multi.Generic (1)

20:57:30.0015 2680        Sparrow         (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

20:57:30.0156 2680        Sparrow - ok

20:57:30.0218 2680        splitter        (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys

20:57:30.0765 2680        splitter - ok

20:57:30.0781 2680        sr              (e4200cb2f418d8fc4acdd7e38c419d6a) C:\WINDOWS\system32\DRIVERS\sr.sys

20:57:30.0921 2680        sr - ok

20:57:30.0968 2680        Srv             (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys

20:57:31.0046 2680        Srv - ok

20:57:31.0125 2680        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

20:57:31.0140 2680        ssmdrv - ok

20:57:31.0250 2680        swenum          (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys

20:57:31.0453 2680        swenum - ok

20:57:31.0484 2680        swmidi          (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys

20:57:31.0671 2680        swmidi - ok

20:57:31.0718 2680        symc810         (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

20:57:31.0906 2680        symc810 - ok

20:57:31.0953 2680        symc8xx         (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

20:57:32.0140 2680        symc8xx - ok

20:57:32.0171 2680        sym_hi          (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

20:57:32.0390 2680        sym_hi - ok

20:57:32.0421 2680        sym_u3          (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

20:57:32.0593 2680        sym_u3 - ok

20:57:32.0625 2680        SynTP           (b55024af8a5f940a4723f3b62ccbf349) C:\WINDOWS\system32\DRIVERS\SynTP.sys

20:57:32.0656 2680        SynTP - ok

20:57:32.0671 2680        sysaudio        (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys

20:57:32.0875 2680        sysaudio - ok

20:57:32.0968 2680        Tcpip           (744e57c99232201ae98c49168b918f48) C:\WINDOWS\system32\DRIVERS\tcpip.sys

20:57:33.0109 2680        Tcpip - ok

20:57:33.0234 2680        TDPIPE          (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys

20:57:33.0437 2680        TDPIPE - ok

20:57:33.0546 2680        TDSMAPI         (564b337034271b7bddcabfddc91c6b7a) C:\WINDOWS\system32\drivers\TDSMAPI.SYS

20:57:33.0562 2680        TDSMAPI ( UnsignedFile.Multi.Generic ) - warning

20:57:33.0562 2680        TDSMAPI - detected UnsignedFile.Multi.Generic (1)

20:57:33.0578 2680        TDTCP           (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys

20:57:33.0750 2680        TDTCP - ok

20:57:33.0781 2680        TermDD          (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys

20:57:33.0984 2680        TermDD - ok

20:57:34.0046 2680        TosIde          (d213a9247dc347f305a2d4cc9b951487) C:\WINDOWS\system32\DRIVERS\toside.sys

20:57:34.0234 2680        TosIde - ok

20:57:34.0234 2680        TPHKDRV         (29f3601d4233a53f819010fee8c04a60) C:\WINDOWS\system32\drivers\TPHKDRV.sys

20:57:34.0265 2680        TPHKDRV ( UnsignedFile.Multi.Generic ) - warning

20:57:34.0265 2680        TPHKDRV - detected UnsignedFile.Multi.Generic (1)

20:57:34.0296 2680        TPPWRIF         (44672de6cea9569c21c4b7a8d2560750) C:\WINDOWS\system32\drivers\Tppwrif.sys

20:57:34.0312 2680        TPPWRIF ( UnsignedFile.Multi.Generic ) - warning

20:57:34.0312 2680        TPPWRIF - detected UnsignedFile.Multi.Generic (1)

20:57:34.0328 2680        TSMAPIP         (f2aba3066d7921d7fcdbd66dea88be11) C:\WINDOWS\system32\drivers\TSMAPIP.SYS

20:57:34.0343 2680        TSMAPIP ( UnsignedFile.Multi.Generic ) - warning

20:57:34.0343 2680        TSMAPIP - detected UnsignedFile.Multi.Generic (1)

20:57:34.0390 2680        Udfs            (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys

20:57:34.0609 2680        Udfs - ok

20:57:34.0687 2680        ultra           (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

20:57:34.0812 2680        ultra - ok

20:57:34.0890 2680        Update          (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys

20:57:35.0500 2680        Update - ok

20:57:35.0640 2680        usbccgp         (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

20:57:35.0812 2680        usbccgp - ok

20:57:35.0875 2680        usbehci         (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys

20:57:36.0062 2680        usbehci - ok

20:57:36.0093 2680        usbhub          (d31e07bf822c7f2bd32714e9ddca8be2) C:\WINDOWS\system32\DRIVERS\usbhub.sys

20:57:36.0640 2680        usbhub - ok

20:57:36.0703 2680        usbprint        (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys

