Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   System Tool auf meinem Rechner (https://www.trojaner-board.de/96661-system-tool-meinem-rechner.html)

Gargamel456 21.03.2011 03:39
System Tool auf meinem Rechner
 
Liebe Helfer,

vor kurzem wurde mein Rechner mit der System Tool Malware befallen, die Symtome waren genau wie hier beschrieben:

http://www.trojaner-board.de/92246-s...entfernen.html

Ich bin auch die Anleitung wie beschrieben durchgegangen um das Tool wieder vom Rechner zu entfernen, der läuft jetzt wieder einwandfrei, evtl. braucht er etwas langsamer zum hochfahren und beim ausführen von programmen, da bin ich mir aber nicht ganz sicher. Das ganze ist schon fast 2 wochen her, da die symptome zuerst beseitigt schienen, habe ich vergessen seitdem hier ein Thema zu posten. Ich hoffe dennoch, dass sich noch einmal jemand anschaut, ob jetzt alles sauber ist.

Hier ist das Malwarebytes Logfile, das bei der Löschung vom System tool erstellt wurde (vollständiger suchlauf):

HTML-Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5996

Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 6.0.2900.2180

08.03.2011 22:39:53
mbam-log-2011-03-08 (22-39-53).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 217868
Laufzeit: 27 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 18
Infizierte Registrierungswerte: 5
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{5B6689B5-C2D4-4dc7-BFD1-24AC17E5FCDA} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{031CBF6A-C70E-4177-A0D4-C5268EE311FB} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClientAX.RequiredComponent.1 (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClientAX.RequiredComponent (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{460AC4DB-B0DE-4626-A0F0-175DD84DCB9B} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClientAX.ZangoClientAX.1 (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClientAX.ZangoClientAX (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClientAX.ClientInstaller.1 (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClientAX.ClientInstaller (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\LMgr180.WMDRMAx.1 (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\LMgr180.WMDRMAx (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90B5A95A-AFD5-4d11-B9BD-A69D53D22226} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HotbarAX.UserProfiles (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HotbarAX.UserProfiles.1 (Adware.Hotbar) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\kNhPnLo15406 (Trojan.FakeAlert) -> Value: kNhPnLo15406 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07AA283A-43D7-4CBE-A064-32A21112D94D} (Adware.Zango) -> Value: {07AA283A-43D7-4CBE-A064-32A21112D94D} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07AA283A-43D7-4CBE-A064-32A21112D94D} (Adware.Zango) -> Value: {07AA283A-43D7-4CBE-A064-32A21112D94D} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07AA283A-43D7-4CBE-A064-32A21112D94D} (Adware.Zango) -> Value: {07AA283A-43D7-4CBE-A064-32A21112D94D} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07AA283A-43D7-4CBE-A064-32A21112D94D} (Adware.Zango) -> Value: {07AA283A-43D7-4CBE-A064-32A21112D94D} -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\dokumente und einstellungen\all users\anwendungsdaten\knhpnlo15406\knhpnlo15406.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\jana\lokale einstellungen\temporary internet files\Content.IE5\8PWAUA85\about[1].exe (Rogue.SecurityShield) -> Quarantined and deleted successfully.
Heute habe ich nochmal einen Quick-Scan durchgeführt:

HTML-Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6113

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

20.03.2011 18:10:37
mbam-log-2011-03-20 (18-10-37).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 153682
Laufzeit: 11 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Hier sind ausserdem noch die Logdateien von OTL, auch von heute:

HTML-Code:
OTL logfile created on: 20.03.2011 19:17:31 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Dokumente und Einstellungen\jana\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
502,00 Mb Total Physical Memory | 133,00 Mb Available Physical Memory | 26,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 56,00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 32,83 Gb Total Space | 17,25 Gb Free Space | 52,55% Space Free | Partition Type: NTFS
 
Computer Name: URMEL | User Name: jana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Dokumente und Einstellungen\jana\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
PRC - C:\WINDOWS\vspc1330.exe (Sonix)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\ThinkPad\ConnectUtilities\QCWLICON.EXE (IBM Corp.)
PRC - C:\WINDOWS\system32\QCONSVC.EXE (IBM Corp.)
PRC - C:\Programme\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe ()
PRC - C:\Programme\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe ()
PRC - C:\Programme\IBM\Messages By IBM\ibmmessages.exe (IBM)
PRC - C:\Programme\IBM\IBM Rapid Restore Ultra\rrpcsb.exe ()
PRC - C:\IBMTOOLS\utils\ibmprc.exe (IBM Corp.)
PRC - C:\WINDOWS\system32\TpKmpSvc.exe ()
PRC - C:\Programme\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe (IBM Corporation)
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - C:\Dokumente und Einstellungen\jana\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - (PsaSrv) --  File not found
SRV - (AppMgmt) --  File not found
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (QCONSVC) -- C:\WINDOWS\system32\QCONSVC.EXE (IBM Corp.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (IBM Rapid Restore Ultra Service) -- C:\Programme\IBM\IBM Rapid Restore Ultra\rrpcsb.exe ()
SRV - (TpKmpSVC) -- C:\WINDOWS\system32\TpKmpSvc.exe ()
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (SPC1330) USB2.0 PC Camera (SPC1330) -- C:\WINDOWS\system32\drivers\spc1330.sys ()
DRV - (s0017mdm) -- C:\WINDOWS\system32\drivers\s0017mdm.sys (MCCI Corporation)
DRV - (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) -- C:\WINDOWS\system32\drivers\s0017unic.sys (MCCI Corporation)
DRV - (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s0017mgmt.sys (MCCI Corporation)
DRV - (s0017obex) -- C:\WINDOWS\system32\drivers\s0017obex.sys (MCCI Corporation)
DRV - (s0017bus) Sony Ericsson Device 0017 driver (WDM) -- C:\WINDOWS\system32\drivers\s0017bus.sys (MCCI Corporation)
DRV - (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) -- C:\WINDOWS\system32\drivers\s0017nd5.sys (MCCI Corporation)
DRV - (s0017mdfl) -- C:\WINDOWS\system32\drivers\s0017mdfl.sys (MCCI Corporation)
DRV - (phaudlwr) -- C:\WINDOWS\system32\drivers\phaudlwr.sys (Philips Applied Technologies)
DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Windows (R) 2000 DDK provider)
DRV - (sdcplh) -- C:\WINDOWS\system32\drivers\sdcplh.sys (Macrovision Europe Ltd)
DRV - (QCNDISIF) -- C:\WINDOWS\system32\drivers\qcndisif.sys (IBM Corporation.)
DRV - (ANC) -- C:\WINDOWS\system32\drivers\ANC.sys (IBM Corp.)
DRV - (IBMTPCHK) -- C:\WINDOWS\system32\drivers\IBMBLDID.SYS ()
DRV - (w29n51) Intel(R) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (k750obex) -- C:\WINDOWS\system32\drivers\k750obex.sys (MCCI)
DRV - (k750mgmt) -- C:\WINDOWS\system32\drivers\k750mgmt.sys (MCCI)
DRV - (k750mdm) -- C:\WINDOWS\system32\drivers\k750mdm.sys (MCCI)
DRV - (k750mdfl) -- C:\WINDOWS\system32\drivers\k750mdfl.sys (MCCI)
DRV - (k750bus) Sony Ericsson 750 driver (WDM) -- C:\WINDOWS\system32\drivers\k750bus.sys (MCCI)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (ibmfilter) -- C:\WINDOWS\system32\drivers\ibmfilter.sys (IBM)
DRV - (ltmodem5) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys (LT)
DRV - (TPPWR) -- C:\WINDOWS\system32\drivers\TPPWR.SYS (IBM Corp.)
DRV - (TDSMAPI) -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS ()
DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (TSMAPIP) -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS ()
DRV - (S3SSavage) -- C:\WINDOWS\system32\drivers\s3ssavm.sys (S3 Graphics, Inc.)
DRV - (TwoTrack) -- C:\WINDOWS\system32\drivers\TwoTrack.sys (IBM Corporation)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Use Custom Search URL = 1
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://google.icq.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.03.10 23:55:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.03.06 00:19:08 | 000,000,000 | ---D | M]
 
