Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   mine.exe hat ein Problem festgestellt und muss beendet werden. Was ist das??? (https://www.trojaner-board.de/108466-mine-exe-hat-problem-festgestellt-beendet.html)

wilco 22.01.2012 20:38
mine.exe hat ein Problem festgestellt und muss beendet werden. Was ist das???
 
bei mir auf dem laptop erscheint alle paar sekunden ein fenster mit folgendem Text:

mine.exe hat ein Problem festgestellt und muss beendet werden.

was ist das und wie kann ich dieses entfernen? bitte um Hilfe!!!

Vielen Dank für die Antworten im voraus!!!

markusg 22.01.2012 20:44
hi,
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

wilco 22.01.2012 22:38
OTL Logfile:
Code:
OTL logfile created on: 22.01.2012 22:08:07 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Dokumente und Einstellungen\x\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
502,41 Mb Total Physical Memory | 128,95 Mb Available Physical Memory | 25,67% Memory free
1,20 Gb Paging File | 0,43 Gb Available in Paging File | 36,27% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 37,26 Gb Total Space | 21,10 Gb Free Space | 56,62% Space Free | Partition Type: NTFS
 
Computer Name: WILLI | User Name: x | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.22 22:06:52 | 000,033,792 | ---- | M] () -- C:\WINDOWS\temp\obnhlx\setup.exe
PRC - [2012.01.22 21:35:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\x\Eigene Dateien\Downloads\OTL.exe
PRC - [2012.01.05 10:48:46 | 001,047,024 | ---- | M] (Google Inc.) -- C:\Programme\Google\Chrome\Application\chrome.exe
PRC - [2011.09.22 13:28:03 | 000,243,712 | ---- | M] (Maze Album Hauls) -- C:\WINDOWS\system32\drivers\svajnager.exe
PRC - [2011.09.21 23:18:42 | 000,188,928 | ---- | M] () -- C:\WINDOWS\system32\drivers\systkmo.exe
PRC - [2011.09.21 23:18:09 | 000,154,624 | ---- | M] (Speck Tans Sight Letter Who Holmes) -- C:\WINDOWS\system32\drivers\winfins.exe
PRC - [2011.08.30 10:01:40 | 000,314,061 | ---- | M] (Malwarebytes Corporation) -- C:\Dokumente und Einstellungen\x\Anwendungsdaten\winlogons.exe
PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.04.21 06:53:10 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.04.21 06:52:51 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.21 06:52:36 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.05.14 11:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe
PRC - [2010.05.14 11:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2009.09.18 17:48:28 | 000,009,216 | ---- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
PRC - [2009.02.27 06:54:22 | 000,870,672 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe
PRC - [2009.02.27 05:55:20 | 000,909,312 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\S24EvMon.exe
PRC - [2009.02.27 05:38:38 | 000,473,360 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe
PRC - [2004.11.09 11:53:00 | 000,073,728 | ---- | M] (IBM Corp.) -- C:\WINDOWS\system32\QCONSVC.EXE
PRC - [2004.08.06 01:23:10 | 000,308,352 | ---- | M] (Symantec Corporation) -- c:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
PRC - [2004.08.04 08:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004.03.19 21:21:10 | 000,339,968 | ---- | M] () -- C:\Programme\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
PRC - [2003.12.04 22:58:00 | 000,158,640 | ---- | M] (Symantec Corporation) -- C:\Programme\Norton AntiVirus\navapsvc.exe
PRC - [2003.11.20 22:18:22 | 000,234,416 | ---- | M] (Symantec Corporation) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
PRC - [2003.11.20 22:16:32 | 000,254,896 | ---- | M] (Symantec Corporation) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
PRC - [2003.07.12 02:19:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.01.22 22:06:52 | 000,033,792 | ---- | M] () -- C:\WINDOWS\temp\obnhlx\setup.exe
MOD - [2012.01.05 10:48:44 | 000,411,120 | ---- | M] () -- C:\Programme\Google\Chrome\Application\16.0.912.75\ppgooglenaclpluginchrome.dll
MOD - [2012.01.05 10:48:43 | 003,767,792 | ---- | M] () -- C:\Programme\Google\Chrome\Application\16.0.912.75\pdf.dll
MOD - [2012.01.05 10:47:19 | 000,122,880 | ---- | M] () -- C:\Programme\Google\Chrome\Application\16.0.912.75\avutil-51.dll
MOD - [2012.01.05 10:47:18 | 000,222,208 | ---- | M] () -- C:\Programme\Google\Chrome\Application\16.0.912.75\avformat-53.dll
MOD - [2012.01.05 10:47:17 | 001,746,432 | ---- | M] () -- C:\Programme\Google\Chrome\Application\16.0.912.75\avcodec-53.dll
MOD - [2012.01.05 08:06:01 | 008,593,056 | ---- | M] () -- C:\Programme\Google\Chrome\Application\16.0.912.75\gcswf32.dll
MOD - [2011.09.21 23:18:42 | 000,188,928 | ---- | M] () -- C:\WINDOWS\system32\drivers\systkmo.exe
MOD - [2011.08.31 20:14:08 | 000,056,832 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe\sp.DLL
MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.07.26 14:51:26 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\5adb0f89d469632511aed9d88cfe05c4\System.ServiceProcess.ni.dll
MOD - [2011.07.26 14:51:14 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\16670b6870746e5a8dc4a73a76a90bed\System.Management.ni.dll
MOD - [2011.07.26 14:49:30 | 000,679,936 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\42b2ffb594dbd5652a576a0dce28722c\System.Security.ni.dll
MOD - [2011.07.26 14:49:23 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\631b3eba1ba5bd3c3f027f34011cadeb\System.Configuration.ni.dll
MOD - [2011.07.26 14:46:36 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\563a54b98adb70fae862974042298348\System.Xml.ni.dll
MOD - [2011.07.26 14:38:04 | 007,949,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\37217abe2c5164e59aba251860f4c79e\System.ni.dll
MOD - [2011.07.26 14:31:14 | 011,486,720 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll
MOD - [2011.05.18 21:39:56 | 000,315,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2011.05.18 21:38:17 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll
MOD - [2010.01.28 12:59:50 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2009.02.27 05:51:14 | 000,200,704 | ---- | M] () -- C:\Programme\Intel\WiFi\bin\iWMSProv.dll
MOD - [2004.08.25 21:27:00 | 000,086,016 | ---- | M] () -- C:\WINDOWS\system32\ati2evxx.dll
MOD - [2004.03.19 21:21:10 | 000,339,968 | ---- | M] () -- C:\Programme\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
MOD - [2003.07.12 02:19:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] --  -- (HidServ)
SRV - File not found [Auto | Stopped] --  -- (AMService)
SRV - [2011.09.22 13:28:03 | 000,243,712 | ---- | M] (Maze Album Hauls) [Auto | Running] -- C:\WINDOWS\system32\drivers\svajnager.exe -- (svajnag)
SRV - [2011.09.21 23:18:42 | 000,188,928 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\drivers\systkmo.exe -- (systkmo)
SRV - [2011.09.21 23:18:09 | 000,154,624 | ---- | M] (Speck Tans Sight Letter Who Holmes) [Auto | Running] -- C:\WINDOWS\system32\drivers\winfins.exe -- (winfins)
SRV - [2011.08.31 20:14:08 | 000,056,832 | ---- | M] () [Auto | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe\sp.DLL -- (SPService)
SRV - [2011.04.21 06:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.04.21 06:52:36 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.09.18 17:48:28 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2009.07.02 20:46:44 | 000,032,256 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\psasrv.exe -- (PsaSrv)
SRV - [2009.02.27 06:54:22 | 000,870,672 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2009.02.27 05:55:20 | 000,909,312 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2009.02.27 05:38:38 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2006.10.26 18:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2004.11.09 11:53:00 | 000,073,728 | ---- | M] (IBM Corp.) [Auto | Running] -- C:\WINDOWS\system32\QCONSVC.EXE -- (QCONSVC)
SRV - [2004.08.06 01:23:10 | 000,308,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC)
SRV - [2004.03.19 21:21:10 | 000,339,968 | ---- | M] () [Auto | Running] -- C:\Programme\IBM\IBM Rapid Restore Ultra\rrpcsb.exe -- (IBM Rapid Restore Ultra Service)
SRV - [2003.12.04 22:58:00 | 000,158,640 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Norton AntiVirus\navapsvc.exe -- (navapsvc)
SRV - [2003.11.26 12:26:20 | 000,193,816 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Norton AntiVirus\SAVScan.exe -- (SAVScan)
SRV - [2003.11.20 22:18:22 | 000,234,416 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2003.11.20 22:17:46 | 000,086,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2003.11.20 22:16:32 | 000,254,896 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2003.07.12 02:19:22 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
SRV - [2003.06.25 02:23:10 | 000,066,784 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\Script Blocking\SBServ.exe -- (SBService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.06.17 11:35:50 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.17 11:35:50 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.09.29 15:05:15 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.08.18 12:06:56 | 000,114,688 | R--- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2009.08.18 12:06:56 | 000,105,088 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV - [2009.08.18 12:06:56 | 000,105,088 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009.08.18 12:06:56 | 000,105,088 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009.08.18 12:06:56 | 000,105,088 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009.07.02 20:46:44 | 000,013,312 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2009.06.30 17:46:24 | 000,009,728 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2008.08.13 16:23:56 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008.01.07 13:36:16 | 002,216,064 | R--- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2004.11.09 11:53:00 | 000,012,288 | ---- | M] (IBM Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qcndisif.sys -- (QCNDISIF)
DRV - [2004.11.09 11:53:00 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2004.11.09 11:53:00 | 000,002,432 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.SYS -- (IBMTPCHK)
DRV - [2004.09.24 01:39:58 | 000,064,256 | ---- | M] (IBM) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ibmfilter.sys -- (ibmfilter)
DRV - [2004.08.25 21:28:46 | 000,787,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004.08.02 20:11:30 | 000,600,264 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20040801.016\NAVEX15.SYS -- (NAVEX15)
DRV - [2004.08.02 20:11:28 | 000,068,168 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20040801.016\NAVENG.SYS -- (NAVENG)
DRV - [2004.07.29 09:37:00 | 000,016,384 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWR.SYS -- (TPPWR)
DRV - [2004.07.29 09:36:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2004.07.29 09:36:00 | 000,009,341 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2004.07.22 23:25:58 | 000,197,888 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004.07.22 23:24:52 | 000,676,096 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004.07.22 23:24:20 | 001,041,152 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004.07.15 10:31:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2003.11.21 19:07:52 | 000,082,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2003.11.07 22:47:00 | 000,308,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Norton AntiVirus\savrt.sys -- (SAVRT)
DRV - [2003.11.07 22:47:00 | 000,037,056 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Programme\Norton AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2003.10.28 07:00:04 | 000,182,280 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2003.10.28 07:00:04 | 000,015,176 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2001.11.01 10:57:14 | 000,095,104 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3ssavm.sys -- (S3SSavage)
DRV - [2001.08.17 21:48:14 | 000,011,520 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TwoTrack.sys -- (TwoTrack)
DRV - [2001.08.17 21:28:10 | 000,802,683 | ---- | M] (Lucent Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LTSM.sys -- (LucentSoftModem)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Willkommen bei Facebook - anmelden, registrieren oder mehr erfahren
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "BearShare Web Search"
FF - prefs.js..browser.search.order.1: "BearShare Web Search"
FF - prefs.js..browser.search.selectedEngine: "BearShare Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:2.0
FF - prefs.js..extensions.enabledItems: {E84D42CA-64EB-11DE-A65F-8C3656D89593}:3.1
FF - prefs.js..extensions.enabledItems: wisestamp@wisestamp.com:2.0.4
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.0.36949
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.126
FF - prefs.js..keyword.URL: "hxxp://search.bearshare.com/web?src=ffb&systemid=2&q="
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Programme\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Programme\Veetle\Player\npvlc.dll (Veetle Inc)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009.08.23 09:07:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.09.16 23:19:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.12.22 18:02:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.01.22 13:02:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009.08.23 09:07:41 | 000,000,000 | ---D | M]
 