20:57:36.0921 2680        usbprint - ok

20:57:37.0046 2680        USBSTOR         (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

20:57:37.0250 2680        USBSTOR - ok

20:57:37.0281 2680        usbuhci         (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

20:57:37.0453 2680        usbuhci - ok

20:57:37.0468 2680        VgaSave         (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys

20:57:37.0687 2680        VgaSave - ok

20:57:37.0734 2680        viaagp          (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys

20:57:37.0937 2680        viaagp - ok

20:57:38.0015 2680        ViaIde          (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys

20:57:38.0234 2680        ViaIde - ok

20:57:38.0265 2680        VolSnap         (d6888520ff56d72a50437e371ca25fc9) C:\WINDOWS\system32\drivers\VolSnap.sys

20:57:38.0453 2680        VolSnap - ok

20:57:38.0531 2680        vsdatant        (0354ba3a5ba5e28cc247eb5f5dd8793c) C:\WINDOWS\system32\vsdatant.sys

20:57:38.0562 2680        vsdatant - ok

20:57:38.0703 2680        w39n51          (73395a19fc86461a151d3c330604e8b3) C:\WINDOWS\system32\DRIVERS\w39n51.sys

20:57:38.0875 2680        w39n51 - ok

20:57:39.0015 2680        Wanarp          (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys

20:57:39.0218 2680        Wanarp - ok

20:57:39.0234 2680        WDICA - ok

20:57:39.0312 2680        wdmaud          (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys

20:57:39.0890 2680        wdmaud - ok

20:57:39.0953 2680        winachsf        (11ec1afceb5c917ce73d3c301ff4291e) C:\WINDOWS\system32\DRIVERS\hsx_cnxt.sys

20:57:40.0015 2680        winachsf - ok

20:57:40.0078 2680        WpdUsb          (c1b3d9d75c3fb735f5fa3a5806aded57) C:\WINDOWS\system32\Drivers\wpdusb.sys

20:57:40.0109 2680        WpdUsb - ok

20:57:40.0171 2680        MBR (0x1B8)     (b3a3a30ee90e92c8f3b9e9e37c210c8d) \Device\Harddisk0\DR0

20:57:41.0312 2680        \Device\Harddisk0\DR0 - ok

20:57:41.0328 2680        Boot (0x1200)   (d9cb66c969516e0ef5531fc62c0d07ea) \Device\Harddisk0\DR0\Partition0

20:57:41.0328 2680        \Device\Harddisk0\DR0\Partition0 - ok

20:57:41.0328 2680        ============================================================

20:57:41.0328 2680        Scan finished

20:57:41.0328 2680        ============================================================

20:57:41.0437 2728        Detected object count: 33

20:57:41.0437 2728        Actual detected object count: 33

20:58:40.0531 2728        AegisP ( UnsignedFile.Multi.Generic ) - skipped by user

20:58:40.0531 2728        AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip 

20:58:40.0531 2728        ANC ( UnsignedFile.Multi.Generic ) - skipped by user

20:58:40.0531 2728        ANC ( UnsignedFile.Multi.Generic ) - User select action: Skip 

20:58:40.0531 2728        BTKRNL ( UnsignedFile.Multi.Generic ) - skipped by user

20:58:40.0531 2728        BTKRNL ( UnsignedFile.Multi.Generic ) - User select action: Skip 

20:58:40.0531 2728        BTWUSB ( UnsignedFile.Multi.Generic ) - skipped by user

20:58:40.0531 2728        BTWUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip 

20:58:40.0531 2728        CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user

20:58:40.0531 2728        CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip 

20:58:40.0531 2728        DLABOIOM ( UnsignedFile.Multi.Generic ) - skipped by user

20:58:40.0531 2728        DLABOIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip 

20:58:40.0531 2728        DLACDBHM ( UnsignedFile.Multi.Generic ) - skipped by user

20:58:40.0531 2728        DLACDBHM ( UnsignedFile.Multi.Generic ) - User select action: Skip 

20:58:40.0531 2728        DLADResN ( UnsignedFile.Multi.Generic ) - skipped by user

20:58:40.0531 2728        DLADResN ( UnsignedFile.Multi.Generic ) - User select action: Skip 

20:58:40.0546 2728        DLAIFS_M ( UnsignedFile.Multi.Generic ) - skipped by user

20:58:40.0546 2728        DLAIFS_M ( UnsignedFile.Multi.Generic ) - User select action: Skip 

20:58:40.0546 2728        DLAOPIOM ( UnsignedFile.Multi.Generic ) - skipped by user

20:58:40.0546 2728        DLAOPIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip 