[2010.04.25 04:26:28 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\jana\Anwendungsdaten\Mozilla\Extensions
[2010.12.20 13:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\jana\Anwendungsdaten\Mozilla\Firefox\Profiles\8ncif1yv.default\extensions
[2008.07.03 13:09:45 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Dokumente und Einstellungen\jana\Anwendungsdaten\Mozilla\Firefox\Profiles\8ncif1yv.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010.11.28 11:29:56 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Dokumente und Einstellungen\jana\Anwendungsdaten\Mozilla\Firefox\Profiles\8ncif1yv.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2005.12.30 06:27:02 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Dokumente und Einstellungen\jana\Anwendungsdaten\Mozilla\Firefox\Profiles\8ncif1yv.default\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011.03.20 10:12:30 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\jana\Anwendungsdaten\Mozilla\Firefox\Profiles\ghgdxae3.default\extensions
[2010.12.20 14:02:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\jana\Anwendungsdaten\Mozilla\Firefox\Profiles\ghgdxae3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.02.26 15:18:45 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Dokumente und Einstellungen\jana\Anwendungsdaten\Mozilla\Firefox\Profiles\ghgdxae3.default\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011.03.20 10:12:30 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.11.13 14:30:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.11.13 14:30:21 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.09.18 02:42:48 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.09.18 02:42:48 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.18 02:42:49 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.09.18 02:42:49 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.09.18 02:42:49 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
Hosts file not found
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O2 - BHO: (no name) - {FC4FAA08-82BE-48A5-921F-1C50AFBA82E0} -  File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BMMGAG] C:\Programme\ThinkPad\Utilities\PWRMONIT.DLL (IBM Corp.)
O4 - HKLM..\Run: [BMMLREF] C:\Programme\ThinkPad\Utilities\BMMLREF.EXE ()
O4 - HKLM..\Run: [BMMMONWND] C:\Programme\ThinkPad\Utilities\BATINFEX.DLL (IBM Corp.)
O4 - HKLM..\Run: [ibmmessages] C:\Programme\IBM\Messages By IBM\\ibmmessages.exe ()
O4 - HKLM..\Run: [IBMPRC] C:\IBMTOOLS\utils\ibmprc.exe (IBM Corp.)
O4 - HKLM..\Run: [NWEReboot]  File not found
O4 - HKLM..\Run: [PLF1330] C:\WINDOWS\PLF1330.exe (sonix)
O4 - HKLM..\Run: [QCWLICON] C:\Programme\ThinkPad\ConnectUtilities\QCWLICON.EXE (IBM Corp.)
O4 - HKLM..\Run: [S3TRAY2] C:\WINDOWS\System32\S3Tray2.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [spc1330] C:\WINDOWS\vspc1330.exe (Sonix)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (IBM Corporation)
O4 - HKLM..\Run: [TPHOTKEY] C:\Programme\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe ()
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Programme\ThinkPad\Utilities\TpKmapAp.exe (IBM Corp.)
O4 - HKLM..\Run: [UC_SMB]  File not found
O4 - HKLM..\Run: [UC_Start] C:\Programme\IBM\Updater\\ucstartup.exe ()
O4 - HKCU..\Run: [ibmmessages] C:\Programme\IBM\Messages By IBM\ibmmessages.exe (IBM)
O4 - HKCU..\Run: [Sony Ericsson PC Suite] C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\HP Image Zone Schnellstart.lnk = C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Dokumente und Einstellungen\jana\Startmenü\Programme\Autostart\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O15 - HKCU\..Trusted Domains:  ([]msn in Arbeitsplatz)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/1.4.1/jinstall-141-win.cab (Java Plug-in 1.4.1)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.64.12
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\QConGina: DllName - QConGina.dll - C:\WINDOWS\System32\QConGina.dll (IBM Corp.)
O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll ()
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\jana\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\jana\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.12.28 17:26:29 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{28ae57a0-abcf-11df-9d53-000ae43ae219}\Shell - "" = AutoRun
O33 - MountPoints2\{28ae57a0-abcf-11df-9d53-000ae43ae219}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{28ae57a0-abcf-11df-9d53-000ae43ae219}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2011.03.08 23:08:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\jana\Anwendungsdaten\Malwarebytes
[2011.03.08 23:08:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.03.08 23:08:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2011.03.08 23:08:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2011.03.08 23:08:28 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.03.08 23:08:28 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.03.07 23:43:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\kNhPnLo15406
[2011.03.03 11:25:36 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype
[2011.01.12 23:42:19 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\cspc1330.dll
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2011.03.20 13:29:33 | 000,020,011 | ---- | M] () -- C:\Dokumente und Einstellungen\jana\Desktop\Ausgaben Kosten.ods
[2011.03.20 13:13:13 | 000,000,860 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011.03.20 12:25:01 | 000,350,272 | ---- | M] () -- C:\Dokumente und Einstellungen\jana\Desktop\la_marathon_map_2011.jpg
[2011.03.20 12:00:02 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\HPpromotions journeysoftware.job
[2011.03.20 09:56:40 | 000,000,431 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2011.03.20 09:54:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.03.20 09:54:57 | 526,897,152 | -HS- | M] () -- C:\hiberfil.sys
[2011.03.19 19:51:32 | 000,516,267 | ---- | M] () -- C:\Dokumente und Einstellungen\jana\Desktop\9saturday.pdf
[2011.03.18 23:34:44 | 000,018,778 | ---- | M] () -- C:\Dokumente und Einstellungen\jana\Desktop\Kalender Praktikum.ods
[2011.03.18 21:28:16 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011.03.18 21:24:18 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.03.14 23:49:55 | 000,015,779 | ---- | M] () -- C:\Dokumente und Einstellungen\jana\Desktop\Los Angeles Sightseeing.ods
[2011.03.14 21:33:22 | 000,041,685 | ---- | M] () -- C:\Dokumente und Einstellungen\jana\Desktop\GfK_GeoMarketing_RealEstateConsultant.pdf
[2011.03.13 03:39:17 | 000,009,876 | ---- | M] () -- C:\Dokumente und Einstellungen\jana\Desktop\Als Reicher Wohnen.ods
[2011.03.09 00:13:05 | 000,000,130 | ---- | M] () -- C:\Dokumente und Einstellungen\jana\Desktop\hosts-perm.bat
[2011.03.08 23:08:32 | 000,000,793 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.04 12:10:12 | 000,036,127 | ---- | M] () -- C:\Dokumente und Einstellungen\jana\Desktop\Video call snapshot 11.png
[2011.03.03 16:41:09 | 000,121,397 | ---- | M] () -- C:\Dokumente und Einstellungen\jana\Desktop\20110325_KLINGENSCHMIDT_66WK36.pdf
[2011.03.02 17:12:24 | 006,800,422 | ---- | M] () -- C:\Dokumente und Einstellungen\jana\Desktop\Bess-and-the-Mess.pdf
[2011.02.25 21:32:46 | 000,070,293 | ---- | M] () -- C:\Dokumente und Einstellungen\jana\Desktop\Amtrak - Reservations - Con..pdf
[2011.02.25 02:20:37 | 000,070,775 | ---- | M] () -- C:\Dokumente und Einstellungen\jana\Desktop\Amtrak - Reservierungen - Bestätigung.pdf
[2011.02.20 20:10:49 | 000,910,279 | ---- | M] () -- C:\Dokumente und Einstellungen\jana\Desktop\SKMBT_C25311022018510.pdf
[2011.02.18 22:38:03 | 000,877,884 | ---- | M] () -- C:\Dokumente und Einstellungen\jana\Desktop\720.pdf
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2011.03.20 12:24:55 | 000,350,272 | ---- | C] () -- C:\Dokumente und Einstellungen\jana\Desktop\la_marathon_map_2011.jpg
[2011.03.19 19:51:32 | 000,516,267 | ---- | C] () -- C:\Dokumente und Einstellungen\jana\Desktop\9saturday.pdf
[2011.03.14 21:33:22 | 000,041,685 | ---- | C] () -- C:\Dokumente und Einstellungen\jana\Desktop\GfK_GeoMarketing_RealEstateConsultant.pdf
[2011.03.09 00:33:08 | 526,897,152 | -HS- | C] () -- C:\hiberfil.sys
[2011.03.09 00:13:05 | 000,000,130 | ---- | C] () -- C:\Dokumente und Einstellungen\jana\Desktop\hosts-perm.bat
[2011.03.08 23:08:32 | 000,000,793 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.04 12:10:07 | 000,036,127 | ---- | C] () -- C:\Dokumente und Einstellungen\jana\Desktop\Video call snapshot 11.png
[2011.03.04 10:34:57 | 000,020,011 | ---- | C] () -- C:\Dokumente und Einstellungen\jana\Desktop\Ausgaben Kosten.ods
[2011.03.03 16:41:06 | 000,121,397 | ---- | C] () -- C:\Dokumente und Einstellungen\jana\Desktop\20110325_KLINGENSCHMIDT_66WK36.pdf
[2011.03.02 20:29:58 | 000,009,876 | ---- | C] () -- C:\Dokumente und Einstellungen\jana\Desktop\Als Reicher Wohnen.ods
[2011.03.02 17:12:24 | 006,800,422 | ---- | C] () -- C:\Dokumente und Einstellungen\jana\Desktop\Bess-and-the-Mess.pdf
[2011.02.25 21:32:43 | 000,070,293 | ---- | C] () -- C:\Dokumente und Einstellungen\jana\Desktop\Amtrak - Reservations - Con..pdf
[2011.02.25 02:20:32 | 000,070,775 | ---- | C] () -- C:\Dokumente und Einstellungen\jana\Desktop\Amtrak - Reservierungen - Bestätigung.pdf
[2011.02.20 20:10:37 | 000,910,279 | ---- | C] () -- C:\Dokumente und Einstellungen\jana\Desktop\SKMBT_C25311022018510.pdf
[2011.02.18 22:38:03 | 000,877,884 | ---- | C] () -- C:\Dokumente und Einstellungen\jana\Desktop\720.pdf
[2011.01.26 23:13:37 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2011.01.12 23:42:19 | 003,002,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\spc1330.sys
[2011.01.12 23:42:19 | 000,851,968 | ---- | C] () -- C:\WINDOWS\System32\Dll_Volume_Ctrl.dll
[2011.01.12 23:42:19 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\spc1330c.sys
[2011.01.12 23:42:19 | 000,015,497 | ---- | C] () -- C:\WINDOWS\spc1330.ini
[2010.12.09 22:27:17 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.05.29 05:06:50 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Menu.INI
[2010.05.22 12:50:53 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008.11.21 14:47:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.11.21 14:44:16 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008.10.22 12:36:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcf.INI
[2008.03.29 14:59:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007.10.13 05:08:34 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\jana\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2007.10.09 14:12:36 | 000,070,407 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2007.10.09 14:12:36 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
[2007.04.30 15:54:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2006.10.18 10:36:45 | 000,593,938 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2006.10.18 10:36:44 | 000,856,064 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006.10.18 10:36:44 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006.10.18 10:36:42 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2006.10.18 10:17:36 | 000,088,064 | ---- | C] () -- C:\Dokumente und Einstellungen\jana\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.03.14 14:43:54 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2006.02.02 14:17:47 | 000,000,722 | ---- | C] () -- C:\WINDOWS\mamba.ini
[2005.12.30 07:44:11 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005.12.30 06:27:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005.12.30 06:26:57 | 000,099,970 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005.12.30 06:26:44 | 000,003,996 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005.11.05 08:27:45 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005.11.05 08:26:42 | 000,184,320 | ---- | C] () -- C:\WINDOWS\TPBATHLP.EXE
[2005.11.05 08:25:25 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2005.11.05 08:24:50 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2005.11.05 08:24:50 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2005.11.05 08:24:14 | 000,002,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.SYS
[2005.11.05 08:20:29 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\psasrv.exe
[2005.11.05 08:12:56 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005.11.05 08:12:56 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005.11.05 08:12:56 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005.11.05 08:12:56 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005.11.05 08:12:56 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005.11.05 08:12:56 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005.11.05 08:12:25 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005.11.05 08:05:57 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2005.11.05 08:05:11 | 000,009,341 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2005.11.05 08:03:42 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TpKmpSvc.exe
[2005.11.05 08:03:29 | 000,114,688 | ---- | C] () -- C:\WINDOWS\_tpiu000.exe
[2005.11.05 07:47:32 | 000,002,458 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004.11.08 18:12:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004.08.02 15:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.03.19 13:12:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\pwdmon.dll
[2004.03.19 13:12:10 | 000,019,692 | ---- | C] () -- C:\WINDOWS\ibmprc.ini
[2004.01.09 07:10:32 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\AIBMRUNL.dll
[2003.02.24 15:43:09 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003.02.24 15:36:15 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003.02.24 15:28:30 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003.02.24 15:21:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003.02.24 15:20:28 | 000,234,368 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002.01.21 16:48:12 | 000,106,496 | ---- | C] () -- C:\WINDOWS\desktopset.exe
[2001.08.23 08:26:08 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2001.08.23 08:24:30 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[1998.10.10 15:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll
[1980.01.01 01:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[1980.01.01 01:00:00 | 000,462,896 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[1980.01.01 01:00:00 | 000,444,362 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[1980.01.01 01:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[1980.01.01 01:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[1980.01.01 01:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[1980.01.01 01:00:00 | 000,115,200 | ---- | C] () -- C:\WINDOWS\System32\tp4uires.dll
[1980.01.01 01:00:00 | 000,085,740 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[1980.01.01 01:00:00 | 000,072,238 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[1980.01.01 01:00:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\tp4unins.exe
[1980.01.01 01:00:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ibmpmsvc.exe
[1980.01.01 01:00:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\tpinspm.dll
[1980.01.01 01:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[1980.01.01 01:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[1980.01.01 01:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[1980.01.01 01:00:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll
[1980.01.01 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[1980.01.01 01:00:00 | 000,005,600 | ---- | C] () -- C:\WINDOWS\System32\tp4table.dat
[1980.01.01 01:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[1980.01.01 01:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2010.12.21 18:32:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software
[2005.11.05 08:13:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ibm
[2011.03.08 23:39:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\kNhPnLo15406
[2006.02.01 15:06:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jana\Anwendungsdaten\.BitTornado
[2010.12.20 12:43:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jana\Anwendungsdaten\DVDVideoSoft
[2010.11.28 11:29:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jana\Anwendungsdaten\DVDVideoSoftIEHelpers
[2005.12.28 19:23:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jana\Anwendungsdaten\IBM
[2005.12.30 07:18:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jana\Anwendungsdaten\ICQLite
[2005.12.28 04:16:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jana\Anwendungsdaten\InterVideo
[2011.01.02 00:16:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jana\Anwendungsdaten\OpenOffice.org
[2006.07.25 04:56:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jana\Anwendungsdaten\Samsung
[2009.08.22 02:49:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\jana\Anwendungsdaten\TeamViewer
[2005.11.05 08:26:48 | 000,000,304 | ---- | M] () -- C:\WINDOWS\Tasks\BMMTask.job
 