[2010.12.09 23:49:49 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\x\Anwendungsdaten\Mozilla\Extensions
[2011.09.26 15:48:58 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\x\Anwendungsdaten\Mozilla\Firefox\Profiles\uiho2ook.default\extensions
[2011.08.01 18:58:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\x\Anwendungsdaten\Mozilla\Firefox\Profiles\uiho2ook.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.05.19 08:30:46 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Dokumente und Einstellungen\x\Anwendungsdaten\Mozilla\Firefox\Profiles\uiho2ook.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.12.09 23:50:04 | 000,000,000 | ---D | M] (MediaBar) -- C:\Dokumente und Einstellungen\x\Anwendungsdaten\Mozilla\Firefox\Profiles\uiho2ook.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}
[2010.12.22 18:14:20 | 000,000,000 | ---D | M] (Cooliris) -- C:\Dokumente und Einstellungen\x\Anwendungsdaten\Mozilla\Firefox\Profiles\uiho2ook.default\extensions\piclens@cooliris.com
[2010.12.22 18:14:24 | 000,000,000 | ---D | M] (WiseStamp) -- C:\Dokumente und Einstellungen\x\Anwendungsdaten\Mozilla\Firefox\Profiles\uiho2ook.default\extensions\wisestamp@wisestamp.com
[2010.09.14 13:41:12 | 000,002,506 | ---- | M] () -- C:\Dokumente und Einstellungen\x\Anwendungsdaten\Mozilla\Firefox\Profiles\uiho2ook.default\searchplugins\BearShareWebSearch.xml
[2012.01.22 13:02:57 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.01.22 13:02:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.09 23:49:49 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAMME\BEARSHARE APPLICATIONS\MEDIABAR\DATAMNGR\FIREFOXEXTENSION
[2011.09.16 23:19:48 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAMME\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.01.22 13:02:17 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2010.10.27 06:44:13 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.09.14 13:41:12 | 000,002,506 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\BearShareWebSearch.xml
[2010.10.27 06:44:13 | 000,002,344 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2010.10.27 06:44:13 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.10.27 06:44:13 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.10.27 06:44:13 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Programme\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Dokumente und Einstellungen\x\Anwendungsdaten\Mozilla\plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Programme\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Programme\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Programme\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Dokumente und Einstellungen\x\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\
CHR - Extension: Facebook Sidebar Chat Reversion = C:\Dokumente und Einstellungen\x\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pfophgoebcoehkldfgeffhnlcabhhomn\2.1.3_0\
 
Hosts file not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O3 - HKLM\..\Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BMMGAG] C:\Programme\ThinkPad\Utilities\PWRMONIT.DLL (IBM Corp.)
O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found
O4 - HKCU..\Run: [{C293C995-AC8B-4268-B24B-EE6672B3AA5B}] C:\Dokumente und Einstellungen\x\Anwendungsdaten\Iksa\fura.exe (FileZilla Project)
O4 - HKCU..\Run: [Svchost.exe] C:\Dokumente und Einstellungen\x\Anwendungsdaten\Svchost.exe (Piriform Ltd)
O4 - HKCU..\Run: [Windows Defender] C:\Dokumente und Einstellungen\x\Startmenü\Programme\Autostart\svchost.exe ()
O4 - HKCU..\Run: [Windows NT Login Application] C:\Dokumente und Einstellungen\x\Anwendungsdaten\winlogons.exe (Malwarebytes Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\x\Startmenü\Programme\Autostart\svchost.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\x\Startmenü\Programme\Autostart\update--skype.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\x\Startmenü\Programme\Autostart\update.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\x\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: HP Intelligente Auswahl - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - Reg Error: Key error. File not found
O15 - HKCU\..Trusted Domains:  ([]msn in My Computer)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/1.4.1/jinstall-141-win.cab (Java Plug-in 1.4.1)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3993537-2F3C-4F38-8847-9547211F1A41}: NameServer = 139.7.30.125,139.7.30.126
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EBF1B41B-7F51-4146-8B0B-C5AD1C0FF83D}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll ()
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\QConGina: DllName - (QConGina.dll) - C:\WINDOWS\System32\QConGina.dll (IBM Corp.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.08.15 04:17:10 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{625b6a70-891b-11df-852c-001125847c87}\Shell\AutoRun\command - "" = E:\SysDrvCache\sysdrv-c289068.exe
O33 - MountPoints2\{625b6a70-891b-11df-852c-001125847c87}\Shell\explore\command - "" = E:\SysDrvCache\sysdrv-c289068.exe
O33 - MountPoints2\{625b6a70-891b-11df-852c-001125847c87}\Shell\open\command - "" = E:\SysDrvCache\sysdrv-c289068.exe
O33 - MountPoints2\{625b6a70-891b-11df-852c-001125847c87}\Shell\search\command - "" = E:\SysDrvCache\sysdrv-c289068.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.22 21:09:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2012.01.22 19:50:05 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~0
[2012.01.22 19:17:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2012.01.22 19:17:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Sun
[2012.01.22 13:05:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\firebird
[2012.01.22 13:05:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\x\Scoutsystems
[2012.01.22 13:05:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TrainerScout
[2012.01.22 13:05:02 | 000,000,000 | ---D | C] -- C:\Programme\TrainerScout
[2012.01.22 13:03:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun
[2012.01.22 13:03:27 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java
[2012.01.22 13:02:01 | 000,000,000 | ---D | C] -- C:\Programme\Java
[2012.01.22 13:01:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\x\Anwendungsdaten\Sun
[2011.09.04 07:58:11 | 000,314,252 | -HS- | C] (Piriform Ltd) -- C:\Dokumente und Einstellungen\x\Anwendungsdaten\Svchost.exe
[2011.08.28 09:49:49 | 000,314,061 | ---- | C] (Malwarebytes Corporation) -- C:\Dokumente und Einstellungen\x\Anwendungsdaten\winlogons.exe
[2009.07.02 19:09:01 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Dokumente und Einstellungen\x\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\x\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.22 21:56:07 | 000,001,080 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.22 18:36:52 | 000,001,076 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.22 18:36:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.01.22 18:36:37 | 526,880,768 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.22 13:05:22 | 000,000,674 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TrainerScout.lnk
[2012.01.22 12:59:26 | 000,001,788 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk
[2012.01.22 12:51:07 | 000,444,362 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.01.22 12:51:06 | 000,487,730 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.01.22 12:51:06 | 000,095,538 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.01.22 12:51:06 | 000,072,238 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.01.22 12:40:41 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Dokumente und Einstellungen\x\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\x\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.01.22 13:05:21 | 000,000,674 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TrainerScout.lnk
[2011.09.21 23:18:42 | 000,188,928 | ---- | C] () -- C:\WINDOWS\System32\drivers\systkmo.exe
[2011.09.21 23:18:42 | 000,000,017 | ---- | C] () -- C:\WINDOWS\keys.ini703
[2011.09.21 23:18:42 | 000,000,017 | ---- | C] () -- C:\WINDOWS\keys.ini
[2011.09.21 23:18:41 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\sLT.exf
[2011.09.21 23:18:14 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\sLT.exf
[2011.08.17 15:55:12 | 000,335,872 | ---- | C] () -- C:\Dokumente und Einstellungen\x\Anwendungsdaten\chrtmp
[2011.08.17 15:12:33 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011.08.17 15:12:33 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011.08.17 15:12:33 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011.08.17 15:12:33 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011.08.17 15:12:33 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011.08.15 10:39:50 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.12.21 19:36:32 | 000,078,188 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2010.12.18 12:20:13 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010.12.18 12:20:12 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010.12.18 12:20:07 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010.12.18 12:20:07 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010.12.18 12:20:06 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2010.12.18 12:20:05 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010.12.17 00:21:16 | 000,187,900 | ---- | C] () -- C:\WINDOWS\hpoins28.dat.temp
[2010.12.17 00:21:16 | 000,000,796 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat.temp
[2010.12.17 00:16:20 | 000,093,093 | ---- | C] () -- C:\WINDOWS\hpqins11.dat
[2010.12.16 22:26:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2010.12.15 00:03:34 | 000,019,549 | ---- | C] () -- C:\WINDOWS\hpqins13.dat
[2010.12.10 01:30:32 | 000,000,134 | ---- | C] () -- C:\Dokumente und Einstellungen\x\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2010.12.08 00:56:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009.10.15 18:17:10 | 000,130,520 | R--- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DeviceManager.xml.rc4
[2009.08.23 08:58:27 | 000,187,178 | ---- | C] () -- C:\WINDOWS\hpoins28.dat
[2009.08.23 08:58:27 | 000,000,796 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat
[2009.07.02 20:51:39 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009.07.02 20:50:55 | 000,184,320 | ---- | C] () -- C:\WINDOWS\TPBATHLP.EXE
[2009.07.02 20:48:55 | 000,002,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.SYS
[2009.07.02 20:46:57 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\psasrv.exe
[2009.07.02 20:43:42 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009.07.02 20:43:42 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009.07.02 20:43:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009.07.02 20:43:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009.07.02 20:43:42 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009.07.02 20:43:42 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009.07.02 20:42:34 | 000,000,136 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009.07.02 20:35:28 | 000,110,592 | ---- | C] () -- C:\WINDOWS\_tpiu000.exe
[2009.07.02 20:35:19 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2009.07.02 20:34:30 | 000,009,341 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2009.07.02 20:33:18 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\TpShocks.exe
[2009.07.02 20:33:07 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TpKmpSvc.exe
[2009.07.02 19:17:52 | 000,002,458 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009.07.02 19:09:01 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2009.07.02 19:09:01 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2008.05.26 22:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008.05.26 22:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008.05.26 22:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008.05.26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008.05.26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2004.11.09 01:12:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004.08.02 22:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.03.19 20:12:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\pwdmon.dll
[2004.03.19 20:12:10 | 000,019,692 | ---- | C] () -- C:\WINDOWS\ibmprc.ini
[2004.01.09 14:10:32 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\AIBMRUNL.dll
[2003.02.24 23:52:33 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003.02.24 23:48:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003.02.24 23:41:25 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003.02.24 23:35:29 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003.02.24 23:34:38 | 000,269,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003.02.03 13:26:18 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2002.01.21 23:48:12 | 000,106,496 | ---- | C] () -- C:\WINDOWS\desktopset.exe
[2001.08.23 15:26:08 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2001.08.23 15:24:30 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[1980.01.01 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[1980.01.01 08:00:00 | 000,487,730 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[1980.01.01 08:00:00 | 000,444,362 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[1980.01.01 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[1980.01.01 08:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[1980.01.01 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[1980.01.01 08:00:00 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[1980.01.01 08:00:00 | 000,095,538 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[1980.01.01 08:00:00 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[1980.01.01 08:00:00 | 000,072,238 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[1980.01.01 08:00:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ibmpmsvc.exe
[1980.01.01 08:00:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\tpinspm.dll
[1980.01.01 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[1980.01.01 08:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[1980.01.01 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[1980.01.01 08:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[1980.01.01 08:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[1980.01.01 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
 