20:58:40.0546 2728        DLAPoolM ( UnsignedFile.Multi.Generic ) - skipped by user

20:58:40.0546 2728        DLAPoolM ( UnsignedFile.Multi.Generic ) - User select action: Skip 

20:58:40.0546 2728        DLARTL_N ( UnsignedFile.Multi.Generic ) - skipped by user

20:58:40.0546 2728        DLARTL_N ( UnsignedFile.Multi.Generic ) - User select action: Skip 

20:58:40.0546 2728        DLAUDFAM ( UnsignedFile.Multi.Generic ) - skipped by user

20:58:40.0546 2728        DLAUDFAM ( UnsignedFile.Multi.Generic ) - User select action: Skip 

20:58:40.0546 2728        DLAUDF_M ( UnsignedFile.Multi.Generic ) - skipped by user

20:58:40.0546 2728        DLAUDF_M ( UnsignedFile.Multi.Generic ) - User select action: Skip 

20:58:40.0546 2728        DRVMCDB ( UnsignedFile.Multi.Generic ) - skipped by user

20:58:40.0546 2728        DRVMCDB ( UnsignedFile.Multi.Generic ) - User select action: Skip 

20:58:40.0562 2728        DRVNDDM ( UnsignedFile.Multi.Generic ) - skipped by user

20:58:40.0562 2728        DRVNDDM ( UnsignedFile.Multi.Generic ) - User select action: Skip 

20:58:40.0562 2728        EGATHDRV ( UnsignedFile.Multi.Generic ) - skipped by user

20:58:40.0562 2728        EGATHDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 

20:58:40.0562 2728        ibmfilter ( UnsignedFile.Multi.Generic ) - skipped by user

20:58:40.0562 2728        ibmfilter ( UnsignedFile.Multi.Generic ) - User select action: Skip 

20:58:40.0562 2728        IBMTPCHK ( UnsignedFile.Multi.Generic ) - skipped by user

20:58:40.0562 2728        IBMTPCHK ( UnsignedFile.Multi.Generic ) - User select action: Skip 

20:58:40.0562 2728        pmem ( UnsignedFile.Multi.Generic ) - skipped by user

20:58:40.0562 2728        pmem ( UnsignedFile.Multi.Generic ) - User select action: Skip 

20:58:40.0562 2728        PrivateDisk ( UnsignedFile.Multi.Generic ) - skipped by user

20:58:40.0562 2728        PrivateDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 

20:58:40.0562 2728        PROCDD ( UnsignedFile.Multi.Generic ) - skipped by user

20:58:40.0562 2728        PROCDD ( UnsignedFile.Multi.Generic ) - User select action: Skip 

20:58:40.0578 2728        psadd ( UnsignedFile.Multi.Generic ) - skipped by user

20:58:40.0578 2728        psadd ( UnsignedFile.Multi.Generic ) - User select action: Skip 

20:58:40.0578 2728        PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user

20:58:40.0578 2728        PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

20:58:40.0578 2728        s24trans ( UnsignedFile.Multi.Generic ) - skipped by user

20:58:40.0578 2728        s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip 

20:58:40.0578 2728        ShockMgr ( UnsignedFile.Multi.Generic ) - skipped by user

20:58:40.0578 2728        ShockMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip 

20:58:40.0578 2728        Shockprf ( UnsignedFile.Multi.Generic ) - skipped by user

20:58:40.0578 2728        Shockprf ( UnsignedFile.Multi.Generic ) - User select action: Skip 

20:58:40.0578 2728        Smapint ( UnsignedFile.Multi.Generic ) - skipped by user

20:58:40.0578 2728        Smapint ( UnsignedFile.Multi.Generic ) - User select action: Skip 

20:58:40.0578 2728        smi2 ( UnsignedFile.Multi.Generic ) - skipped by user

20:58:40.0578 2728        smi2 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

20:58:40.0593 2728        TDSMAPI ( UnsignedFile.Multi.Generic ) - skipped by user

20:58:40.0593 2728        TDSMAPI ( UnsignedFile.Multi.Generic ) - User select action: Skip 

20:58:40.0593 2728        TPHKDRV ( UnsignedFile.Multi.Generic ) - skipped by user

20:58:40.0593 2728        TPHKDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 

20:58:40.0593 2728        TPPWRIF ( UnsignedFile.Multi.Generic ) - skipped by user

20:58:40.0593 2728        TPPWRIF ( UnsignedFile.Multi.Generic ) - User select action: Skip 

20:58:40.0593 2728        TSMAPIP ( UnsignedFile.Multi.Generic ) - skipped by user

20:58:40.0593 2728        TSMAPIP ( UnsignedFile.Multi.Generic ) - User select action: Skip