[color=#E56717]========== Purity Check ==========[/color]
 
 

< End of report >
HTML-Code:
OTL Extras logfile created on: 20.03.2011 19:17:31 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Dokumente und Einstellungen\jana\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
502,00 Mb Total Physical Memory | 133,00 Mb Available Physical Memory | 26,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 56,00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 32,83 Gb Total Space | 17,25 Gb Free Space | 52,55% Space Free | Partition Type: NTFS
 
Computer Name: URMEL | User Name: jana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[color=#E56717]========== System Restore Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%ProgramFiles%\IBM\Updater\jre\bin\javaw.exe" = %ProgramFiles%\IBM\Updater\jre\bin\javaw.exe:*:enabled:Java launcher -- (IBM)
"%ProgramFiles%\IBM\Updater\jre\bin\java.exe" = %ProgramFiles%\IBM\Updater\jre\bin\java.exe:*:enabled:Java launcher -- (IBM)
"C:\Programme\IBM\Updater\jre\bin\java.exe" = C:\Programme\IBM\Updater\jre\bin\java.exe:*:Enabled:Java launcher  -- (IBM)
"C:\Programme\IBM\Updater\jre\bin\javaw.exe" = C:\Programme\IBM\Updater\jre\bin\javaw.exe:*:Enabled:Java launcher  -- (IBM)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%ProgramFiles%\IBM\Updater\jre\bin\javaw.exe" = %ProgramFiles%\IBM\Updater\jre\bin\javaw.exe:*:enabled:Java launcher -- (IBM)
"%ProgramFiles%\IBM\Updater\jre\bin\java.exe" = %ProgramFiles%\IBM\Updater\jre\bin\java.exe:*:enabled:Java launcher -- (IBM)
"C:\Programme\IBM\Updater\jre\bin\java.exe" = C:\Programme\IBM\Updater\jre\bin\java.exe:*:Enabled:Java launcher  -- (IBM)
"C:\Programme\IBM\Updater\jre\bin\javaw.exe" = C:\Programme\IBM\Updater\jre\bin\javaw.exe:*:Enabled:Java launcher  -- (IBM)
"C:\Programme\BitTornado\btdownloadgui.exe" = C:\Programme\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui
"C:\Programme\BearShare\BearShare.exe" = C:\Programme\BearShare\BearShare.exe:*:Enabled:BearShare
"C:\Programme\BearShare Applications\BearShare\BearShare.exe" = C:\Programme\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare
"C:\Programme\Winamp Remote\bin\Orb.exe" = C:\Programme\Winamp Remote\bin\Orb.exe:*:Enabled:Orb
"C:\Programme\Winamp Remote\bin\OrbTray.exe" = C:\Programme\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray
"C:\Programme\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Programme\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{0FF18B53-CA57-40BB-B562-21A27B662005}" = 1600
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = IBM ThinkVantage Technologies Welcome Message
"{11783F13-C3A9-44A8-929B-21A476F65272}" = IBM Rescue and Recovery with Rapid Restore
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = IBM DLA
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor für Windows
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = Dienstprogramm 'IBM ThinkPad-Tastaturanpassung'
"{22B71A00-4DED-11D4-A5E5-0004AC564F43}" = IBM Access Connections
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{28DA872A-0848-48CF-B749-19A198157A2A}" = mDriver
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
"{40725C90-77E5-4036-B9CA-F66E3FED609A}" = Philips SPC 1330NC Webcam Driver
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{6C72E14A-C1F3-45E5-8810-83CE3C19ED63}" = IBM 32-bit Runtime Environment for Java 2, v1.4.1
"{6CE96A14-61E2-48CC-837E-22710A953ADE}" = IBM Themes
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{8745DEAB-1126-42F5-9585-C66D5497B47B}" = EMEA Wallpaper
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8D815BF3-2399-459C-B121-49373FEFB9E8}" = IBM Update Connector
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = IBM RecordNow!
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4E9D9F7-2B77-11D6-AAEC-0004769EEFEB}" = Bubble Ball
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{AC76BA86-7AD7-1031-7B44-A70000000000}" = Adobe Reader 7.0 - Deutsch
"{ADD31791-D676-4A7B-8FA8-A6EE7F1B4E5A}" = JourneySoftwarePromo
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB449D5A-7710-47aa-B9F5-352B877C90E6}" = 1600_Help
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D67B1C57-0E05-4F8C-9011-1C8BAE293782}" = Samsung PC Studio
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EA664480-3844-11D5-8C25-444553540000}" = Funktion "IBM TrackPoint-Eingabehilfen"
"{EC6AF20D-4376-4070-BEE4-D3A0DFF7E140}" = Access IBM
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F413B3A4-EE5D-457C-BAE5-6E58D9589ED5}" = Access IBM Message Center
"{F4C6CC40-1142-49be-A28C-7BBD36F0B41A}" = 1600Trb
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Blobs" = Blobs
"CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014" = IBM Integrated 56K Modem
"CutePDF Writer Installation" = CutePDF Writer 2.8
"EasyEject Utility" = Dienstprogramm 'IBM ThinkPad EasyEject'
"Google Updater" = Google Updater
"HP Photo & Imaging" = HP Image Zone 4.7
"InstallShield_{6C72E14A-C1F3-45E5-8810-83CE3C19ED63}" = IBM 32-bit Runtime Environment for Java 2, v1.4.1
"KLiteCodecPack_is1" = K-Lite Codec Pack 2.77 Full
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"PlexUtil" = SmartPack 1.19.0
"Power Features" = IBM ThinkPad 'Akku-MaxiMiser' und Stromsparfunktionen
"Power Management Driver" = IBM ThinkPad Power Management Driver
"Power Tools_is1" = Power Tools 1.05
"Presentation Director" = IBM ThinkPad 'Präsentationsdirektor'
"ProInst" = Intel(R) PROSet/Wireless Software
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"ThinkPad Configuration" = IBM ThinkPad-Konfiguration
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"ThinkPadSoftwareInstaller" = Installationsprogramm für ThinkPad-Software
"TrackPoint" = IBM TrackPoint Support
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Winamp Toolbar for Firefox" = Winamp Toolbar for Firefox
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinRAR archiver" = WinRAR Archivierer
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 02.03.2011 20:55:48 | Computer Name = URMEL | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung plugin-container.exe, Version 1.9.2.4066,
 fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.3520, Fehleradresse 0x0000100b.
 
Error - 03.03.2011 01:08:59 | Computer Name = URMEL | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung soffice.bin, Version 3.2.9498.500, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 03.03.2011 01:09:01 | Computer Name = URMEL | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung soffice.bin, Version 3.2.9498.500, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 03.03.2011 01:09:01 | Computer Name = URMEL | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung soffice.bin, Version 3.2.9498.500, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 11.03.2011 03:20:02 | Computer Name = URMEL | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung plugin-container.exe, Version 1.9.2.4079,
 fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.3520, Fehleradresse 0x0000100b.
 
Error - 13.03.2011 00:50:52 | Computer Name = URMEL | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 1.9.2.4079, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 13.03.2011 00:50:58 | Computer Name = URMEL | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 1.9.2.4079, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 13.03.2011 00:51:31 | Computer Name = URMEL | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung plugin-container.exe, Version 1.9.2.4079,
 fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.3520, Fehleradresse 0x0000100b.
 
Error - 20.03.2011 22:16:50 | Computer Name = URMEL | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.22.3, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 20.03.2011 22:16:50 | Computer Name = URMEL | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.22.3, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
[ System Events ]
Error - 17.03.2011 21:27:58 | Computer Name = URMEL | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  Cdrom  Imapi  redbook  Smapint
 
Error - 17.03.2011 21:28:23 | Computer Name = URMEL | Source = ipnathlp | ID = 30013
Description = Die DHCP-Zuweisung wurde für IP-Adresse 192.168.1.2 deaktiviert, da
die
 IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt,  von der die Adressen
 DHCP-Clients zu gewiesen werden. Ändern  Sie den Bereich, sodass die IP-Adresse mit
 einbezogen wird,  oder ändern Sie die IP-Adresse, sodass sie innerhalb dieses  Bereichs
 liegt, um die DHCP-Zuweisung zu aktivieren.
 
Error - 19.03.2011 00:24:41 | Computer Name = URMEL | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  Cdrom  Imapi  redbook  Smapint
 
Error - 19.03.2011 00:25:09 | Computer Name = URMEL | Source = ipnathlp | ID = 30013
Description = Die DHCP-Zuweisung wurde für IP-Adresse 192.168.1.2 deaktiviert, da
die
 IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt,  von der die Adressen
 DHCP-Clients zu gewiesen werden. Ändern  Sie den Bereich, sodass die IP-Adresse mit
 einbezogen wird,  oder ändern Sie die IP-Adresse, sodass sie innerhalb dieses  Bereichs
 liegt, um die DHCP-Zuweisung zu aktivieren.
 
Error - 19.03.2011 22:43:18 | Computer Name = URMEL | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  Cdrom  Imapi  redbook  Smapint
 
Error - 19.03.2011 22:43:41 | Computer Name = URMEL | Source = ipnathlp | ID = 30013
Description = Die DHCP-Zuweisung wurde für IP-Adresse 192.168.1.2 deaktiviert, da
die
 IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt,  von der die Adressen
 DHCP-Clients zu gewiesen werden. Ändern  Sie den Bereich, sodass die IP-Adresse mit
 einbezogen wird,  oder ändern Sie die IP-Adresse, sodass sie innerhalb dieses  Bereichs
 liegt, um die DHCP-Zuweisung zu aktivieren.
 
Error - 20.03.2011 12:55:27 | Computer Name = URMEL | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  Cdrom  Imapi  redbook  Smapint
 
Error - 20.03.2011 12:56:40 | Computer Name = URMEL | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst HTTP-SSL.
 