========== LOP Check ==========
 
[2010.12.09 23:47:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BearShare
[2010.12.12 22:49:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Fighters
[2012.01.22 18:56:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\firebird
[2009.07.02 20:42:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBM
[2011.07.31 09:05:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Vodafone
[2011.08.31 20:23:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2012.01.22 21:09:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2010.12.09 23:50:04 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{A471C4AE-B27B-4761-9BCF-82FAAAAA2D01}
[2011.04.28 12:14:16 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{EBDD7DE0-D012-47DF-859B-DB1061E2D512}
[2012.01.22 21:09:14 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~0
[2010.12.09 23:50:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\x\Anwendungsdaten\bearsharemediabartb
[2011.08.28 09:50:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\x\Anwendungsdaten\bits
[2011.08.30 10:07:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\x\Anwendungsdaten\bits2
[2011.09.16 23:23:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\x\Anwendungsdaten\DDMSettings
[2011.05.19 08:30:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\x\Anwendungsdaten\DVDVideoSoftIEHelpers
[2009.08.23 10:01:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\x\Anwendungsdaten\IBM
[2011.09.18 11:38:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\x\Anwendungsdaten\Iduzt
[2011.08.27 22:27:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\x\Anwendungsdaten\Iksa
[2011.05.24 08:54:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\x\Anwendungsdaten\InterVideo
[2010.12.14 19:37:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\x\Anwendungsdaten\Softland
[2011.07.31 09:07:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\x\Anwendungsdaten\Vodafone
[2010.12.29 05:48:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\x\Anwendungsdaten\Windows Desktop Search
[2011.01.05 05:22:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\x\Anwendungsdaten\Windows Search
[2009.07.02 20:51:02 | 000,000,314 | ---- | M] () -- C:\WINDOWS\Tasks\BMMTask.job
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---

wilco 22.01.2012 22:43
OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 22.01.2012 22:08:07 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Dokumente und Einstellungen\x\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
502,41 Mb Total Physical Memory | 128,95 Mb Available Physical Memory | 25,67% Memory free
1,20 Gb Paging File | 0,43 Gb Available in Paging File | 36,27% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 37,26 Gb Total Space | 21,10 Gb Free Space | 56,62% Space Free | Partition Type: NTFS
 
Computer Name: WILLI | User Name: x | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"14347:TCP" = 14347:TCP:*:Enabled:spport
"13228:TCP" = 13228:TCP:*:Enabled:spport
"28512:TCP" = 28512:TCP:*:Enabled:spport
"24761:TCP" = 24761:TCP:*:Enabled:spport
"8611:TCP" = 8611:TCP:*:Enabled:spport
"9999:TCP" = 9999:TCP:*:Enabled:spport
"6565:TCP" = 6565:TCP:*:Enabled:spport
"29139:TCP" = 29139:TCP:*:Enabled:spport
"23836:TCP" = 23836:TCP:*:Enabled:spport
"6377:TCP" = 6377:TCP:*:Enabled:spport
"17548:TCP" = 17548:TCP:*:Enabled:spport
"12066:TCP" = 12066:TCP:*:Enabled:spport
"15995:TCP" = 15995:TCP:*:Enabled:spport
"21136:TCP" = 21136:TCP:*:Enabled:spport
"13644:TCP" = 13644:TCP:*:Enabled:spport
"21393:TCP" = 21393:TCP:*:Enabled:spport
"24377:TCP" = 24377:TCP:*:Enabled:spport
"17841:TCP" = 17841:TCP:*:Enabled:spport
"10407:TCP" = 10407:TCP:*:Enabled:spport
"20637:TCP" = 20637:TCP:*:Enabled:spport
"20247:TCP" = 20247:TCP:*:Enabled:spport
"29292:TCP" = 29292:TCP:*:Enabled:spport
"11019:TCP" = 11019:TCP:*:Enabled:spport
"13320:TCP" = 13320:TCP:*:Enabled:spport
"22612:TCP" = 22612:TCP:*:Enabled:spport
"17989:TCP" = 17989:TCP:*:Enabled:spport
"10579:TCP" = 10579:TCP:*:Enabled:spport
"25386:TCP" = 25386:TCP:*:Enabled:spport
"13851:TCP" = 13851:TCP:*:Enabled:spport
"15396:TCP" = 15396:TCP:*:Enabled:spport
"12832:TCP" = 12832:TCP:*:Enabled:spport
"14209:TCP" = 14209:TCP:*:Enabled:spport
"6668:TCP" = 6668:TCP:*:Enabled:spport
"29176:TCP" = 29176:TCP:*:Enabled:spport
"20669:TCP" = 20669:TCP:*:Enabled:spport
"5096:TCP" = 5096:TCP:*:Enabled:spport
"17012:TCP" = 17012:TCP:*:Enabled:spport
"22315:TCP" = 22315:TCP:*:Enabled:spport
"12170:TCP" = 12170:TCP:*:Enabled:spport
"10908:TCP" = 10908:TCP:*:Enabled:spport
"26659:TCP" = 26659:TCP:*:Enabled:spport
"23287:TCP" = 23287:TCP:*:Enabled:spport
"28378:TCP" = 28378:TCP:*:Enabled:spport
"15197:TCP" = 15197:TCP:*:Enabled:spport
"29688:TCP" = 29688:TCP:*:Enabled:spport
"21410:TCP" = 21410:TCP:*:Enabled:spport
"27773:TCP" = 27773:TCP:*:Enabled:spport
"23507:TCP" = 23507:TCP:*:Enabled:spport
"29469:TCP" = 29469:TCP:*:Enabled:spport
"5560:TCP" = 5560:TCP:*:Enabled:spport
"12734:TCP" = 12734:TCP:*:Enabled:spport
"6075:TCP" = 6075:TCP:*:Enabled:spport
"27458:TCP" = 27458:TCP:*:Enabled:spport
"27699:TCP" = 27699:TCP:*:Enabled:spport
"14807:TCP" = 14807:TCP:*:Enabled:spport
"18808:TCP" = 18808:TCP:*:Enabled:spport
"11043:TCP" = 11043:TCP:*:Enabled:spport
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\IBM\Updater\jre\bin\java.exe" = C:\Programme\IBM\Updater\jre\bin\java.exe:*:Enabled:IBM Update Connector -- (IBM)
"C:\Programme\IBM\Updater\jre\bin\javaw.exe" = C:\Programme\IBM\Updater\jre\bin\javaw.exe:*:Enabled:IBM Update Connector -- (IBM)
"C:\Programme\IBM\Updater\ucsmb.exe" = C:\Programme\IBM\Updater\ucsmb.exe:*:Enabled:IBM Update Connector -- (IBM Corporation, Inc.)
"C:\Programme\HP\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Programme\BearShare Applications\BearShare\BearShare.exe" = C:\Programme\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare -- (MusicLab, LLC)
"C:\Programme\HP\Digital Imaging\bin\hpqpse.exe" = C:\Programme\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Programme\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Programme\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Programme\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Programme\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\WINDOWS\system32\igfxcf32.exe" = C:\WINDOWS\system32\igfxcf32.exe:*:Enabled:xLAN -- (Joey Money Cesar Humid)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\IBM\Updater\jre\bin\java.exe" = C:\Programme\IBM\Updater\jre\bin\java.exe:*:Enabled:IBM Update Connector -- (IBM)
"C:\Programme\IBM\Updater\jre\bin\javaw.exe" = C:\Programme\IBM\Updater\jre\bin\javaw.exe:*:Enabled:IBM Update Connector -- (IBM)
"C:\Programme\IBM\Updater\ucsmb.exe" = C:\Programme\IBM\Updater\ucsmb.exe:*:Enabled:IBM Update Connector -- (IBM Corporation, Inc.)
"C:\Programme\HP\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Programme\BearShare Applications\BearShare\BearShare.exe" = C:\Programme\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare -- (MusicLab, LLC)
"C:\Programme\HP\Digital Imaging\bin\hpqpse.exe" = C:\Programme\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Programme\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Programme\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Programme\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Programme\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Programme\Google\Chrome\Application\chrome.exe" = C:\Programme\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.)
"C:\Dokumente und Einstellungen\x\M-1-54-6324-575-5275\winsvc.exe" = C:\Dokumente und Einstellungen\x\M-1-54-6324-575-5275\winsvc.exe:*:Enabled:Microsoft® Windows Security -- ()
"C:\WINDOWS\system32\igfxcf32.exe" = C:\WINDOWS\system32\igfxcf32.exe:*:Enabled:xLAN -- (Joey Money Cesar Humid)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = IBM ThinkVantage Technologies Welcome Message
"{11783F13-C3A9-44A8-929B-21A476F65272}" = IBM Rescue and Recovery with Rapid Restore
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = IBM DLA
"{1526D87C-A955-4FAB-BF18-697BA457E352}" = Norton WMI Update
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = Dienstprogramm 'IBM ThinkPad-Tastaturanpassung'
"{22B71A00-4DED-11D4-A5E5-0004AC564F43}" = IBM Access Connections
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{5F624839-947D-46EA-BD63-FD847C1AC6F1}" = BearShare
"{60D4F9F1-B828-4048-A5AB-9AA2FD0C4751}" = DJ_AIO_03_F4200_Software
"{6365C963-4B72-43F8-8392-2A5441EC2A86}" = DJ_AIO_03_F4220_ProductContext
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6C72E14A-C1F3-45E5-8810-83CE3C19ED63}" = IBM 32-bit Runtime Environment for Java 2, v1.4.1
"{6CE96A14-61E2-48CC-837E-22710A953ADE}" = IBM Themes
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{72806716-7088-41B2-8FA6-717A2A164DAB}" = IBM System für aktiven Festplattenschutz
"{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = IBM ThinkPad-UltraNav-Assistent
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8745DEAB-1126-42F5-9585-C66D5497B47B}" = EMEA Wallpaper
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{8D815BF3-2399-459C-B121-49373FEFB9E8}" = IBM Update Connector
"{8F32C384-D237-4516-9F2B-223E8963A2FB}" = Lager
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = IBM RecordNow!
"{96B51C0B-D3BE-4DF3-959C-28B22C10CFBB}" = Vodafone Mobile Connect Lite
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{BE8A9C2C-8E41-445B-A746-BEB0B1F992F8}" = DJ_AIO_03_F4200_Software_Min
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C3B6AEB1-390C-4792-8677-CD87F8B2C959}" = HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2004
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D327AFC9-7BAA-473A-8319-6EB7A0D40138}" = Symantec Script Blocking Installer
"{D6414CC7-F215-467F-88B1-546ED863F35B}" = CC_ccStart
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}" = ccCommon
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{E47EE8FB-ACC0-4608-859C-4E2851B18A6A}" = SymNet
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton AntiVirus Parent MSI
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EA664480-3844-11D5-8C25-444553540000}" = Funktion "IBM TrackPoint-Eingabehilfen"
"{EC6AF20D-4376-4070-BEE4-D3A0DFF7E140}" = Access IBM
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F22FD942-651D-4EE8-BD6F-7E0AF5E17625}" = Intel(R) PROSet/Wireless WiFi-Software
"{F413B3A4-EE5D-457C-BAE5-6E58D9589ED5}" = Access IBM Message Center
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{FC37ABD0-2108-4beb-B010-1254E0662B5A}" = MSRedist
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BearShare" = BearShare
"BearShare MediaBar" = MediaBar
"CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014" = IBM Integrated 56K Modem
"DivX Setup" = DivX-Setup
"doPDF 7 printer_is1" = doPDF 7.2 printer
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.8
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.37.426
"Google Chrome" = Google Chrome
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 11.0
"HPOCR" = OCR Software by I.R.I.S. 11.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{6C72E14A-C1F3-45E5-8810-83CE3C19ED63}" = IBM 32-bit Runtime Environment for Java 2, v1.4.1
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.1.7 (Full)
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 1.90 (Symantec Corporation)
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Power Management Driver" = IBM ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"Shop for HP Supplies" = Shop for HP Supplies
"SymSetup.{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2004 (Symantec Corporation)
"SynTPDeinstKey" = IBM ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"ThinkPadSoftwareInstaller" = Installationsprogramm für ThinkPad-Software
"TrainerScout" = TrainerScout
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.5
"WIC" = Windows Imaging Component
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 22.01.2012 17:05:55 | Computer Name = WILLI | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung mine.exe, Version 0.0.0.0, fehlgeschlagenes
 Modul mine.exe, Version 0.0.0.0, Fehleradresse 0x0002f88c.
 