Error - 20.03.2011 12:56:40 | Computer Name = URMEL | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HTTP-SSL" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%1053
 
Error - 20.03.2011 12:56:40 | Computer Name = URMEL | Source = ipnathlp | ID = 30013
Description = Die DHCP-Zuweisung wurde für IP-Adresse 192.168.1.2 deaktiviert, da
die
 IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt,  von der die Adressen
 DHCP-Clients zu gewiesen werden. Ändern  Sie den Bereich, sodass die IP-Adresse mit
 einbezogen wird,  oder ändern Sie die IP-Adresse, sodass sie innerhalb dieses  Bereichs
 liegt, um die DHCP-Zuweisung zu aktivieren.
 
 
< End of report >
Vielen Dank und beste Grüße
Gargamel

P.S.
Email etc. habe ich seitdem schon wieder benutzt, auf Online Banking aber verzichtet. Was meint ihr dazu?

cosinus 21.03.2011 10:42
Hi,

bitte Malwarebytes updaten und einen Vollscan machen. Der letzte Vollscan liegt schon 2 Wochen zurück.

Gargamel456 22.03.2011 07:35
Alles klar, hier das logfile:

HTML-Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6127

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

21.03.2011 23:31:02
mbam-log-2011-03-21 (23-31-02).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 209315
Laufzeit: 1 Stunde(n), 34 Minute(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus 22.03.2011 11:16
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
[2011.03.08 23:39:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\kNhPnLo15406
[2011.03.07 23:43:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\kNhPnLo15406
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.12.28 17:26:29 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{28ae57a0-abcf-11df-9d53-000ae43ae219}\Shell - "" = AutoRun
O33 - MountPoints2\{28ae57a0-abcf-11df-9d53-000ae43ae219}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{28ae57a0-abcf-11df-9d53-000ae43ae219}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O4 - HKLM..\Run: []  File not found
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Gargamel456 23.03.2011 07:40
Alles klar, erledigt. Hier das logfile von OTL:

HTML-Code:
All processes killed
========== OTL ==========
Folder C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\kNhPnLo15406\ not found.
Folder C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\kNhPnLo15406\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{28ae57a0-abcf-11df-9d53-000ae43ae219}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28ae57a0-abcf-11df-9d53-000ae43ae219}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{28ae57a0-abcf-11df-9d53-000ae43ae219}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28ae57a0-abcf-11df-9d53-000ae43ae219}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{28ae57a0-abcf-11df-9d53-000ae43ae219}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28ae57a0-abcf-11df-9d53-000ae43ae219}\ not found.
File E:\AutoRun.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
========== COMMANDS ==========
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Besitzer
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 41 bytes
 
User: jana
->Temp folder emptied: 364756474 bytes
->Temporary Internet Files folder emptied: 48562246 bytes
->Java cache emptied: 59309323 bytes
->FireFox cache emptied: 54323789 bytes
->Flash cache emptied: 41226 bytes
 
User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19528 bytes
%systemroot%\System32 .tmp files removed: 365447 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 19129622 bytes
RecycleBin emptied: 1314557291 bytes
 
Total Files Cleaned = 1.775,00 mb
 
 
OTL by OldTimer - Version 3.2.22.3 log created on 03222011_232730

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus 23.03.2011 10:32
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Gargamel456 24.03.2011 19:17
Also CCleander habe ich abgearbeitet und es hat einwandfrei funktioniert. Combofix leider nicht. Ich habe Combofix installiert und die Wiederherstellungskonsole wurde auch installiert, allerdings kam zu Beginn des Programms die meldung, dass mein Virenprogramm noch aktiviert sei (Avira AntiVir), obwohl ich dieses deaktiviert hatte. Beim starten von combofix hing sich das programm dann auf, nachdem ca. 45 min nichts anderes als die meldung "Suche nach infizierten Dateien laeuft, dauert ca. 10 minuten, bei stark infizierten rechnern auch doppelt so lange". Weiter ging es nicht. Ich habe es dann noch mehrmals versucht, die Meldung von antivir kam am anfang immer, selbst nachdem ich das programm deinstalliert habe. Ich habe combofix auch ueber nacht nochmal probiert durchzufuehren, aber auch das ging nicht, es blieb immer an der stelle haengen.
Woran kann das liegen?

cosinus 24.03.2011 19:28
Hm, starte Windows neu, lade die cofi.exe neu runter und probier es nochmal. CF hat manchmal "Anlaufprobleme" ;)

Gargamel456 25.03.2011 21:05
Es hat leider immer noch nicht funktioniert. Es wurde auch immer noch die Meldung mit dem Virenscanner angezeigt, obwohl ich das definitiv deinstalliert habe. Komischerweise wird auch im Windows Sicherheitscenter der Virenschutz als aktiv angegeben. Firewall habe ich deaktiviert.
Was mache ich nun am besten?

cosinus 26.03.2011 18:13
Probier CF bitte mal im abgesicherten Modus aus.

Gargamel456 28.03.2011 19:36
Auch das hat leider nicht funktioniert :killpc:

cosinus 28.03.2011 19:57
Dann erstmal dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Gargamel456 29.03.2011 07:11
Okay hier das TDSS Killer logfile
HTML-Code:
2011/03/28 23:03:57.0664 1596        TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/28 23:03:58.0114 1596        ================================================================================
2011/03/28 23:03:58.0114 1596        SystemInfo:
2011/03/28 23:03:58.0114 1596       
2011/03/28 23:03:58.0114 1596        OS Version: 5.1.2600 ServicePack: 2.0
2011/03/28 23:03:58.0114 1596        Product type: Workstation
2011/03/28 23:03:58.0114 1596        ComputerName: URMEL
2011/03/28 23:03:58.0114 1596        UserName: jana
2011/03/28 23:03:58.0114 1596        Windows directory: C:\WINDOWS
2011/03/28 23:03:58.0114 1596        System windows directory: C:\WINDOWS
2011/03/28 23:03:58.0114 1596        Processor architecture: Intel x86
2011/03/28 23:03:58.0114 1596        Number of processors: 1
2011/03/28 23:03:58.0114 1596        Page size: 0x1000
2011/03/28 23:03:58.0114 1596        Boot type: Normal boot
2011/03/28 23:03:58.0114 1596        ================================================================================
2011/03/28 23:03:58.0625 1596        Initialize success
2011/03/28 23:04:10.0993 3760        ================================================================================
2011/03/28 23:04:10.0993 3760        Scan started
2011/03/28 23:04:10.0993 3760        Mode: Manual;
2011/03/28 23:04:10.0993 3760        ================================================================================
2011/03/28 23:04:11.0413 3760        abp480n5        (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
2011/03/28 23:04:11.0463 3760        ac97intc        (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
2011/03/28 23:04:11.0513 3760        ACPI            (94b4741d2cf9ed38140b831293d1601a) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/03/28 23:04:11.0594 3760        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/03/28 23:04:11.0644 3760        adpu160m        (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
2011/03/28 23:04:11.0694 3760        aeaudio        (75bee80a25fc7f690dcd57570dc159c1) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/03/28 23:04:11.0774 3760        aec            (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/03/28 23:04:11.0814 3760        AegisP          (f498fd605c08404b20a48954c722ff74) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/03/28 23:04:11.0884 3760        AFD            (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/03/28 23:04:11.0924 3760        agp440          (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\System32\DRIVERS\agp440.sys
2011/03/28 23:04:11.0964 3760        agpCPQ          (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
2011/03/28 23:04:12.0014 3760        Aha154x        (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
2011/03/28 23:04:12.0054 3760        aic78u2        (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
2011/03/28 23:04:12.0184 3760        aic78xx        (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
2011/03/28 23:04:12.0235 3760        AliIde          (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
2011/03/28 23:04:12.0285 3760        alim1541        (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\System32\DRIVERS\alim1541.sys
2011/03/28 23:04:12.0345 3760        amdagp          (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\System32\DRIVERS\amdagp.sys
2011/03/28 23:04:12.0425 3760        amsint          (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
2011/03/28 23:04:12.0465 3760        ANC            (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS
2011/03/28 23:04:12.0515 3760        asc            (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
2011/03/28 23:04:12.0545 3760        asc3350p        (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
2011/03/28 23:04:12.0585 3760        asc3550        (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
2011/03/28 23:04:12.0655 3760        AsyncMac        (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/03/28 23:04:12.0695 3760        atapi          (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/03/28 23:04:12.0775 3760        Atmarpc        (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/03/28 23:04:12.0805 3760        audstub        (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/03/28 23:04:12.0855 3760        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/03/28 23:04:13.0276 3760        cbidf          (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
2011/03/28 23:04:13.0306 3760        cbidf2k        (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/03/28 23:04:13.0366 3760        CCDECODE        (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/03/28 23:04:13.0416 3760        cd20xrnt        (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
2011/03/28 23:04:13.0476 3760        Cdaudio        (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/03/28 23:04:13.0506 3760        Cdfs            (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/03/28 23:04:13.0546 3760        Cdrom          (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/03/28 23:04:13.0647 3760        CmBatt          (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/03/28 23:04:13.0677 3760        CmdIde          (c687f81290303d90099b027a6474f99f) C:\WINDOWS\System32\DRIVERS\cmdide.sys
2011/03/28 23:04:13.0697 3760        Compbatt        (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/03/28 23:04:13.0777 3760        Cpqarray        (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
2011/03/28 23:04:13.0837 3760        dac2w2k        (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
2011/03/28 23:04:13.0877 3760        dac960nt        (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
2011/03/28 23:04:13.0937 3760        Disk            (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/03/28 23:04:14.0027 3760        dmboot          (5789b83ba87fc84c3568cf86cacef8ce) C:\WINDOWS\system32\drivers\dmboot.sys
2011/03/28 23:04:14.0147 3760        dmio            (084eb0a50a4f7b4705c8a57f234e5291) C:\WINDOWS\system32\drivers\dmio.sys
2011/03/28 23:04:14.0187 3760        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/03/28 23:04:14.0237 3760        DMusic          (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/03/28 23:04:14.0297 3760        dpti2o          (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
2011/03/28 23:04:14.0378 3760        drmkaud        (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/03/28 23:04:14.0418 3760        drvmcdb        (f41619ae216b51d68dda163805eefaa9) C:\WINDOWS\system32\drivers\drvmcdb.sys
2011/03/28 23:04:14.0478 3760        drvnddm        (b295700e684ed1984db1d6be40354421) C:\WINDOWS\system32\drivers\drvnddm.sys
2011/03/28 23:04:14.0548 3760        E100B          (afee15c5b16317ebf17f79cc1843465a) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/03/28 23:04:14.0628 3760        Fastfat        (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/03/28 23:04:14.0688 3760        Fdc            (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/03/28 23:04:14.0728 3760        Fips            (9e9af89f9b14aa6249065c309ce73bd8) C:\WINDOWS\system32\drivers\Fips.sys
2011/03/28 23:04:14.0768 3760        Flpydisk        (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/03/28 23:04:14.0818 3760        FltMgr          (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/03/28 23:04:14.0928 3760        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/03/28 23:04:14.0988 3760        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/03/28 23:04:15.0049 3760        Gpc            (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/03/28 23:04:15.0149 3760        HidUsb          (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/03/28 23:04:15.0229 3760        hpn            (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
2011/03/28 23:04:15.0299 3760        HPZid412        (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/03/28 23:04:15.0369 3760        HPZipr12        (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/03/28 23:04:15.0439 3760        HPZius12        (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/03/28 23:04:15.0519 3760        HSFHWICH        (62003dbef083dc07e5399f44fb4e22bc) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
2011/03/28 23:04:15.0609 3760        HSF_DP          (f41cd40b94d91edf9443a527053ec549) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/03/28 23:04:15.0760 3760        HTTP            (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/03/28 23:04:15.0900 3760        i2omgmt        (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/03/28 23:04:15.0950 3760        i2omp          (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\System32\DRIVERS\i2omp.sys
2011/03/28 23:04:15.0980 3760        i8042prt        (7c575018d0413440d75432a78b88c899) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/03/28 23:04:16.0100 3760        ialm            (45a59e73868cc93fd74b5be4d6707762) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/03/28 23:04:16.0160 3760        ibmfilter      (4dc41ab5aa3f96fa7f01587dd9ccf467) C:\WINDOWS\system32\drivers\ibmfilter.sys
2011/03/28 23:04:16.0210 3760        IBMPMDRV        (b9ad9ebe354af205277fdbfce5c5daec) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
2011/03/28 23:04:16.0250 3760        IBMTPCHK        (73893e9a62d869a0409df9c12a0ebefe) C:\WINDOWS\system32\drivers\IBMBLDID.SYS
2011/03/28 23:04:16.0421 3760        Imapi          (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/03/28 23:04:16.0461 3760        ini910u        (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
2011/03/28 23:04:16.0511 3760        IntelIde        (d63c33f65f6ebc732116403d88883b2d) C:\WINDOWS\System32\DRIVERS\intelide.sys
2011/03/28 23:04:16.0561 3760        intelppm        (c1c2cc1da79c5ee10457ef0a3b8568c7) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/03/28 23:04:16.0631 3760        ip6fw          (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/03/28 23:04:16.0661 3760        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/03/28 23:04:16.0711 3760        IpInIp          (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/03/28 23:04:16.0781 3760        IpNat          (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/03/28 23:04:16.0821 3760        IPSec          (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/03/28 23:04:16.0861 3760        IRENUM          (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/03/28 23:04:16.0901 3760        isapnp          (ce9b7afdf0a3d7dd8d1487262316b959) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/03/28 23:04:16.0981 3760        k750bus        (fe8300320281d658a7854d5cfc02a63f) C:\WINDOWS\system32\DRIVERS\k750bus.sys
2011/03/28 23:04:17.0021 3760        k750mdfl        (f44521f63c0c00364fa3d59db980de6a) C:\WINDOWS\system32\DRIVERS\k750mdfl.sys
2011/03/28 23:04:17.0061 3760        k750mdm        (e93323c3ed5e8923a177740a973c27b2) C:\WINDOWS\system32\DRIVERS\k750mdm.sys
2011/03/28 23:04:17.0132 3760        k750mgmt        (9d5f5a70ca0b7c428efcd73db50e6ac7) C:\WINDOWS\system32\DRIVERS\k750mgmt.sys
2011/03/28 23:04:17.0222 3760        k750obex        (81ca2d57b2c14f76f4ba80846784bb3d) C:\WINDOWS\system32\DRIVERS\k750obex.sys
2011/03/28 23:04:17.0282 3760        Kbdclass        (b128fc0a5cd83f669d5de4b58f77c7d6) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/03/28 23:04:17.0352 3760        kbdhid          (7ec877aa899323b92874fe62c7ddcde7) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/03/28 23:04:17.0452 3760        kmixer          (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/03/28 23:04:17.0522 3760        KSecDD          (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/03/28 23:04:17.0652 3760        ltmodem5        (0fc7679b0c1f62c7a1798afe23917f6c) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
2011/03/28 23:04:17.0732 3760        mdmxsdk        (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/03/28 23:04:17.0783 3760        mnmdd          (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/03/28 23:04:17.0833 3760        Modem          (91a3da4b12f6f1d760463a7f7857f748) C:\WINDOWS\system32\drivers\Modem.sys
2011/03/28 23:04:17.0923 3760        Mouclass        (71e15ca47fd947552054afb28536268f) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/03/28 23:04:17.0993 3760        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/03/28 23:04:18.0033 3760        MountMgr        (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/03/28 23:04:18.0103 3760        mraid35x        (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
2011/03/28 23:04:18.0163 3760        MRxDAV          (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/03/28 23:04:18.0233 3760        MRxSmb          (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/03/28 23:04:18.0293 3760        Msfs            (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/03/28 23:04:18.0433 3760        MSKSSRV        (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/03/28 23:04:18.0504 3760        MSPCLOCK        (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/03/28 23:04:18.0544 3760        MSPQM          (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/03/28 23:04:18.0594 3760        mssmbios        (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/03/28 23:04:18.0714 3760        MSTEE          (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/03/28 23:04:18.0744 3760        Mup            (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/03/28 23:04:18.0824 3760        NABTSFEC        (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/03/28 23:04:18.0874 3760        NDIS            (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/03/28 23:04:18.0914 3760        NdisIP          (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/03/28 23:04:18.0954 3760        NdisTapi        (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/03/28 23:04:18.0994 3760        Ndisuio        (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/03/28 23:04:19.0034 3760        NdisWan        (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/03/28 23:04:19.0074 3760        NDProxy        (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/03/28 23:04:19.0124 3760        NetBIOS        (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/03/28 23:04:19.0175 3760        NetBT          (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/28 23:04:19.0275 3760        Npfs            (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/03/28 23:04:19.0385 3760        NSCIRDA        (6216798d29c3ba9d0d6f40bbbab694a5) C:\WINDOWS\system32\DRIVERS\nscirda.sys
2011/03/28 23:04:19.0535 3760        Ntfs            (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/03/28 23:04:19.0685 3760        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/03/28 23:04:19.0725 3760        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/03/28 23:04:19.0755 3760        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/03/28 23:04:19.0815 3760        P3              (118c1004e38fddb5f832a182e6ef6f40) C:\WINDOWS\system32\DRIVERS\p3.sys
2011/03/28 23:04:19.0845 3760        Parport        (b2f17a2edb5450e61973a037f63a595b) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/03/28 23:04:19.0896 3760        PartMgr        (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/03/28 23:04:19.0946 3760        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/03/28 23:04:20.0006 3760        PCI            (6fb463e5b243fbd6f3d3c83f914d94fb) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/03/28 23:04:20.0136 3760        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/03/28 23:04:20.0176 3760        Pcmcia          (e2363f4c1daff89abee5f593e13d8a05) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/03/28 23:04:20.0396 3760        perc2          (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
2011/03/28 23:04:20.0426 3760        perc2hib        (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
2011/03/28 23:04:20.0546 3760        phaudlwr        (427e58b9357fba0fdcec08f3930a7325) C:\WINDOWS\system32\DRIVERS\phaudlwr.sys
2011/03/28 23:04:20.0627 3760        PMEM            (fa292805788528c083f416e151b60ab6) C:\WINDOWS\SYSTEM32\Drivers\PMEMNT.SYS
2011/03/28 23:04:20.0677 3760        PptpMiniport    (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/03/28 23:04:20.0707 3760        Processor      (3d7f196e77f986c106e9320b81a5ebbf) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/03/28 23:04:20.0757 3760        psadd          (dc23b0d9a0282cb0d8281dbda431ac14) C:\WINDOWS\system32\Drivers\psadd.sys
2011/03/28 23:04:20.0797 3760        PSched          (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/03/28 23:04:20.0837 3760        Ptilink        (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/03/28 23:04:20.0867 3760        PxHelp20        (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/03/28 23:04:20.0907 3760        QCNDISIF        (8127cd3d08a48793d2c155fb4d9af8ef) C:\WINDOWS\system32\drivers\qcndisif.SYS
2011/03/28 23:04:20.0947 3760        ql1080          (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
2011/03/28 23:04:20.0987 3760        Ql10wnt        (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
2011/03/28 23:04:21.0027 3760        ql12160        (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
2011/03/28 23:04:21.0077 3760        ql1240          (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
2011/03/28 23:04:21.0107 3760        ql1280          (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
2011/03/28 23:04:21.0157 3760        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/28 23:04:21.0227 3760        Rasirda        (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2011/03/28 23:04:21.0308 3760        Rasl2tp        (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/03/28 23:04:21.0418 3760        RasPppoe        (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/03/28 23:04:21.0448 3760        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/03/28 23:04:21.0528 3760        Rdbss          (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/03/28 23:04:21.0618 3760        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/03/28 23:04:21.0708 3760        rdpdr          (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/03/28 23:04:21.0788 3760        RDPWD          (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/03/28 23:04:21.0838 3760        redbook        (aa56702e230860565cb8d43680f57f33) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/03/28 23:04:21.0959 3760        s0017bus        (594ff5620661d1386475406e78cb6f2f) C:\WINDOWS\system32\DRIVERS\s0017bus.sys
2011/03/28 23:04:22.0019 3760        s0017mdfl      (7258f550419d543bc5c8e80c578a5d54) C:\WINDOWS\system32\DRIVERS\s0017mdfl.sys
2011/03/28 23:04:22.0079 3760        s0017mdm        (1de4f6607feb17a15dbd4f1b139e6d2f) C:\WINDOWS\system32\DRIVERS\s0017mdm.sys
2011/03/28 23:04:22.0139 3760        s0017mgmt      (9814e6bacc06d2526cd52981c7eeedf0) C:\WINDOWS\system32\DRIVERS\s0017mgmt.sys
2011/03/28 23:04:22.0219 3760        s0017nd5        (2c62cd58225973f26682cd4f783ddede) C:\WINDOWS\system32\DRIVERS\s0017nd5.sys
2011/03/28 23:04:22.0259 3760        s0017obex      (f87c3422e84b2fb1b43e0a26247ad5a5) C:\WINDOWS\system32\DRIVERS\s0017obex.sys
2011/03/28 23:04:22.0349 3760        s0017unic      (df5e7360a0afa5956bf75da683d0679f) C:\WINDOWS\system32\DRIVERS\s0017unic.sys
2011/03/28 23:04:22.0419 3760        s24trans        (85a26a3bb748dfd3170cdbf45b0dd7fd) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2011/03/28 23:04:22.0459 3760        S3SSavage      (a94aa8161dd4711bc6f732f21d6407d6) C:\WINDOWS\system32\DRIVERS\s3ssavm.sys
2011/03/28 23:04:22.0569 3760        sdcplh          (dac1594437cd44ff57fafc71256fe7f3) C:\WINDOWS\system32\drivers\sdcplh.sys
2011/03/28 23:04:22.0639 3760        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/03/28 23:04:22.0700 3760        serenum        (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/03/28 23:04:22.0750 3760        Serial          (cd5b9995afcdb466c9efc048d167e3be) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/03/28 23:04:22.0820 3760        Sfloppy        (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/03/28 23:04:22.0940 3760        sisagp          (732d859b286da692119f286b21a2a114) C:\WINDOWS\System32\DRIVERS\sisagp.sys
2011/03/28 23:04:23.0010 3760        SLIP            (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/03/28 23:04:23.0130 3760        smwdm          (710a9684bf50e6fe7c227b9de41159da) C:\WINDOWS\system32\drivers\smwdm.sys
2011/03/28 23:04:23.0250 3760        SONYPVU1        (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/03/28 23:04:23.0280 3760        Sparrow        (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
2011/03/28 23:04:23.0521 3760        SPC1330        (5394c248e55aa8ade12f0424ef6f4981) C:\WINDOWS\system32\DRIVERS\spc1330.sys
2011/03/28 23:04:23.0691 3760        splitter        (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/03/28 23:04:23.0781 3760        sr              (e4200cb2f418d8fc4acdd7e38c419d6a) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/03/28 23:04:23.0871 3760        Srv            (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/03/28 23:04:23.0951 3760        sscdbhk5        (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2011/03/28 23:04:24.0031 3760        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/03/28 23:04:24.0102 3760        ssrtln          (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
2011/03/28 23:04:24.0182 3760        streamip        (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/03/28 23:04:24.0222 3760        swenum          (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/03/28 23:04:24.0282 3760        swmidi          (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/03/28 23:04:24.0402 3760        symc810        (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
2011/03/28 23:04:24.0442 3760        symc8xx        (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
2011/03/28 23:04:24.0532 3760        sym_hi          (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
2011/03/28 23:04:24.0612 3760        sym_u3          (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
2011/03/28 23:04:24.0682 3760        sysaudio        (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/03/28 23:04:24.0783 3760        Tcpip          (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/03/28 23:04:24.0843 3760        TDPIPE          (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/03/28 23:04:24.0883 3760        TDSMAPI        (139b4d397d51cf60d6585597b1cf2f51) C:\WINDOWS\system32\drivers\TDSMAPI.SYS
2011/03/28 23:04:24.0923 3760        TDTCP          (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/03/28 23:04:24.0963 3760        TermDD          (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/28 23:04:25.0063 3760        tfsnboio        (1797f3375b4bf20e81d69ac8b11445b5) C:\WINDOWS\system32\dla\tfsnboio.sys
2011/03/28 23:04:25.0133 3760        tfsncofs        (019ba601cb71a71143aed94f2db26250) C:\WINDOWS\system32\dla\tfsncofs.sys
2011/03/28 23:04:25.0163 3760        tfsndrct        (87269d7fa6df7ef84b83bf5b0d2e031c) C:\WINDOWS\system32\dla\tfsndrct.sys
2011/03/28 23:04:25.0193 3760        tfsndres        (b4fb34f46971e56ccd8b8ac6936add58) C:\WINDOWS\system32\dla\tfsndres.sys
2011/03/28 23:04:25.0283 3760        tfsnifs        (2a144ec7557efb9758d1c121688ebaf5) C:\WINDOWS\system32\dla\tfsnifs.sys
2011/03/28 23:04:25.0333 3760        tfsnopio        (1aa2c61a846efbc200703e8dc250297f) C:\WINDOWS\system32\dla\tfsnopio.sys
2011/03/28 23:04:25.0373 3760        tfsnpool        (b3b0b6616cae23ab1a4a5898ca6d5552) C:\WINDOWS\system32\dla\tfsnpool.sys
2011/03/28 23:04:25.0413 3760        tfsnudf        (1614a1e396f296138d3fb1728f385e0b) C:\WINDOWS\system32\dla\tfsnudf.sys
2011/03/28 23:04:25.0464 3760        tfsnudfa        (e5d5b8dde8c221fedc88680631294155) C:\WINDOWS\system32\dla\tfsnudfa.sys
2011/03/28 23:04:25.0534 3760        TosIde          (d213a9247dc347f305a2d4cc9b951487) C:\WINDOWS\System32\DRIVERS\toside.sys
2011/03/28 23:04:25.0604 3760        Tp4Track        (eef2d6e4ec9f24be67572c60f3778f8d) C:\WINDOWS\system32\DRIVERS\tp4track.sys
2011/03/28 23:04:25.0634 3760        TPHKDRV        (63421f480e7cd375329ace8588fed1ac) C:\WINDOWS\system32\drivers\TPHKDRV.sys
2011/03/28 23:04:25.0684 3760        TPPWR          (dc5c49a5f38d377f7c9a99a5b0c4d1a0) C:\WINDOWS\system32\drivers\Tppwr.sys
2011/03/28 23:04:25.0734 3760        TSMAPIP        (f2aba3066d7921d7fcdbd66dea88be11) C:\WINDOWS\system32\drivers\TSMAPIP.SYS
2011/03/28 23:04:25.0774 3760        TwoTrack        (17687545f77a648af7f9f1064eb61191) C:\WINDOWS\system32\DRIVERS\TwoTrack.sys
2011/03/28 23:04:25.0814 3760        Udfs            (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/03/28 23:04:25.0864 3760        ultra          (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
2011/03/28 23:04:25.0964 3760        Update          (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
2011/03/28 23:04:26.0125 3760        usbaudio        (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/03/28 23:04:26.0195 3760        usbccgp        (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/03/28 23:04:26.0235 3760        usbehci        (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/03/28 23:04:26.0275 3760        usbhub          (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/03/28 23:04:26.0355 3760        usbprint        (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/03/28 23:04:26.0425 3760        usbscan        (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/03/28 23:04:26.0455 3760        USBSTOR        (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/03/28 23:04:26.0525 3760        usbuhci        (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/03/28 23:04:26.0555 3760        VgaSave        (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/03/28 23:04:26.0605 3760        viaagp          (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\System32\DRIVERS\viaagp.sys
2011/03/28 23:04:26.0645 3760        ViaIde          (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\System32\DRIVERS\viaide.sys
2011/03/28 23:04:26.0685 3760        VolSnap        (d6888520ff56d72a50437e371ca25fc9) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/28 23:04:26.0936 3760        w29n51          (39ac581f5b57e3074e3e5cdab9e7dff1) C:\WINDOWS\system32\DRIVERS\w29n51.sys
2011/03/28 23:04:27.0206 3760        Wanarp          (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/03/28 23:04:27.0306 3760        Wdf01000        (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/03/28 23:04:27.0456 3760        wdmaud          (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/03/28 23:04:27.0577 3760        winachsf        (542a5f528a6cfebb4487b09538596d78) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/03/28 23:04:27.0827 3760        WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/03/28 23:04:27.0917 3760        WSTCODEC        (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/03/28 23:04:27.0997 3760        WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/03/28 23:04:28.0037 3760        WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/03/28 23:04:28.0318 3760        ================================================================================
2011/03/28 23:04:28.0318 3760        Scan finished
2011/03/28 23:04:28.0318 3760        ================================================================================