Error - 22.01.2012 17:06:51 | Computer Name = WILLI | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung mine.exe, Version 0.0.0.0, fehlgeschlagenes
 Modul mine.exe, Version 0.0.0.0, Fehleradresse 0x0002f88c.
 
Error - 22.01.2012 17:07:53 | Computer Name = WILLI | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung mine.exe, Version 0.0.0.0, fehlgeschlagenes
 Modul mine.exe, Version 0.0.0.0, Fehleradresse 0x0002f88c.
 
Error - 22.01.2012 17:07:53 | Computer Name = WILLI | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung mine.exe, Version 0.0.0.0, fehlgeschlagenes
 Modul mine.exe, Version 0.0.0.0, Fehleradresse 0x0002f88c.
 
Error - 22.01.2012 17:08:53 | Computer Name = WILLI | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung mine.exe, Version 0.0.0.0, fehlgeschlagenes
 Modul mine.exe, Version 0.0.0.0, Fehleradresse 0x0002f88c.
 
Error - 22.01.2012 17:08:53 | Computer Name = WILLI | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung mine.exe, Version 0.0.0.0, fehlgeschlagenes
 Modul mine.exe, Version 0.0.0.0, Fehleradresse 0x0002f88c.
 
Error - 22.01.2012 17:09:53 | Computer Name = WILLI | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung mine.exe, Version 0.0.0.0, fehlgeschlagenes
 Modul mine.exe, Version 0.0.0.0, Fehleradresse 0x0002f88c.
 
Error - 22.01.2012 17:09:53 | Computer Name = WILLI | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung mine.exe, Version 0.0.0.0, fehlgeschlagenes
 Modul mine.exe, Version 0.0.0.0, Fehleradresse 0x0002f88c.
 
Error - 22.01.2012 17:19:03 | Computer Name = WILLI | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung mine.exe, Version 0.0.0.0, fehlgeschlagenes
 Modul mine.exe, Version 0.0.0.0, Fehleradresse 0x0002f88c.
 
Error - 22.01.2012 17:19:03 | Computer Name = WILLI | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung mine.exe, Version 0.0.0.0, fehlgeschlagenes
 Modul mine.exe, Version 0.0.0.0, Fehleradresse 0x0002f88c.
 
[ Application Events ]
Error - 22.01.2012 17:05:55 | Computer Name = WILLI | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung mine.exe, Version 0.0.0.0, fehlgeschlagenes
 Modul mine.exe, Version 0.0.0.0, Fehleradresse 0x0002f88c.
 
Error - 22.01.2012 17:06:51 | Computer Name = WILLI | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung mine.exe, Version 0.0.0.0, fehlgeschlagenes
 Modul mine.exe, Version 0.0.0.0, Fehleradresse 0x0002f88c.
 
Error - 22.01.2012 17:07:53 | Computer Name = WILLI | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung mine.exe, Version 0.0.0.0, fehlgeschlagenes
 Modul mine.exe, Version 0.0.0.0, Fehleradresse 0x0002f88c.
 
Error - 22.01.2012 17:07:53 | Computer Name = WILLI | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung mine.exe, Version 0.0.0.0, fehlgeschlagenes
 Modul mine.exe, Version 0.0.0.0, Fehleradresse 0x0002f88c.
 
Error - 22.01.2012 17:08:53 | Computer Name = WILLI | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung mine.exe, Version 0.0.0.0, fehlgeschlagenes
 Modul mine.exe, Version 0.0.0.0, Fehleradresse 0x0002f88c.
 
Error - 22.01.2012 17:08:53 | Computer Name = WILLI | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung mine.exe, Version 0.0.0.0, fehlgeschlagenes
 Modul mine.exe, Version 0.0.0.0, Fehleradresse 0x0002f88c.
 
Error - 22.01.2012 17:09:53 | Computer Name = WILLI | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung mine.exe, Version 0.0.0.0, fehlgeschlagenes
 Modul mine.exe, Version 0.0.0.0, Fehleradresse 0x0002f88c.
 
Error - 22.01.2012 17:09:53 | Computer Name = WILLI | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung mine.exe, Version 0.0.0.0, fehlgeschlagenes
 Modul mine.exe, Version 0.0.0.0, Fehleradresse 0x0002f88c.
 
Error - 22.01.2012 17:19:03 | Computer Name = WILLI | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung mine.exe, Version 0.0.0.0, fehlgeschlagenes
 Modul mine.exe, Version 0.0.0.0, Fehleradresse 0x0002f88c.
 
Error - 22.01.2012 17:19:03 | Computer Name = WILLI | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung mine.exe, Version 0.0.0.0, fehlgeschlagenes
 Modul mine.exe, Version 0.0.0.0, Fehleradresse 0x0002f88c.
 
[ OSession Events ]
Error - 14.02.2011 10:26:12 | Computer Name = WILLI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 9294
 seconds with 3960 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 22.01.2012 07:43:48 | Computer Name = WILLI | Source = Service Control Manager | ID = 7022
Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht ordnungsgemäß
 gestartet.
 
Error - 22.01.2012 07:45:58 | Computer Name = WILLI | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Gatewaydienst
 auf Anwendungsebene.
 
Error - 22.01.2012 07:45:58 | Computer Name = WILLI | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Gatewaydienst auf Anwendungsebene" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%1053
 
Error - 22.01.2012 07:53:37 | Computer Name = WILLI | Source = Windows Update Agent | ID = 16
Description = Verbindung nicht möglich: Es konnte keine Verbindung mit dem Dienst
 "Automatische Updates" hergestellt werden, daher können Updates nicht nach dem
angegebenen Zeitplan heruntergeladen und installiert werden. Es wird weiterhin versucht,
 eine Verbindung herzustellen.
 
Error - 22.01.2012 08:33:08 | Computer Name = WILLI | Source = Service Control Manager | ID = 7022
Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht ordnungsgemäß
 gestartet.
 
Error - 22.01.2012 12:23:25 | Computer Name = WILLI | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Vodafone
 Mobile Connect Service.
 
Error - 22.01.2012 12:24:31 | Computer Name = WILLI | Source = Service Control Manager | ID = 7022
Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht ordnungsgemäß
 gestartet.
 
Error - 22.01.2012 12:25:28 | Computer Name = WILLI | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst WMI-Leistungsadapter.
 
Error - 22.01.2012 12:25:28 | Computer Name = WILLI | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WMI-Leistungsadapter" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%1053
 
Error - 22.01.2012 13:39:46 | Computer Name = WILLI | Source = Service Control Manager | ID = 7022
Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht ordnungsgemäß
 gestartet.
 
 
< End of report >
--- --- ---

markusg 23.01.2012 12:45
hi
wenn du deinen nutzernamen in den berichten geendert hast, passe ihn im folgendem script an, damit es funktioniert.


dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
:OTL
O4 - HKCU..\Run: [{C293C995-AC8B-4268-B24B-EE6672B3AA5B}] C:\Dokumente und Einstellungen\x\Anwendungsdaten\Iksa\fura.exe (FileZilla Project)
O4 - HKCU..\Run: [Svchost.exe] C:\Dokumente und Einstellungen\x\Anwendungsdaten\Svchost.exe (Piriform Ltd)
O4 - HKCU..\Run: [Windows Defender] C:\Dokumente und Einstellungen\x\Startmenü\Programme\Autostart\svchost.exe ()
O4 - HKCU..\Run: [Windows NT Login Application] C:\Dokumente und Einstellungen\x\Anwendungsdaten\winlogons.exe (Malwarebytes Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\x\Startmenü\Programme\Autostart\svchost.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\x\Startmenü\Programme\Autostart\update--skype.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\x\Startmenü\Programme\Autostart\update.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
[2012.01.22 21:09:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2012.01.22 19:50:05 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~0
 :Files
C:\Dokumente und Einstellungen\x\Anwendungsdaten\Iksa
C:\Dokumente und Einstellungen\x\Startmenü\Programme\Autostart\update.exe
C:\Dokumente und Einstellungen\x\Startmenü\Programme\Autostart\update--skype.exe
C:\Dokumente und Einstellungen\x\Startmenü\Programme\Autostart\svchost.exe
C:\Dokumente und Einstellungen\x\Anwendungsdaten\winlogons.exe
C:\Dokumente und Einstellungen\x\Startmenü\Programme\Autostart\svchost.exe
C:\Dokumente und Einstellungen\x\Anwendungsdaten\Svchost.exe
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus :)

wilco 23.01.2012 20:39
hallo markus,

danke für deine hilfe!!!
ich bein computer-fachmann, sondern ein laie und hoffe, dass ich nichts falsch mache (machen kann). also versuche ich das mal, was du mir ratest.

gruß

markusg 23.01.2012 21:11
man kann nichts falsch machen, einfach genau lesen, script kopieren und ausführen und den upload machen :-)

wilco 23.01.2012 22:19
hallo markus,

der upload hat wohl funktioniert... die meldung lautet:

Datei: MovedFiles.zip empfangen

Vorgang erfolgreich abgeschlossen

ist damit jetzt alles behoben?

vielen herzlichen dank für deine mühen und hilfe!!!

markusg 24.01.2012 12:51
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
  • Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
    Tool

    Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Hinweis:
    Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
  • Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.