cosinus 29.03.2011 13:28
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

Gargamel456 01.04.2011 07:27
Okay, vielen Dank fuer die anleitung:

GMER:

GMER Logfile:
Code:
GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-03-31 23:05:10
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 HTS541040G9AT00 rev.MB2IA60A
Running: ytonl2di.exe; Driver: C:\DOKUME~1\jana\LOKALE~1\Temp\pgtdapow.sys


---- User code sections - GMER 1.0.15 ----

.text          C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2416] USER32.dll!DefWindowProcA + 11A    7E36D608 7 Bytes  JMP 1004BF70 C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
.text          C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2416] USER32.dll!SetWindowRgn + 2BB      7E37026D 7 Bytes  JMP 1004BE30 C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
.text          C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2416] USER32.dll!SetClipboardData + 19D  7E3810FB 7 Bytes  JMP 1004BF50 C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
.text          C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2416] USER32.dll!MessageBoxA + 49        7E3A05D3 7 Bytes  JMP 1004C040 C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
.text          C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2416] USER32.dll!MessageBoxExW + 1F      7E3A05F7 7 Bytes  JMP 1004C090 C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
.text          C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2416] USER32.dll!MessageBoxTimeoutA + CA  7E3B62A6 7 Bytes  JMP 1004BFC0 C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                    ibmfilter.sys (IBM FFE and RRU filter driver/IBM)

Device          \FileSystem\Fastfat \Fat                                                                                  EE434C8A
Device          \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer                                                        tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device          \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer                                                        tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device          \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer                                                            tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device          \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer                                                          tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device          \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer                                                        tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout                        15
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota                          10000
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler                                        yes
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk                                       
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout                        90
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota                          10000

---- EOF - GMER 1.0.15 ----
--- --- ---


OSAM:

OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 23:22:57 on 31.03.2011

OS: Windows XP Home Edition Service Pack 2 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.6.16