wilco 24.01.2012 20:28
Combofix Logfile:
Code:
ComboFix 12-01-23.02 - x 24.01.2012  19:28:19.2.1 - x86
Microsoft Windows XP Professional  5.1.2600.2.1252.49.1031.18.502.196 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\x\Eigene Dateien\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\xf9poa4vaz.exe
c:\dokumente und einstellungen\x\Anwendungsdaten\bits
c:\dokumente und einstellungen\x\Anwendungsdaten\bits\files.zip
c:\dokumente und einstellungen\x\Anwendungsdaten\bits\unzip.exe
c:\dokumente und einstellungen\x\Anwendungsdaten\bits2
c:\dokumente und einstellungen\x\Anwendungsdaten\bits2\file.zip
c:\dokumente und einstellungen\x\Anwendungsdaten\bits2\libcurl-4.dll
c:\dokumente und einstellungen\x\Anwendungsdaten\bits2\mine.exe
c:\dokumente und einstellungen\x\Anwendungsdaten\bits2\OpenCL.dll
c:\dokumente und einstellungen\x\Anwendungsdaten\bits2\phatk110722.cl
c:\dokumente und einstellungen\x\Anwendungsdaten\bits2\poclbm110717.cl
c:\dokumente und einstellungen\x\Anwendungsdaten\bits2\pthreadGC2-w32.dll
c:\dokumente und einstellungen\x\Anwendungsdaten\bits2\unzip.exe
c:\dokumente und einstellungen\x\Anwendungsdaten\bits2\windows.vbs
c:\dokumente und einstellungen\x\Anwendungsdaten\Iksa\fura.exe
c:\dokumente und einstellungen\x\xf9poa4vaz.exe
c:\program files\win32.exe
c:\windows\system32\drivers\5f83e192b9e4b803.sys
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AMSERVICE
-------\Legacy_SVAJNAG
-------\Service_AMService
-------\Service_SPService
-------\Service_svajnag
-------\Legacy_5f83e192b9e4b803
-------\Service_5f83e192b9e4b803
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-12-24 bis 2012-01-24  ))))))))))))))))))))))))))))))
.
.
2012-01-23 22:03 . 2012-01-23 22:03        --------        d-----w-        c:\dokumente und einstellungen\NetworkService\Anwendungsdaten\Vodafone
2012-01-23 21:41 . 2012-01-23 21:42        --------        d-----w-        c:\windows\system32\NtmsData
2012-01-23 20:42 . 2012-01-23 21:12        --------        d-----w-        C:\_OTL
2012-01-22 18:17 . 2012-01-22 18:17        --------        d-----w-        c:\windows\Sun
2012-01-22 12:05 . 2012-01-22 17:56        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\firebird
2012-01-22 12:05 . 2012-01-22 12:05        --------        d-----w-        c:\dokumente und einstellungen\x\Scoutsystems
2012-01-22 12:05 . 2012-01-22 12:05        --------        d-----w-        c:\programme\TrainerScout
2012-01-22 12:03 . 2012-01-22 12:03        --------        d-----w-        c:\programme\Gemeinsame Dateien\Java
2012-01-22 12:02 . 2012-01-22 12:02        472808        ----a-w-        c:\programme\Mozilla Firefox\plugins\npdeployJava1.dll
2012-01-22 12:02 . 2012-01-22 12:02        73728        ----a-w-        c:\windows\system32\javacpl.cpl
2012-01-22 12:02 . 2012-01-22 12:02        472808        ----a-w-        c:\windows\system32\deployJava1.dll
2012-01-22 12:02 . 2012-01-22 12:02        --------        d-----w-        c:\programme\Java
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-14 11:19        226816        --sh--w-        c:\windows\system32\igfxcf32.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BMMGAG"="c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2004-07-29 110592]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"DivXUpdate"="c:\programme\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-05-14 248552]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
.
c:\dokumente und einstellungen\Administrator\Startmenü\Programme\Autostart\
uwym.exe [2011-8-27 453312]
.
c:\dokumente und einstellungen\Administrator\Startmenü\Programme\Autostart\
uwym.exe [2011-8-27 453312]
.
c:\dokumente und einstellungen\Default User\Startmenü\Programme\Autostart\
riaka.exe [2011-8-27 453312]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programme\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
2004-11-09 10:53        262144        ----a-w-        c:\windows\system32\QConGina.dll
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Digital Imaging Monitor.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^x^Startmenü^Programme^Autostart^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 17:29        937920        ----a-w-        c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-30 15:45        35736        ----a-w-        c:\programme\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2004-08-25 19:52        339968        ----a-w-        c:\programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMMGAG]
2004-07-29 08:37        110592        ----a-w-        c:\progra~1\ThinkPad\UTILIT~1\PWRMONIT.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMMMONWND]
2004-07-29 08:37        398848        ----a-w-        c:\progra~1\ThinkPad\UTILIT~1\BATINFEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2003-11-20 21:16        70576        ----a-w-        c:\programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 07:57        15360        ----a-w-        c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DATAMNGR]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08        1259376        ----a-w-        c:\programme\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2004-09-02 08:05        127035        ----a-w-        c:\windows\system32\dla\tfswctrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZEJMNAP]
2003-12-25 09:04        208896        ----a-w-        c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 22:47        31016        ----a-w-        c:\programme\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2004-11-02 06:59        126976        ----a-w-        c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-08-20 09:54        150016        ----a-w-        c:\programme\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ibmmessages]
2004-08-06 09:10        442368        ----a-w-        c:\programme\IBM\Messages By IBM\ibmmessages.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IBMPRC]
2004-03-19 19:12        90112        ----a-w-        c:\ibmtools\utils\ibmprc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2004-11-02 07:03        155648        ----a-w-        c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intel Driver Control]
2011-08-14 11:19        226816        --sh--w-        c:\windows\system32\igfxcf32.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft® Windows Security]
2011-08-13 17:41        139264        --sh--r-        c:\dokumente und einstellungen\x\M-1-54-6324-575-5275\winsvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileConnect]
2009-09-18 16:48        2412032        ----a-w-        c:\programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-04 07:58        1667584        ----a-w-        c:\programme\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV CfgWiz]
2003-12-04 22:02        123824        ----a-w-        c:\programme\Gemeinsame Dateien\Symantec Shared\CfgWiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QCTRAY]
2004-11-09 10:53        712704        ----a-w-        c:\programme\ThinkPad\ConnectUtilities\QCTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QCWLICON]
2004-11-09 10:53        81920        ----a-w-        c:\programme\ThinkPad\ConnectUtilities\QCWLICON.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3TRAY2]
2001-10-12 05:32        69632        ----a-w-        c:\windows\system32\S3Tray2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2004-06-16 17:53        512000        ----a-w-        c:\programme\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
2004-06-16 17:53        110592        ----a-w-        c:\programme\Synaptics\SynTP\SynTPLpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TP4EX]
2002-09-04 08:05        53248        ----a-w-        c:\windows\system32\TP4EX.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPHOTKEY]
2004-08-17 19:06        94208        ----a-w-        c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPKMAPHELPER]
2004-02-05 01:39        897024        ----a-w-        c:\programme\ThinkPad\Utilities\TpKmapAp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TpShocks]
2004-03-27 01:06        102400        ----a-w-        c:\windows\system32\TpShocks.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-19 08:01        110592        ----a-w-        c:\programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\IBM\\Updater\\jre\\bin\\java.exe"=
"c:\\Programme\\IBM\\Updater\\jre\\bin\\javaw.exe"=
"c:\\Programme\\IBM\\Updater\\ucsmb.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Programme\\BearShare Applications\\BearShare\\BearShare.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Programme\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Dokumente und Einstellungen\\x\\M-1-54-6324-575-5275\\winsvc.exe"=
"c:\\WINDOWS\\system32\\igfxcf32.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14347:TCP"= 14347:TCP:spport
"13228:TCP"= 13228:TCP:spport
"28512:TCP"= 28512:TCP:spport
"24761:TCP"= 24761:TCP:spport
"8611:TCP"= 8611:TCP:spport
"9999:TCP"= 9999:TCP:spport
"6565:TCP"= 6565:TCP:spport
"29139:TCP"= 29139:TCP:spport
"23836:TCP"= 23836:TCP:spport
"6377:TCP"= 6377:TCP:spport
"17548:TCP"= 17548:TCP:spport
"12066:TCP"= 12066:TCP:spport
"15995:TCP"= 15995:TCP:spport
"21136:TCP"= 21136:TCP:spport
"13644:TCP"= 13644:TCP:spport
"21393:TCP"= 21393:TCP:spport
"24377:TCP"= 24377:TCP:spport
"17841:TCP"= 17841:TCP:spport
"10407:TCP"= 10407:TCP:spport
"20637:TCP"= 20637:TCP:spport
"20247:TCP"= 20247:TCP:spport
"29292:TCP"= 29292:TCP:spport
"11019:TCP"= 11019:TCP:spport
"13320:TCP"= 13320:TCP:spport
"22612:TCP"= 22612:TCP:spport
"17989:TCP"= 17989:TCP:spport
"10579:TCP"= 10579:TCP:spport
"25386:TCP"= 25386:TCP:spport
"13851:TCP"= 13851:TCP:spport
"15396:TCP"= 15396:TCP:spport
"12832:TCP"= 12832:TCP:spport
"14209:TCP"= 14209:TCP:spport
"6668:TCP"= 6668:TCP:spport
"29176:TCP"= 29176:TCP:spport
"20669:TCP"= 20669:TCP:spport
"5096:TCP"= 5096:TCP:spport
"17012:TCP"= 17012:TCP:spport
"22315:TCP"= 22315:TCP:spport
"12170:TCP"= 12170:TCP:spport
"10908:TCP"= 10908:TCP:spport
"26659:TCP"= 26659:TCP:spport
"23287:TCP"= 23287:TCP:spport
"28378:TCP"= 28378:TCP:spport
"15197:TCP"= 15197:TCP:spport
"29688:TCP"= 29688:TCP:spport
"21410:TCP"= 21410:TCP:spport
"27773:TCP"= 27773:TCP:spport
"23507:TCP"= 23507:TCP:spport
"29469:TCP"= 29469:TCP:spport
"5560:TCP"= 5560:TCP:spport
"12734:TCP"= 12734:TCP:spport
"6075:TCP"= 6075:TCP:spport
"27458:TCP"= 27458:TCP:spport
"27699:TCP"= 27699:TCP:spport
"14807:TCP"= 14807:TCP:spport
"18808:TCP"= 18808:TCP:spport
"11043:TCP"= 11043:TCP:spport
"17594:TCP"= 17594:TCP:spport
"7311:TCP"= 7311:TCP:spport
"14878:TCP"= 14878:TCP:spport
.
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [02.07.2009 20:50 16384]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [30.08.2011 21:45 136360]
R2 systkmo;systkmo;c:\windows\system32\drivers\systkmo.exe [21.09.2011 23:18 188928]
R2 winfins;winfins;c:\windows\system32\drivers\winfins.exe [21.09.2011 23:18 154624]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [12.12.2010 22:07 135664]
S2 VMCService;Vodafone Mobile Connect Service;c:\programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [18.09.2009 17:48 9216]
S3 CFcatchme;CFcatchme;\??\c:\dokume~1\x\LOKALE~1\Temp\CFcatchme.sys --> c:\dokume~1\x\LOKALE~1\Temp\CFcatchme.sys [?]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [12.12.2010 22:07 135664]
S3 LucentSoftModem;Lucent Technologies Soft Modem;c:\windows\system32\drivers\LTSM.sys [24.02.2003 23:36 802683]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [31.07.2011 09:05 9728]
S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [02.07.2009 20:48 12288]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [31.07.2011 09:07 114688]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [31.07.2011 09:07 105088]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2009-07-02 c:\windows\Tasks\BMMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\BMMTASK.EXE [2009-07-02 08:37]
.
2012-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-12-12 21:07]
.
2012-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-12-12 21:07]
.
2009-07-02 c:\windows\Tasks\Symantec NetDetect.job
- c:\programme\Symantec\LiveUpdate\NDETECT.EXE [2009-07-02 20:36]
.
2012-01-24 c:\windows\Tasks\WebReg HP Deskjet F4200 series.job
- c:\programme\HP\Digital Imaging\bin\hpqwrg.exe [2008-03-25 18:42]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://facebook.com/
mWindow Title = Microsoft Internet Explorer
IE: Free YouTube to MP3 Converter - c:\dokumente und einstellungen\x\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{B3993537-2F3C-4F38-8847-9547211F1A41}: NameServer = 139.7.30.125,139.7.30.126
FF - ProfilePath - c:\dokumente und einstellungen\x\Anwendungsdaten\Mozilla\Firefox\Profiles\uiho2ook.default\
FF - prefs.js: browser.search.selectedEngine - BearShare Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/web?src=ffb&systemid=2&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\programme\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - Ext: MediaBar: {E84D42CA-64EB-11DE-A65F-8C3656D89593} - %profile%\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}
FF - Ext: WiseStamp: wisestamp@wisestamp.com - %profile%\extensions\wisestamp@wisestamp.com
FF - Ext: Cooliris: piclens@cooliris.com - %profile%\extensions\piclens@cooliris.com
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{96AFBE69-C3B0-4b00-8578-D933D2896EE2} - (no file)
HKCU-Run-{C293C995-AC8B-4268-B24B-EE6672B3AA5B} - c:\dokumente und einstellungen\x\Anwendungsdaten\Iksa\fura.exe
HKCU-Run-xf9poa4vaz - c:\dokumente und einstellungen\x\xf9poa4vaz.exe
HKLM-Run-xf9poa4vaz - c:\dokumente und einstellungen\All Users\xf9poa4vaz.exe
HKU-Default-Run-Windows Defender - \winupdate.exe
MSConfigStartUp-DivX Download Manager - c:\programme\DivX\DivX Plus Web Player\DDmService.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\dokumente und einstellungen\All Users\Anwendungsdaten\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-01-24 20:03
Windows 5.1.2600 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 5.1.2600 Disk: HTS424040M9AT00 rev.MA2IA70A -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
error: Read  Ein an das System angeschlossenes Gerät funktioniert nicht.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8230A31B
user & kernel MBR OK
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(940)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(448)
c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\System32\ibmpmsvc.exe
c:\programme\Intel\WiFi\bin\S24EvMon.exe
c:\programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
c:\programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Intel\WiFi\bin\EvtEng.exe
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\programme\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Norton AntiVirus\navapsvc.exe
c:\windows\System32\QCONSVC.EXE
c:\programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe
c:\windows\system32\TpKmpSVC.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\RunDll32.exe
c:\programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
c:\windows\system32\wscntfy.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe
c:\windows\System32\ping.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-01-24  20:19:15 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-01-24 19:18
ComboFix2.txt  2011-08-17 15:31
.
Vor Suchlauf: 18 Verzeichnis(se), 25.491.451.904 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 25.725.591.552 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect
.
- - End Of File - - 9A063E784C3FC58EC9BD53840714FAA8
--- --- ---

markusg 24.01.2012 21:45
http://www.trojaner-board.de/82358-t...entfernen.html
ausführen, ergebniss posten

wilco 24.01.2012 22:26
hallo markus,

habe TDSSKiller ausgeführt... dabei wurde ein Fehler gefunden und behoben. Ein Ergebnis / Liste o. ä. habe ich nicht erhalten. Muss ich dabei auf etwas achten?
Herzlichen Dank für Deine Hilfe!!!

markusg 25.01.2012 14:55
das log liegt direkt auf c:
kaspersky tdss killer-version-datum-uhrzeit.txt
du kannst dich aber schon mal drauf einstellen das dein system neu instaliert werden muss :-(

wilco 26.01.2012 14:57
22:01:18.0270 1920 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
22:01:18.0861 1920 ============================================================
22:01:18.0861 1920 Current date / time: 2012/01/24 22:01:18.0861
22:01:18.0861 1920 SystemInfo:
22:01:18.0861 1920
22:01:18.0861 1920 OS Version: 5.1.2600 ServicePack: 2.0
22:01:18.0861 1920 Product type: Workstation
22:01:18.0861 1920 ComputerName: WILLI
22:01:18.0871 1920 UserName: x
22:01:18.0871 1920 Windows directory: C:\WINDOWS
22:01:18.0871 1920 System windows directory: C:\WINDOWS
22:01:18.0871 1920 Processor architecture: Intel x86
22:01:18.0871 1920 Number of processors: 1
22:01:18.0871 1920 Page size: 0x1000
22:01:18.0871 1920 Boot type: Normal boot
22:01:18.0871 1920 ============================================================
22:01:23.0167 1920 Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1430, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
22:01:23.0548 1920 Initialize success
22:01:41.0093 0172 ============================================================
22:01:41.0093 0172 Scan started
22:01:41.0093 0172 Mode: Manual;
22:01:41.0093 0172 ============================================================
22:01:42.0104 0172 Abiosdsk - ok
22:01:42.0775 0172 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
22:01:42.0896 0172 abp480n5 - ok
22:01:43.0556 0172 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
22:01:43.0687 0172 ac97intc - ok
22:01:44.0668 0172 ACPI (94b4741d2cf9ed38140b831293d1601a) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:01:45.0069 0172 ACPI - ok
22:01:45.0549 0172 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
22:01:45.0589 0172 ACPIEC - ok
22:01:46.0160 0172 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
22:01:46.0531 0172 adpu160m - ok
22:01:47.0132 0172 aeaudio (75bee80a25fc7f690dcd57570dc159c1) C:\WINDOWS\system32\drivers\aeaudio.sys
22:01:47.0272 0172 aeaudio - ok
22:01:47.0552 0172 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
22:01:47.0632 0172 aec - ok
22:01:48.0023 0172 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
22:01:48.0083 0172 AFD - ok
22:01:48.0413 0172 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\System32\DRIVERS\agp440.sys
22:01:48.0484 0172 agp440 - ok
22:01:49.0094 0172 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
22:01:49.0235 0172 agpCPQ - ok
22:01:49.0866 0172 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
22:01:50.0006 0172 Aha154x - ok
22:01:50.0567 0172 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
22:01:50.0607 0172 aic78u2 - ok
22:01:50.0897 0172 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
22:01:50.0947 0172 aic78xx - ok
22:01:51.0167 0172 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
22:01:51.0238 0172 AliIde - ok
22:01:51.0468 0172 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\System32\DRIVERS\alim1541.sys
22:01:51.0528 0172 alim1541 - ok
22:01:51.0808 0172 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\System32\DRIVERS\amdagp.sys
22:01:51.0888 0172 amdagp - ok
22:01:52.0119 0172 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
22:01:52.0189 0172 amsint - ok
22:01:52.0439 0172 ANC (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS
22:01:52.0509 0172 ANC - ok
22:01:52.0800 0172 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:01:52.0870 0172 Arp1394 - ok
22:01:53.0150 0172 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
22:01:53.0230 0172 asc - ok
22:01:53.0471 0172 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
22:01:53.0541 0172 asc3350p - ok
22:01:53.0751 0172 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
22:01:53.0861 0172 asc3550 - ok
22:01:54.0142 0172 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:01:54.0162 0172 AsyncMac - ok
22:01:54.0392 0172 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:01:54.0402 0172 atapi - ok
22:01:54.0602 0172 Atdisk - ok
22:01:54.0713 0172 ati2mtag (f0d0b0cdec0be32d775f404cac2604bf) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
22:01:54.0903 0172 ati2mtag - ok
22:01:55.0143 0172 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:01:55.0243 0172 Atmarpc - ok
22:01:55.0474 0172 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:01:55.0554 0172 audstub - ok
22:01:55.0714 0172 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
22:01:55.0824 0172 avgio - ok
22:01:56.0074 0172 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
22:01:56.0115 0172 avgntflt - ok
22:01:56.0345 0172 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys
22:01:56.0435 0172 avipbb - ok
22:01:56.0655 0172 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:01:56.0675 0172 Beep - ok
22:01:56.0705 0172 catchme - ok
22:01:56.0986 0172 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
22:01:57.0056 0172 cbidf - ok
22:01:57.0256 0172 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:01:57.0266 0172 cbidf2k - ok
22:01:57.0507 0172 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
22:01:57.0567 0172 cd20xrnt - ok
22:01:57.0797 0172 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:01:57.0847 0172 Cdaudio - ok
22:01:58.0117 0172 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
22:01:58.0137 0172 Cdfs - ok
22:01:58.0378 0172 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:01:58.0448 0172 Cdrom - ok
22:01:58.0598 0172 CFcatchme - ok
22:01:58.0808 0172 Changer - ok
22:01:59.0129 0172 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
22:01:59.0179 0172 CmBatt - ok
22:01:59.0409 0172 CmdIde (c687f81290303d90099b027a6474f99f) C:\WINDOWS\System32\DRIVERS\cmdide.sys
22:01:59.0489 0172 CmdIde - ok
22:01:59.0740 0172 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
22:01:59.0760 0172 Compbatt - ok
22:02:00.0060 0172 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
22:02:00.0130 0172 Cpqarray - ok
22:02:00.0381 0172 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
22:02:00.0491 0172 dac2w2k - ok
22:02:00.0701 0172 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
22:02:00.0761 0172 dac960nt - ok
22:02:01.0042 0172 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
22:02:01.0062 0172 Disk - ok
22:02:01.0332 0172 dmboot (5789b83ba87fc84c3568cf86cacef8ce) C:\WINDOWS\system32\drivers\dmboot.sys
22:02:01.0442 0172 dmboot - ok
22:02:01.0683 0172 dmio (084eb0a50a4f7b4705c8a57f234e5291) C:\WINDOWS\system32\drivers\dmio.sys
22:02:01.0823 0172 dmio - ok
22:02:02.0033 0172 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:02:02.0093 0172 dmload - ok
22:02:02.0354 0172 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
22:02:02.0434 0172 DMusic - ok
22:02:02.0654 0172 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
22:02:02.0714 0172 dpti2o - ok
22:02:02.0994 0172 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
22:02:03.0044 0172 drmkaud - ok
22:02:03.0285 0172 drvmcdb (f41619ae216b51d68dda163805eefaa9) C:\WINDOWS\system32\drivers\drvmcdb.sys
22:02:03.0325 0172 drvmcdb - ok
22:02:03.0565 0172 drvnddm (b295700e684ed1984db1d6be40354421) C:\WINDOWS\system32\drivers\drvnddm.sys
22:02:03.0605 0172 drvnddm - ok
22:02:03.0876 0172 E1000 (8179a01475f75417011e27e322c7e0e3) C:\WINDOWS\system32\DRIVERS\e1000325.sys
22:02:03.0976 0172 E1000 - ok
22:02:04.0216 0172 E100B (afee15c5b16317ebf17f79cc1843465a) C:\WINDOWS\system32\DRIVERS\e100b325.sys
22:02:04.0256 0172 E100B - ok
22:02:04.0406 0172 EGATHDRV (7f220875288944c9c7856e2bc8613b1f) C:\WINDOWS\SYSTEM32\EGATHDRV.SYS
22:02:04.0426 0172 EGATHDRV - ok
22:02:04.0597 0172 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
22:02:04.0677 0172 Fastfat - ok
22:02:05.0027 0172 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:02:05.0107 0172 Fdc - ok
22:02:05.0328 0172 Fips (9e9af89f9b14aa6249065c309ce73bd8) C:\WINDOWS\system32\drivers\Fips.sys
22:02:05.0388 0172 Fips - ok
22:02:05.0598 0172 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
22:02:05.0658 0172 Flpydisk - ok
22:02:05.0919 0172 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\drivers\fltmgr.sys
22:02:05.0959 0172 FltMgr - ok
22:02:06.0189 0172 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:02:06.0249 0172 Fs_Rec - ok
22:02:06.0489 0172 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:02:06.0519 0172 Ftdisk - ok
22:02:06.0760 0172 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:02:06.0920 0172 Gpc - ok
22:02:07.0190 0172 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
22:02:07.0271 0172 hpn - ok
22:02:07.0491 0172 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
22:02:07.0561 0172 HPZid412 - ok
22:02:07.0781 0172 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
22:02:07.0861 0172 HPZipr12 - ok
22:02:08.0092 0172 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
22:02:08.0162 0172 HPZius12 - ok
22:02:08.0402 0172 HSFHWICH (62003dbef083dc07e5399f44fb4e22bc) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
22:02:08.0452 0172 HSFHWICH - ok
22:02:08.0743 0172 HSF_DP (f41cd40b94d91edf9443a527053ec549) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
22:02:08.0953 0172 HSF_DP - ok
22:02:09.0193 0172 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
22:02:09.0243 0172 HTTP - ok
22:02:09.0494 0172 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
22:02:09.0544 0172 i2omgmt - ok
22:02:09.0834 0172 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\System32\DRIVERS\i2omp.sys
22:02:09.0894 0172 i2omp - ok
22:02:10.0175 0172 i8042prt (7c575018d0413440d75432a78b88c899) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:02:10.0255 0172 i8042prt - ok