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"BMMTask.job" - ? - C:\PROGRA~1\ThinkPad\UTILIT~1\BMMTASK.EXE  (File found, but it contains no detailed information)
"Google Software Updater.job" - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"HPpromotions journeysoftware.job" - "hp" - C:\Programme\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"IBMJavaPlugin141.cpl" - "IBM" - C:\WINDOWS\system32\IBMJavaPlugin141.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"PhAudioFilter.cpl" - "Philips Applied Technologies" - C:\WINDOWS\system32\PhAudioFilter.cpl
"tp4ex.cpl" - "IBM Corporation" - C:\WINDOWS\system32\tp4ex.cpl
"TP98.CPL" - "IBM Corp." - C:\WINDOWS\system32\TP98.CPL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir PersonalEdition Classic " - ? - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl  (File not found)
"Avira AntiVir PersonalEdition Classic Konfiguration" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl  (File not found)
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"11c534c4-6686-4829-9181-0c7138c232c4" (11c534c4-6686-4829-9181-0c7138c232c4) - ? - D:\Player\cds300.dll  (File not found)
"5461eb35-d328-447b-9da1-7063764bec28" (5461eb35-d328-447b-9da1-7063764bec28) - ? - D:\Player\cds300.dll  (File not found)
"AEGIS Protocol (IEEE 802.1x) v3.1.6.0" (AegisP) - "Meetinghouse Data Communications" - C:\WINDOWS\System32\DRIVERS\AegisP.sys
"ANC" (ANC) - "IBM Corp." - C:\WINDOWS\System32\drivers\ANC.SYS
"Apple Mobile USB Driver" (USBAAPL) - ? - C:\WINDOWS\System32\Drivers\usbaapl.sys  (File not found)
"Bluetooth-Audiogerät" (btaudio) - ? - C:\WINDOWS\System32\drivers\btaudio.sys  (File not found)
"Bluetooth-Bus-Enumerator" (btkrnl) - ? - C:\WINDOWS\System32\DRIVERS\btkrnl.sys  (File not found)
"Bluetooth-LAN-Zugangsserver" (BTWDNDIS) - ? - C:\WINDOWS\System32\DRIVERS\btwdndis.sys  (File not found)
"btwhid" (btwhid) - ? - C:\WINDOWS\System32\DRIVERS\btwhid.sys  (File not found)
"catchme" (catchme) - ? - C:\DOKUME~1\jana\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"drvmcdb" (drvmcdb) - "Sonic Solutions" - C:\WINDOWS\System32\drivers\drvmcdb.sys
"drvnddm" (drvnddm) - "Sonic Solutions" - C:\WINDOWS\System32\drivers\drvnddm.sys
"GEAR ASPI Filter Driver" (GEARAspiWDM) - ? - C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys  (File not found)
"Huawei DataCard USB Modem and USB Serial" (hwdatacard) - ? - C:\WINDOWS\System32\DRIVERS\ewusbmdm.sys  (File not found)
"IBM PSA Access Driver" (psadd) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\system32\Drivers\psadd.sys
"ibmfilter" (ibmfilter) - "IBM" - C:\WINDOWS\system32\drivers\ibmfilter.sys
"IBMTPCHK" (IBMTPCHK) - ? - C:\WINDOWS\System32\drivers\IBMBLDID.SYS  (File found, but it contains no detailed information)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PMEM" (PMEM) - "Microsoft Corporation" - C:\WINDOWS\SYSTEM32\Drivers\PMEMNT.SYS
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"QCNDISIF" (QCNDISIF) - "IBM Corporation." - C:\WINDOWS\System32\drivers\qcndisif.SYS
"sdcplh" (sdcplh) - "Macrovision Europe Ltd" - C:\WINDOWS\System32\drivers\sdcplh.sys
"Smapint" (Smapint) - ? - C:\WINDOWS\System32\drivers\Smapint.sys  (File not found)
"sscdbhk5" (sscdbhk5) - "Sonic Solutions" - C:\WINDOWS\System32\drivers\sscdbhk5.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"ssrtln" (ssrtln) - "Sonic Solutions" - C:\WINDOWS\System32\drivers\ssrtln.sys
"TDSMAPI" (TDSMAPI) - ? - C:\WINDOWS\System32\drivers\TDSMAPI.SYS  (File found, but it contains no detailed information)
"tfsnboio" (tfsnboio) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsnboio.sys
"tfsncofs" (tfsncofs) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsncofs.sys
"tfsndrct" (tfsndrct) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsndrct.sys
"tfsndres" (tfsndres) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsndres.sys
"tfsnifs" (tfsnifs) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsnifs.sys
"tfsnopio" (tfsnopio) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsnopio.sys
"tfsnpool" (tfsnpool) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsnpool.sys
"tfsnudf" (tfsnudf) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsnudf.sys
"tfsnudfa" (tfsnudfa) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsnudfa.sys
"TPHKDRV" (TPHKDRV) - "IBM Corporation" - C:\WINDOWS\system32\drivers\TPHKDRV.sys
"TPPWR" (TPPWR) - "IBM Corp." - C:\WINDOWS\System32\drivers\Tppwr.sys
"TSMAPIP" (TSMAPIP) - ? - C:\WINDOWS\System32\drivers\TSMAPIP.SYS  (File found, but it contains no detailed information)
"Virtueller Bluetooth-Kommunikationstreiber" (BTDriver) - ? - C:\WINDOWS\System32\DRIVERS\btport.sys  (File not found)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
"WIDCOMM USB Bluetooth Driver" (BTWUSB) - ? - C:\WINDOWS\System32\Drivers\btwusb.sys  (File not found)
"WLAN Transport" (s24trans) - "Intel Corporation" - C:\WINDOWS\System32\DRIVERS\s24trans.sys

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{5CA3D70E-1895-11CF-8E15-001234567890} "DriveLetterAccess" - "Sonic Solutions" - C:\WINDOWS\system32\dla\tfswshx.dll
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll
{73B24247-042E-4EF5-ADC2-42F62E6FD654} "ICQ Lite Shell Extension" - ? -  (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -  (File not found | COM-object registry key not found)
{32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? -  (File not found | COM-object registry key not found)
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor" - ? -  (File not found | COM-object registry key not found)
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{DEE12703-6333-4D4E-8F34-738C4DCC2E04} "RecordNow! SendToExt" - ? - C:\Programme\IBM RecordNow!\shlext.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -  (File not found | COM-object registry key not found)
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -  (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? -  (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBarLayout" - ? -  (File not found | COM-object registry key not found)
<binary data> "{855F3B16-6D32-4FE6-8A56-BBB695989046}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} "Java Plug-in 1.4.1" - "IBM." - C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll / hxxp://java.sun.com/products/plugin/1.4.1/jinstall-141-win.cab
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.5.0_06" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -  (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "AcroIEHlprObj Class" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{5CA3D70E-1895-11CF-8E15-001234567890} "DriveLetterAccess" - "Sonic Solutions" - C:\WINDOWS\system32\dla\tfswshx.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{FC4FAA08-82BE-48A5-921F-1C50AFBA82E0} "{FC4FAA08-82BE-48A5-921F-1C50AFBA82E0}" - ? - C:\WINDOWS\system32\hnetcfgd.dll  (File not found)

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Notification packages" - ? - C:\WINDOWS\system32\pwdmon.dll  (File found, but it contains no detailed information)

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"Adobe Reader - Schnellstart.lnk" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"Digital Line Detect.lnk" - "BVRP Software" - C:\Program Files\Digital Line Detect\DLG.exe  (Shortcut exists | File exists)
"HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe  (Shortcut exists | File exists)
"HP Image Zone Schnellstart.lnk" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe  (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\jana\Startmenü\Programme\Autostart\desktop.ini
"OpenOffice.org 3.2.lnk" - ? - C:\Programme\OpenOffice.org 3\program\quickstart.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"ibmmessages" - "IBM" - C:\Programme\IBM\Messages By IBM\ibmmessages.exe
"Sony Ericsson PC Suite" - "Sony Ericsson Mobile Communications AB" - "C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"BMMGAG" - "IBM Corp." - RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
"BMMLREF" - ? - C:\Programme\ThinkPad\Utilities\BMMLREF.EXE  (File found, but it contains no detailed information)
"BMMMONWND" - "IBM Corp." - rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
"dla" - "Sonic Solutions" - C:\WINDOWS\system32\dla\tfswctrl.exe
"EZEJMNAP" - "IBM Corp." - C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
"HP Software Update" - "Hewlett-Packard Company" - "C:\Programme\HP\HP Software Update\HPWuSchd2.exe"
"ibmmessages" - "IBM" - C:\Programme\IBM\Messages By IBM\\ibmmessages.exe
"IBMPRC" - "IBM Corp." - C:\IBMTOOLS\UTILS\ibmprc.exe
"QCWLICON" - "IBM Corp." - C:\Programme\ThinkPad\ConnectUtilities\QCWLICON.EXE
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
"TP4EX" - "IBM Corporation" - tp4ex.exe
"TPHOTKEY" - ? - C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe  (File found, but it contains no detailed information)
"TPKMAPHELPER" - "IBM Corp." - C:\Programme\ThinkPad\Utilities\TpKmapAp.exe -helper
"UC_Start" - ? - C:\Programme\IBM\Updater\\ucstartup.exe  (File found, but it contains no detailed information)

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"CutePDF Writer Monitor" - ? - C:\WINDOWS\system32\cpwmon2k.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"EvtEng" (EvtEng) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
"Google Software Updater" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"IBM KCU Service" (TpKmpSVC) - ? - C:\WINDOWS\system32\TpKmpSVC.exe  (File found, but it contains no detailed information)
"IBM PM Service" (IBMPMSVC) - ? - C:\WINDOWS\System32\ibmpmsvc.exe  (File signed by Microsoft | File found, but it contains no detailed information)
"IBM PSA Access Driver Control" (PsaSrv) - ? - C:\WINDOWS\system32\PsaSrv.exe  (File not found)
"IBM Rapid Restore Ultra Service" (IBM Rapid Restore Ultra Service) - ? - C:\Programme\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"PEVSystemStart" (PEVSystemStart) - ? - C:\cofi\PEV.cfxxe  (File found, but it contains no detailed information)
"Pml Driver HPZ12" (Pml Driver HPZ12) - "HP" - C:\WINDOWS\system32\HPZipm12.exe
"QCONSVC" (QCONSVC) - "IBM Corp." - C:\WINDOWS\System32\QCONSVC.EXE
"RegSrvc" (RegSrvc) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
"Sony Ericsson OMSI download service" (OMSI download service) - ? - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe  (File found, but it contains no detailed information)
"Spectrum24 Event Monitor" (S24EventMonitor) - "Intel Corporation " - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"QConGina" - "IBM Corp." - C:\WINDOWS\system32\QConGina.dll
"tphotkey" - ? - C:\WINDOWS\system32\tphklock.dll  (File found, but it contains no detailed information)

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru[/HTML]

MBR-Check:

HTML-Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:                       
Windows Version:                Windows XP Home Edition
Windows Information:                Service Pack 2 (build 2600)
Logical Drives Mask:                0x00000004