22:02:10.0896 0172 ialm (d4405bd2b6e95efdc8e674ed4032874f) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
22:02:11.0116 0172 ialm - ok
22:02:11.0366 0172 ibmfilter (4dc41ab5aa3f96fa7f01587dd9ccf467) C:\WINDOWS\system32\drivers\ibmfilter.sys
22:02:11.0457 0172 ibmfilter - ok
22:02:11.0677 0172 IBMPMDRV (b9ad9ebe354af205277fdbfce5c5daec) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
22:02:11.0747 0172 IBMPMDRV - ok
22:02:12.0047 0172 IBMTPCHK (e4fa96158a283618a0e1807bfdc12230) C:\WINDOWS\system32\drivers\IBMBLDID.SYS
22:02:12.0108 0172 IBMTPCHK - ok
22:02:12.0368 0172 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:02:12.0448 0172 Imapi - ok
22:02:12.0658 0172 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
22:02:12.0728 0172 ini910u - ok
22:02:12.0999 0172 IntelIde (d63c33f65f6ebc732116403d88883b2d) C:\WINDOWS\System32\DRIVERS\intelide.sys
22:02:13.0049 0172 IntelIde - ok
22:02:13.0299 0172 intelppm (c1c2cc1da79c5ee10457ef0a3b8568c7) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:02:13.0329 0172 intelppm - ok
22:02:13.0570 0172 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
22:02:13.0600 0172 ip6fw - ok
22:02:13.0820 0172 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:02:13.0910 0172 IpFilterDriver - ok
22:02:14.0201 0172 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:02:14.0261 0172 IpInIp - ok
22:02:14.0501 0172 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:02:14.0551 0172 IpNat - ok
22:02:14.0811 0172 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:02:14.0851 0172 IPSec - ok
22:02:15.0092 0172 irda (86c204836feec22510d434982d4221b8) C:\WINDOWS\system32\DRIVERS\irda.sys
22:02:15.0182 0172 irda - ok
22:02:15.0412 0172 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:02:15.0472 0172 IRENUM - ok
22:02:15.0723 0172 isapnp (ce9b7afdf0a3d7dd8d1487262316b959) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:02:15.0743 0172 isapnp - ok
22:02:16.0043 0172 Kbdclass (b128fc0a5cd83f669d5de4b58f77c7d6) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:02:16.0073 0172 Kbdclass - ok
22:02:16.0304 0172 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
22:02:16.0384 0172 kmixer - ok
22:02:16.0604 0172 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
22:02:16.0654 0172 KSecDD - ok
22:02:16.0914 0172 lbrtfdc - ok
22:02:17.0215 0172 LucentSoftModem (dd226891303d5118648ad4b911f37822) C:\WINDOWS\system32\DRIVERS\LTSM.sys
22:02:17.0325 0172 LucentSoftModem - ok
22:02:17.0545 0172 massfilter (112db6314bb175ba5f27a66e11c01d77) C:\WINDOWS\system32\DRIVERS\massfilter.sys
22:02:17.0595 0172 massfilter - ok
22:02:17.0836 0172 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
22:02:17.0896 0172 mdmxsdk - ok
22:02:18.0186 0172 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:02:18.0226 0172 mnmdd - ok
22:02:18.0467 0172 Modem (91a3da4b12f6f1d760463a7f7857f748) C:\WINDOWS\system32\drivers\Modem.sys
22:02:18.0497 0172 Modem - ok
22:02:18.0747 0172 Mouclass (71e15ca47fd947552054afb28536268f) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:02:18.0797 0172 Mouclass - ok
22:02:19.0048 0172 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
22:02:19.0078 0172 MountMgr - ok
22:02:19.0288 0172 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
22:02:19.0368 0172 mraid35x - ok
22:02:19.0598 0172 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:02:19.0658 0172 MRxDAV - ok
22:02:19.0929 0172 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:02:19.0979 0172 MRxSmb - ok
22:02:20.0209 0172 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
22:02:20.0229 0172 Msfs - ok
22:02:20.0470 0172 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:02:20.0520 0172 MSKSSRV - ok
22:02:20.0750 0172 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:02:20.0850 0172 MSPCLOCK - ok
22:02:21.0181 0172 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
22:02:21.0231 0172 MSPQM - ok
22:02:21.0471 0172 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:02:21.0501 0172 mssmbios - ok
22:02:21.0731 0172 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
22:02:21.0771 0172 Mup - ok
22:02:22.0102 0172 NAVENG (c3fddf2cb92d3254583d47da54af598c) C:\PROGRA~1\GEMEIN~1\SYMANT~1\VIRUSD~1\20040801.016\NAVENG.Sys
22:02:22.0122 0172 NAVENG - ok
22:02:22.0312 0172 NAVEX15 (824128cade302794827af8472a6a1f5c) C:\PROGRA~1\GEMEIN~1\SYMANT~1\VIRUSD~1\20040801.016\NavEx15.Sys
22:02:22.0362 0172 NAVEX15 - ok
22:02:22.0603 0172 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
22:02:22.0643 0172 NDIS - ok
22:02:22.0893 0172 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:02:22.0953 0172 NdisTapi - ok
22:02:23.0224 0172 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:02:23.0274 0172 Ndisuio - ok
22:02:23.0514 0172 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:02:23.0584 0172 NdisWan - ok
22:02:23.0844 0172 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
22:02:23.0915 0172 NDProxy - ok
22:02:24.0205 0172 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:02:24.0235 0172 NetBIOS - ok
22:02:24.0465 0172 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:02:24.0535 0172 NetBT - ok
22:02:24.0836 0172 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:02:24.0956 0172 NIC1394 - ok
22:02:25.0246 0172 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
22:02:25.0276 0172 Npfs - ok
22:02:25.0507 0172 NSCIRDA (6216798d29c3ba9d0d6f40bbbab694a5) C:\WINDOWS\system32\DRIVERS\nscirda.sys
22:02:25.0567 0172 NSCIRDA - ok
22:02:25.0897 0172 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
22:02:25.0957 0172 Ntfs - ok
22:02:26.0228 0172 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:02:26.0248 0172 Null - ok
22:02:26.0468 0172 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:02:26.0548 0172 NwlnkFlt - ok
22:02:26.0779 0172 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:02:26.0909 0172 NwlnkFwd - ok
22:02:27.0209 0172 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:02:27.0239 0172 ohci1394 - ok
22:02:27.0500 0172 P3 (118c1004e38fddb5f832a182e6ef6f40) C:\WINDOWS\system32\DRIVERS\p3.sys
22:02:27.0560 0172 P3 - ok
22:02:27.0820 0172 Parport (b2f17a2edb5450e61973a037f63a595b) C:\WINDOWS\system32\DRIVERS\parport.sys
22:02:27.0890 0172 Parport - ok
22:02:28.0131 0172 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
22:02:28.0161 0172 PartMgr - ok
22:02:28.0371 0172 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
22:02:28.0441 0172 ParVdm - ok
22:02:28.0671 0172 PCI (6fb463e5b243fbd6f3d3c83f914d94fb) C:\WINDOWS\system32\DRIVERS\pci.sys
22:02:28.0701 0172 PCI - ok
22:02:28.0902 0172 PCIDump - ok
22:02:28.0972 0172 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:02:28.0992 0172 PCIIde - ok
22:02:29.0242 0172 Pcmcia (e2363f4c1daff89abee5f593e13d8a05) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
22:02:29.0272 0172 Pcmcia - ok
22:02:29.0462 0172 PDCOMP - ok
22:02:29.0483 0172 PDFRAME - ok
22:02:29.0513 0172 PDRELI - ok
22:02:29.0533 0172 PDRFRAME - ok
22:02:29.0593 0172 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
22:02:29.0653 0172 perc2 - ok
22:02:29.0903 0172 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
22:02:29.0953 0172 perc2hib - ok
22:02:30.0204 0172 PMEM (fa292805788528c083f416e151b60ab6) C:\WINDOWS\SYSTEM32\Drivers\PMEMNT.SYS
22:02:30.0264 0172 PMEM - ok
22:02:30.0554 0172 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:02:30.0604 0172 PptpMiniport - ok
22:02:30.0864 0172 Processor (3d7f196e77f986c106e9320b81a5ebbf) C:\WINDOWS\system32\DRIVERS\processr.sys
22:02:30.0935 0172 Processor - ok
22:02:31.0195 0172 psadd (dc23b0d9a0282cb0d8281dbda431ac14) C:\WINDOWS\system32\Drivers\psadd.sys
22:02:31.0255 0172 psadd - ok
22:02:31.0515 0172 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
22:02:31.0576 0172 PSched - ok
22:02:31.0796 0172 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:02:31.0956 0172 Ptilink - ok
22:02:32.0226 0172 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:02:32.0257 0172 PxHelp20 - ok
22:02:32.0477 0172 QCNDISIF (2feb0da5705df73ef15027512b998223) C:\WINDOWS\system32\drivers\qcndisif.SYS
22:02:32.0517 0172 QCNDISIF - ok
22:02:32.0737 0172 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
22:02:32.0817 0172 ql1080 - ok
22:02:33.0048 0172 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
22:02:33.0118 0172 Ql10wnt - ok
22:02:33.0358 0172 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
22:02:33.0428 0172 ql12160 - ok
22:02:33.0649 0172 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
22:02:33.0729 0172 ql1240 - ok
22:02:33.0969 0172 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
22:02:34.0029 0172 ql1280 - ok
22:02:34.0239 0172 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:02:34.0289 0172 RasAcd - ok
22:02:34.0530 0172 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
22:02:34.0600 0172 Rasirda - ok
22:02:34.0810 0172 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:02:34.0900 0172 Rasl2tp - ok
22:02:35.0171 0172 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:02:35.0251 0172 RasPppoe - ok
22:02:35.0481 0172 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:02:35.0541 0172 Raspti - ok
22:02:35.0792 0172 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:02:35.0842 0172 Rdbss - ok
22:02:36.0092 0172 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:02:36.0142 0172 RDPCDD - ok
22:02:36.0422 0172 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:02:36.0513 0172 rdpdr - ok
22:02:36.0743 0172 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
22:02:36.0783 0172 RDPWD - ok
22:02:37.0073 0172 redbook (aa56702e230860565cb8d43680f57f33) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:02:37.0134 0172 redbook - ok
22:02:37.0454 0172 s24trans (96b4494d4734970f47c566e098c4f527) C:\WINDOWS\system32\DRIVERS\s24trans.sys
22:02:37.0524 0172 s24trans - ok
22:02:37.0754 0172 S3SSavage (a94aa8161dd4711bc6f732f21d6407d6) C:\WINDOWS\system32\DRIVERS\s3ssavm.sys
22:02:37.0814 0172 S3SSavage - ok
22:02:37.0985 0172 SAVRT (7a1dcba368dacb5ca41e40f97f43aaa8) C:\Programme\Norton AntiVirus\SAVRT.SYS
22:02:38.0135 0172 SAVRT - ok
22:02:38.0275 0172 SAVRTPEL (395df1ccad06b8d47f2d78c2d78f4cd5) C:\Programme\Norton AntiVirus\SAVRTPEL.SYS
22:02:38.0355 0172 SAVRTPEL - ok
22:02:38.0606 0172 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:02:38.0616 0172 Secdrv - ok
22:02:38.0866 0172 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:02:38.0906 0172 serenum - ok
22:02:39.0146 0172 Serial (cd5b9995afcdb466c9efc048d167e3be) C:\WINDOWS\system32\DRIVERS\serial.sys
22:02:39.0217 0172 Serial - ok
22:02:39.0477 0172 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:02:39.0527 0172 Sfloppy - ok
22:02:39.0767 0172 ShockMgr (482ddb9f0f6d88f0503910e1b9728042) C:\WINDOWS\system32\drivers\ShockMgr.sys
22:02:39.0827 0172 ShockMgr - ok
22:02:40.0088 0172 Shockprf (3d593b089133f134f52d6de29b0d058b) C:\WINDOWS\system32\drivers\Shockprf.sys
22:02:40.0138 0172 Shockprf - ok
22:02:40.0328 0172 Simbad - ok
22:02:40.0388 0172 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\System32\DRIVERS\sisagp.sys
22:02:40.0468 0172 sisagp - ok
22:02:40.0709 0172 Smapint (26341d0dd225d19fd50e0ee3c3c77502) C:\WINDOWS\system32\drivers\Smapint.sys
22:02:40.0789 0172 Smapint - ok
22:02:41.0089 0172 smwdm (710a9684bf50e6fe7c227b9de41159da) C:\WINDOWS\system32\drivers\smwdm.sys
22:02:41.0169 0172 smwdm - ok
22:02:41.0410 0172 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
22:02:41.0470 0172 Sparrow - ok
22:02:41.0690 0172 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
22:02:41.0710 0172 splitter - ok
22:02:42.0041 0172 sr (e4200cb2f418d8fc4acdd7e38c419d6a) C:\WINDOWS\system32\DRIVERS\sr.sys
22:02:42.0101 0172 sr - ok
22:02:42.0361 0172 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
22:02:42.0401 0172 Srv - ok
22:02:42.0641 0172 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
22:02:42.0661 0172 sscdbhk5 - ok
22:02:42.0942 0172 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
22:02:43.0002 0172 ssmdrv - ok
22:02:43.0252 0172 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
22:02:43.0282 0172 ssrtln - ok
22:02:43.0523 0172 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:02:43.0573 0172 swenum - ok
22:02:43.0823 0172 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
22:02:43.0913 0172 swmidi - ok
22:02:44.0224 0172 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
22:02:44.0284 0172 symc810 - ok
22:02:44.0504 0172 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
22:02:44.0564 0172 symc8xx - ok
22:02:44.0744 0172 SymEvent (05d9613efe7809e384c10da26958dfa4) C:\Programme\Symantec\SYMEVENT.SYS
22:02:44.0815 0172 SymEvent - ok
22:02:45.0045 0172 SYMREDRV (dbe4567ae5ec33ff4f0865c4d47d3070) C:\WINDOWS\system32\Drivers\SYMREDRV.SYS
22:02:45.0095 0172 SYMREDRV - ok
22:02:45.0345 0172 SYMTDI (9b3d8b13ca77ddad85404ad34e649123) C:\WINDOWS\system32\Drivers\SYMTDI.SYS
22:02:45.0435 0172 SYMTDI - ok
22:02:45.0666 0172 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
22:02:45.0736 0172 sym_hi - ok
22:02:46.0076 0172 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
22:02:46.0136 0172 sym_u3 - ok
22:02:46.0397 0172 SynTP (9f21fcb5a5bbc7d730018f6b61f638cb) C:\WINDOWS\system32\DRIVERS\SynTP.sys
22:02:46.0457 0172 SynTP - ok
22:02:46.0687 0172 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
22:02:46.0747 0172 sysaudio - ok
22:02:47.0148 0172 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:02:47.0218 0172 Tcpip - ok
22:02:47.0448 0172 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:02:47.0488 0172 TDPIPE - ok
22:02:47.0729 0172 TDSMAPI (139b4d397d51cf60d6585597b1cf2f51) C:\WINDOWS\system32\drivers\TDSMAPI.SYS
22:02:47.0799 0172 TDSMAPI - ok
22:02:48.0029 0172 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
22:02:48.0099 0172 TDTCP - ok
22:02:48.0330 0172 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:02:48.0390 0172 TermDD - ok
22:02:48.0600 0172 tfsnboio (1797f3375b4bf20e81d69ac8b11445b5) C:\WINDOWS\system32\dla\tfsnboio.sys
22:02:48.0660 0172 tfsnboio - ok
22:02:48.0890 0172 tfsncofs (019ba601cb71a71143aed94f2db26250) C:\WINDOWS\system32\dla\tfsncofs.sys
22:02:48.0951 0172 tfsncofs - ok
22:02:49.0201 0172 tfsndrct (87269d7fa6df7ef84b83bf5b0d2e031c) C:\WINDOWS\system32\dla\tfsndrct.sys
22:02:49.0241 0172 tfsndrct - ok
22:02:49.0421 0172 tfsndres (b4fb34f46971e56ccd8b8ac6936add58) C:\WINDOWS\system32\dla\tfsndres.sys
22:02:49.0471 0172 tfsndres - ok
22:02:49.0652 0172 tfsnifs (2a144ec7557efb9758d1c121688ebaf5) C:\WINDOWS\system32\dla\tfsnifs.sys
22:02:49.0732 0172 tfsnifs - ok
22:02:49.0912 0172 tfsnopio (1aa2c61a846efbc200703e8dc250297f) C:\WINDOWS\system32\dla\tfsnopio.sys
22:02:49.0972 0172 tfsnopio - ok
22:02:50.0172 0172 tfsnpool (b3b0b6616cae23ab1a4a5898ca6d5552) C:\WINDOWS\system32\dla\tfsnpool.sys
22:02:50.0222 0172 tfsnpool - ok
22:02:50.0433 0172 tfsnudf (1614a1e396f296138d3fb1728f385e0b) C:\WINDOWS\system32\dla\tfsnudf.sys
22:02:50.0543 0172 tfsnudf - ok
22:02:50.0753 0172 tfsnudfa (e5d5b8dde8c221fedc88680631294155) C:\WINDOWS\system32\dla\tfsnudfa.sys
22:02:50.0823 0172 tfsnudfa - ok
22:02:51.0044 0172 TosIde (d213a9247dc347f305a2d4cc9b951487) C:\WINDOWS\System32\DRIVERS\toside.sys
22:02:51.0114 0172 TosIde - ok
22:02:51.0344 0172 TPHKDRV (a7c9656b3cac47a9f786aae88259d8b9) C:\WINDOWS\system32\drivers\TPHKDRV.sys
22:02:51.0414 0172 TPHKDRV - ok
22:02:51.0674 0172 TPPWR (dc5c49a5f38d377f7c9a99a5b0c4d1a0) C:\WINDOWS\system32\drivers\Tppwr.sys
22:02:51.0745 0172 TPPWR - ok
22:02:52.0025 0172 TSMAPIP (f2aba3066d7921d7fcdbd66dea88be11) C:\WINDOWS\system32\drivers\TSMAPIP.SYS
22:02:52.0115 0172 TSMAPIP - ok
22:02:52.0335 0172 TwoTrack (17687545f77a648af7f9f1064eb61191) C:\WINDOWS\system32\DRIVERS\TwoTrack.sys
22:02:52.0375 0172 TwoTrack - ok
22:02:52.0616 0172 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
22:02:52.0686 0172 Udfs - ok
22:02:52.0936 0172 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
22:02:53.0026 0172 ultra - ok
22:02:53.0277 0172 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
22:02:53.0317 0172 Update - ok
22:02:53.0547 0172 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:02:53.0627 0172 usbccgp - ok
22:02:53.0878 0172 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:02:53.0928 0172 usbehci - ok
22:02:54.0178 0172 usbhub (d31e07bf822c7f2bd32714e9ddca8be2) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:02:54.0238 0172 usbhub - ok
22:02:54.0438 0172 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:02:54.0508 0172 usbprint - ok
22:02:54.0749 0172 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:02:54.0809 0172 usbscan - ok
22:02:55.0059 0172 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:02:55.0129 0172 USBSTOR - ok
22:02:55.0350 0172 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:02:55.0390 0172 usbuhci - ok
22:02:55.0620 0172 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
22:02:55.0680 0172 VgaSave - ok
22:02:55.0971 0172 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\System32\DRIVERS\viaagp.sys
22:02:56.0031 0172 viaagp - ok
22:02:56.0251 0172 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\System32\DRIVERS\viaide.sys
22:02:56.0331 0172 ViaIde - ok
22:02:56.0571 0172 VolSnap (d6888520ff56d72a50437e371ca25fc9) C:\WINDOWS\system32\drivers\VolSnap.sys
22:02:56.0602 0172 VolSnap - ok
22:02:57.0172 0172 w29n51 (f0608f3b5b6d16f4870e867f9d069b6b) C:\WINDOWS\system32\DRIVERS\w29n51.sys
22:02:57.0463 0172 w29n51 - ok
22:02:57.0703 0172 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:02:57.0773 0172 Wanarp - ok
22:02:57.0994 0172 WDICA - ok
22:02:58.0084 0172 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
22:02:58.0164 0172 wdmaud - ok
22:02:58.0464 0172 winachsf (542a5f528a6cfebb4487b09538596d78) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
22:02:58.0574 0172 winachsf - ok
22:02:58.0905 0172 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:02:58.0965 0172 WS2IFSL - ok
22:02:59.0245 0172 ZTEusbmdm6k (d169ecbde1291b7d720441550d15d104) C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
22:02:59.0315 0172 ZTEusbmdm6k - ok
22:02:59.0546 0172 ZTEusbnet (d788e7d89cc491644d7a45b227f9b25e) C:\WINDOWS\system32\DRIVERS\ZTEusbnet.sys
22:02:59.0626 0172 ZTEusbnet - ok
22:02:59.0846 0172 ZTEusbnmea (d169ecbde1291b7d720441550d15d104) C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
22:02:59.0886 0172 ZTEusbnmea - ok
22:03:00.0167 0172 ZTEusbser6k (d169ecbde1291b7d720441550d15d104) C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
22:03:00.0207 0172 ZTEusbser6k - ok
22:03:00.0447 0172 ZTEusbvoice (d169ecbde1291b7d720441550d15d104) C:\WINDOWS\system32\DRIVERS\ZTEusbvoice.sys
22:03:00.0487 0172 ZTEusbvoice - ok
22:03:00.0547 0172 MBR (0x1B8) (6154012dd9c92dc2ec6a220ca6039fd8) \Device\Harddisk0\DR0
22:03:00.0547 0172 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - infected
22:03:00.0547 0172 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
22:03:00.0557 0172 Boot (0x1200) (6b4c436bc7942951d9b582f14920c097) \Device\Harddisk0\DR0\Partition0
22:03:00.0557 0172 \Device\Harddisk0\DR0\Partition0 - ok
22:03:00.0567 0172 ============================================================
22:03:00.0567 0172 Scan finished
22:03:00.0567 0172 ============================================================
22:03:00.0597 2080 Detected object count: 1
22:03:00.0597 2080 Actual detected object count: 1
22:03:15.0118 2080 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - will be cured on reboot
22:03:15.0118 2080 \Device\Harddisk0\DR0 - ok
22:03:15.0118 2080 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - User select action: Cure
22:03:35.0908 2884 Deinitialize success

markusg 26.01.2012 16:05
ok,
der pc muss neu aufgesetzt und dann abgesichert werden
1. Datenrettung:2. Formatieren, Windows neuinstallieren:3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:45 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131