Kernel Drivers (total 138):
  0x804D7000 \WINDOWS\system32\ntoskrnl.exe
  0x806ED000 \WINDOWS\system32\hal.dll
  0xF8A43000 \WINDOWS\system32\KDCOM.DLL
  0xF8953000 \WINDOWS\system32\BOOTVID.dll
  0xF84F3000 ACPI.sys
  0xF8A45000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
  0xF84E2000 pci.sys
  0xF8543000 isapnp.sys
  0xF8957000 compbatt.sys
  0xF895B000 \WINDOWS\System32\DRIVERS\BATTC.SYS
  0xF8B0B000 pciide.sys
  0xF87C3000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
  0xF84C4000 pcmcia.sys
  0xF8553000 MountMgr.sys
  0xF84A5000 ftdisk.sys
  0xF895F000 ACPIEC.sys
  0xF8B0C000 \WINDOWS\System32\DRIVERS\OPRGHDLR.SYS
  0xF87CB000 PartMgr.sys
  0xF8563000 VolSnap.sys
  0xF848D000 atapi.sys
  0xF8573000 disk.sys
  0xF8583000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
  0xF846D000 fltmgr.sys
  0xF845B000 sr.sys
  0xF8593000 PxHelp20.sys
  0xF8446000 drvmcdb.sys
  0xF842F000 KSecDD.sys
  0xF841C000 WudfPf.sys
  0xF838F000 Ntfs.sys
  0xF8362000 NDIS.sys
  0xF8347000 Mup.sys
  0xF8603000 \SystemRoot\System32\DRIVERS\intelppm.sys
  0xF823D000 \SystemRoot\System32\DRIVERS\ialmnt5.sys
  0xF8229000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
  0xF8873000 \SystemRoot\System32\DRIVERS\usbuhci.sys
  0xF8206000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
  0xF887B000 \SystemRoot\System32\DRIVERS\usbehci.sys
  0xF81E2000 \SystemRoot\System32\DRIVERS\e100b325.sys
  0xF8613000 \SystemRoot\System32\DRIVERS\i8042prt.sys
  0xF8883000 \SystemRoot\System32\DRIVERS\kbdclass.sys
  0xF8A1B000 \SystemRoot\System32\DRIVERS\tp4track.sys
  0xF888B000 \SystemRoot\System32\DRIVERS\mouclass.sys
  0xF81CE000 \SystemRoot\System32\DRIVERS\parport.sys
  0xF8A1F000 \SystemRoot\System32\DRIVERS\CmBatt.sys
  0xF8893000 \SystemRoot\System32\DRIVERS\ibmpmdrv.sys
  0xF8A73000 \SystemRoot\system32\drivers\sscdbhk5.sys
  0xF81AB000 \SystemRoot\System32\DRIVERS\ks.sys
  0xF8169000 \SystemRoot\system32\drivers\smwdm.sys
  0xF8145000 \SystemRoot\system32\drivers\portcls.sys
  0xF8653000 \SystemRoot\system32\drivers\drmk.sys
  0xF8129000 \SystemRoot\system32\drivers\aeaudio.sys
  0xF80F8000 \SystemRoot\system32\DRIVERS\HSFHWICH.sys
  0xF7FF9000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
  0xF7F53000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
  0xF889B000 \SystemRoot\System32\Drivers\Modem.SYS
  0xF8C3C000 \SystemRoot\System32\DRIVERS\audstub.sys
  0xF8663000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
  0xF8A23000 \SystemRoot\System32\DRIVERS\ndistapi.sys
  0xF7F3C000 \SystemRoot\System32\DRIVERS\ndiswan.sys
  0xF8673000 \SystemRoot\System32\DRIVERS\raspppoe.sys
  0xF8683000 \SystemRoot\System32\DRIVERS\raspptp.sys
  0xF88A3000 \SystemRoot\System32\DRIVERS\TDI.SYS
  0xF7F2B000 \SystemRoot\System32\DRIVERS\psched.sys
  0xF8693000 \SystemRoot\System32\DRIVERS\msgpc.sys
  0xF88AB000 \SystemRoot\System32\DRIVERS\ptilink.sys
  0xF88B3000 \SystemRoot\System32\DRIVERS\raspti.sys
  0xF86A3000 \SystemRoot\System32\DRIVERS\termdd.sys
  0xF8A75000 \SystemRoot\System32\DRIVERS\swenum.sys
  0xF7ED2000 \SystemRoot\System32\DRIVERS\update.sys
  0xF8A33000 \SystemRoot\System32\DRIVERS\mssmbios.sys
  0xF86E3000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0xF85C3000 \SystemRoot\System32\DRIVERS\usbhub.sys
  0xF8A85000 \SystemRoot\System32\DRIVERS\USBD.SYS
  0xF8AAD000 \SystemRoot\System32\Drivers\i2omgmt.SYS
  0xF8AAF000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0xF8B7A000 \SystemRoot\System32\Drivers\Null.SYS
  0xF8AB1000 \SystemRoot\System32\Drivers\Beep.SYS
  0xF88EB000 \SystemRoot\system32\drivers\ssrtln.sys
  0xF88F3000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0xF88FB000 \SystemRoot\System32\drivers\vga.sys
  0xF8AB3000 \SystemRoot\System32\Drivers\mnmdd.SYS
  0xF8AB5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0xF8903000 \SystemRoot\System32\Drivers\Msfs.SYS
  0xF8913000 \SystemRoot\System32\Drivers\Npfs.SYS
  0xF7E88000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0xEFB89000 \SystemRoot\System32\DRIVERS\ipsec.sys
  0xEFB31000 \SystemRoot\System32\DRIVERS\tcpip.sys
  0xEFB09000 \SystemRoot\System32\DRIVERS\netbt.sys
  0xEFAE7000 \SystemRoot\System32\drivers\afd.sys
  0xEFC3C000 \SystemRoot\System32\DRIVERS\netbios.sys
  0xF8923000 \SystemRoot\System32\drivers\TSMAPIP.SYS
  0xF892B000 \SystemRoot\System32\drivers\Tppwr.sys
  0xF7E84000 \SystemRoot\System32\Drivers\TPHKDRV.SYS
  0xF8933000 \SystemRoot\System32\drivers\TDSMAPI.SYS
  0xF8943000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0xEFC0C000 \SystemRoot\System32\drivers\sdcplh.sys
  0xEFA9C000 \SystemRoot\System32\DRIVERS\rdbss.sys
  0xEFA2D000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
  0xF8BCD000 \SystemRoot\System32\drivers\IBMBLDID.SYS
  0xEFBEC000 \SystemRoot\System32\Drivers\Fips.SYS
  0xEFA0C000 \SystemRoot\System32\DRIVERS\ipnat.sys
  0xEFBDC000 \SystemRoot\System32\DRIVERS\wanarp.sys
  0xF82F2000 \SystemRoot\System32\drivers\ANC.SYS
  0xEF9CC000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0xF8ABB000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
  0xBF800000 \SystemRoot\System32\win32k.sys
  0xF8A3F000 \SystemRoot\System32\drivers\Dxapi.sys
  0xF8803000 \SystemRoot\System32\watchdog.sys
  0xBF000000 \SystemRoot\System32\drivers\dxg.sys
  0xF8C37000 \SystemRoot\System32\drivers\dxgthk.sys
  0xBF020000 \SystemRoot\System32\ialmdnt5.dll
  0xBF012000 \SystemRoot\System32\ialmrnt5.dll
  0xBF03E000 \SystemRoot\System32\ialmdev5.DLL
  0xBF063000 \SystemRoot\System32\ialmdd5.DLL
  0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
  0xF8643000 \SystemRoot\system32\drivers\drvnddm.sys
  0xF8C53000 \SystemRoot\system32\dla\tfsndres.sys
  0xEF93E000 \SystemRoot\system32\dla\tfsnifs.sys
  0xEF9A4000 \SystemRoot\system32\dla\tfsnopio.sys
  0xF8AF5000 \SystemRoot\system32\dla\tfsnpool.sys
  0xF8843000 \SystemRoot\system32\dla\tfsnboio.sys
  0xF8713000 \SystemRoot\system32\dla\tfsncofs.sys
  0xF8B85000 \SystemRoot\system32\dla\tfsndrct.sys
  0xEF8FD000 \SystemRoot\system32\dla\tfsnudf.sys
  0xEF8E4000 \SystemRoot\system32\dla\tfsnudfa.sys
  0xEF8C4000 \SystemRoot\system32\DRIVERS\AegisP.sys
  0xEF818000 \SystemRoot\system32\DRIVERS\s24trans.sys
  0xEF7DC000 \SystemRoot\System32\DRIVERS\ndisuio.sys
  0xEF570000 \SystemRoot\System32\DRIVERS\mrxdav.sys
  0xF85B3000 \??\C:\WINDOWS\system32\drivers\ibmfilter.sys
  0xEF68C000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
  0xEF429000 \SystemRoot\System32\DRIVERS\srv.sys
  0xEF414000 \SystemRoot\system32\drivers\wdmaud.sys
  0xEF78C000 \SystemRoot\system32\drivers\sysaudio.sys
  0xF8A9B000 \??\C:\WINDOWS\SYSTEM32\Drivers\PMEMNT.SYS
  0xEEDB5000 \SystemRoot\System32\Drivers\HTTP.sys
  0xEE5EA000 \SystemRoot\system32\DRIVERS\w29n51.sys
  0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 58):
      0 System Idle Process
      4 System
    588 C:\WINDOWS\system32\smss.exe
    652 csrss.exe
    676 C:\WINDOWS\system32\winlogon.exe
    720 C:\WINDOWS\system32\services.exe
    732 C:\WINDOWS\system32\lsass.exe
    884 C:\WINDOWS\system32\ibmpmsvc.exe
    936 C:\WINDOWS\system32\svchost.exe
    1020 svchost.exe
    1060 C:\WINDOWS\system32\svchost.exe
    1148 C:\WINDOWS\system32\svchost.exe
    1264 C:\WINDOWS\explorer.exe
    1312 C:\Programme\Intel\Wireless\Bin\EvtEng.exe
    1348 C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
    1468 svchost.exe
    1504 svchost.exe
    1616 C:\WINDOWS\system32\spoolsv.exe
    1700 svchost.exe
    1780 C:\Programme\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
    1804 C:\Programme\Java\jre6\bin\jqs.exe
    1844 C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
    1976 C:\WINDOWS\system32\QCONSVC.EXE
    2024 C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
    204 C:\WINDOWS\system32\svchost.exe
    224 C:\WINDOWS\system32\TpKmpSvc.exe
    1464 alg.exe
    1580 C:\WINDOWS\system32\tp4serv.exe
    840 C:\WINDOWS\system32\igfxtray.exe
    1668 C:\WINDOWS\system32\hkcmd.exe
    1748 C:\Programme\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
    1876 C:\Programme\ThinkPad\Utilities\EzEjMnAp.Exe
    1940 C:\WINDOWS\system32\dla\tfswctrl.exe
    2064 C:\Programme\IBM\Messages By IBM\ibmmessages.exe
    2072 C:\Programme\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
    2080 C:\Programme\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
    2100 C:\IBMTOOLS\utils\ibmprc.exe
    2108 C:\Programme\ThinkPad\ConnectUtilities\QCWLICON.EXE
    2120 C:\WINDOWS\system32\rundll32.exe
    2140 C:\WINDOWS\system32\rundll32.exe
    2160 C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
    2172 C:\Programme\HP\HP Software Update\hpwuSchd2.exe
    2200 C:\WINDOWS\PLF1330.exe
    2216 C:\WINDOWS\vspc1330.exe
    2224 C:\WINDOWS\system32\ctfmon.exe
    2264 C:\Programme\Messenger\msmsgs.exe
    2276 C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
    2300 C:\Program Files\Digital Line Detect\DLG.exe
    2308 C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
    2360 C:\Programme\OpenOffice.org 3\program\soffice.exe
    2384 C:\Programme\OpenOffice.org 3\program\soffice.bin
    2468 C:\Programme\HP\Digital Imaging\bin\hpqgalry.exe
    2956 C:\WINDOWS\system32\svchost.exe
    3340 C:\WINDOWS\system32\wbem\wmiapsrv.exe
    3892 C:\WINDOWS\system32\wuauclt.exe
    4036 C:\Programme\Mozilla Firefox\firefox.exe
    2968 C:\Programme\Mozilla Firefox\plugin-container.exe
    956 C:\Dokumente und Einstellungen\jana\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)

PhysicalDrive0 Model Number: HTS541040G9AT00, Rev: MB2IA60A

      Size  Device Name          MBR Status
  --------------------------------------------
    37 GB  \\.\PhysicalDrive0  Unknown MBR code
            SHA1: 4CB77BF3DF157474F23ACD82E8A7F18962B35CA1


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:25 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28