Suche Hilfe um Trojaner zu finden

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:50:13, on 09.01.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Programme\Juniper Networks\Common Files\dsNcService.exe
C:\Programme\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Canon\IJPLM\IJPLMSVC.EXE
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Programme\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
c:\programme\lenovo\system update\suservice.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Programme\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
C:\Programme\Lenovo\Zoom\TpScrex.exe
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
C:\Programme\IBM ThinkVantage\Client Security Solution\cssauth.exe
C:\Programme\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe
C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe
C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Programme\StickyPad\StickyPad.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\PPStream\ppsap.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programme\IBM ThinkVantage\Client Security Solution\pwmgr.exe
C:\Programme\TrueCrypt\TrueCrypt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.christiantoday.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dsl-start.computerbild.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://go.gmx.net/suchbox/gmxsuche?su=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lenovo.com/de/de
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: WEB.DE Browser Configuration by mquadr.at - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\WINDOWS\system32\ieconfig_1und1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Programme\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] c:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe -start
O4 - HKLM\..\Run: [cssauth] C:\Programme\IBM ThinkVantage\Client Security Solution\cssauth.exe silent
O4 - HKLM\..\Run: [PDService.exe] C:\Programme\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
O4 - HKLM\..\Run: [DiskeeperSystray] C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe
O4 - HKLM\..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [QuickTime Task] C:\Programme\QuickTime\qttask.exe -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe /min
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe -osboot
O4 - HKCU\..\Run: [Sticky Pad] C:\Programme\StickyPad\StickyPad.exe
O4 - HKCU\..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0 -reboot 1
O4 - HKCU\..\Run: [PPS Accelerator] C:\Programme\PPStream\ppsap.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User->SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User->Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra->Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: ThinkPad-Software - Aktualisierung - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Programme\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra->Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra->Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/de/de
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1218029111640
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://ssl.cms.hu-berlin.de/dana-cached/setup/JuniperSetupSP1.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Programme\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Programme\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: IPS-Basisservice (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\programme\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Programme\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Programme\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe

--
End of file - 14321 bytes

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5488

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

09.01.2011 17:36:14
mbam-log-2011-01-09 (17-36-14).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|H:\|)
Durchsuchte Objekte: 236157
Laufzeit: 1 Stunde(n), 2 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 6
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B} (Adware.Alexa) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAX5-90401C608512} (Backdoor.IRCBot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CEFF6CD-6F08-4E4D-BCCD-FF7415288C3B} (Adware.Alexa) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F1FABE79-25FC-46DE-8C5A-2C6DB9D64333} (Adware.Alexa) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F1FABE79-25FC-46DE-8C5A-2C6DB9D64333} (Adware.Alexa) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CEFF6CD-6F08-4E4D-BCCD-FF7415288C3B} (Adware.Alexa) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\system volume information\_restore{017226fb-c5fe-4999-80eb-e41b3bda380b}\RP615\A0082412.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:08:28, on 10.01.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Programme\Juniper Networks\Common Files\dsNcService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Avira\AntiVir Desktop\avshadow.exe
C:\Programme\Canon\IJPLM\IJPLMSVC.EXE
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Programme\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
c:\programme\lenovo\system update\suservice.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Programme\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
C:\Programme\IBM ThinkVantage\Client Security Solution\cssauth.exe
C:\Programme\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\Programme\Lenovo\Zoom\TpScrex.exe
C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe
C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Programme\StickyPad\StickyPad.exe
C:\Programme\PPStream\ppsap.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programme\IBM ThinkVantage\Client Security Solution\pwmgr.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\TrueCrypt\TrueCrypt.exe
C:\Programme\Mozilla Firefox\plugin-container.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programme\Trend Micro\HijackThis\HiJackThis.exe
C:\Programme\Skype\Toolbars\Shared\SkypeNames2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.christiantoday.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dsl-start.computerbild.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://go.gmx.net/suchbox/gmxsuche?su=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lenovo.com/de/de
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: WEB.DE Browser Configuration by mquadr.at - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\WINDOWS\system32\ieconfig_1und1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Programme\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] c:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe -start
O4 - HKLM\..\Run: [cssauth] C:\Programme\IBM ThinkVantage\Client Security Solution\cssauth.exe silent
O4 - HKLM\..\Run: [PDService.exe] C:\Programme\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
O4 - HKLM\..\Run: [DiskeeperSystray] C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe
O4 - HKLM\..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [QuickTime Task] C:\Programme\QuickTime\qttask.exe -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe /min
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe -osboot
O4 - HKCU\..\Run: [Sticky Pad] C:\Programme\StickyPad\StickyPad.exe
O4 - HKCU\..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0 -reboot 1
O4 - HKCU\..\Run: [PPS Accelerator] C:\Programme\PPStream\ppsap.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User->SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User->Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra->Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: ThinkPad-Software - Aktualisierung - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Programme\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra->Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra->Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/de/de
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1218029111640
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://ssl.cms.hu-berlin.de/dana-cached/setup/JuniperSetupSP1.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Programme\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Programme\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: IPS-Basisservice (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\programme\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Programme\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Programme\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe

--
End of file - 14903 bytes

495b26d8.qua\data001;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\495b26d8.qua;Adware.Howbao.25;;
495b26d8.qua;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED;Container enthält infizierte Objekte;Verschoben.;
4b899741.qua\data001;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4b899741.qua;Trojan.Siggen.50210;;
4b899741.qua;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED;Container enthält infizierte Objekte;Verschoben.;
4bb17bf1.qua\data001;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4bb17bf1.qua;Trojan.Siggen.50210;;
4bb17bf1.qua;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED;Container enthält infizierte Objekte;Verschoben.;
4bbb9746.qua\data001;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4bbb9746.qua;Trojan.Packed.19647;;
4bbb9746.qua;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED;Container enthält infizierte Objekte;Verschoben.;
4bbd9741.qua\data001;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4bbd9741.qua;Trojan.AuxSpy.144;;
4bbd9741.qua;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED;Container enthält infizierte Objekte;Verschoben.;
4bc4977f.qua\data001;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4bc4977f.qua;Trojan.Packed.19647;;
4bc4977f.qua;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED;Container enthält infizierte Objekte;Verschoben.;
4bc89780.qua\data001;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4bc89780.qua;Trojan.Packed.19647;;
4bc89780.qua;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED;Container enthält infizierte Objekte;Verschoben.;
4bcb9778.qua\data001;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4bcb9778.qua;Trojan.Packed.19647;;
4bcb9778.qua;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED;Container enthält infizierte Objekte;Verschoben.;
4bcb9779.qua\data001;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4bcb9779.qua;Trojan.Packed.19647;;
4bcb9779.qua;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED;Container enthält infizierte Objekte;Verschoben.;
4bcb977b.qua\data001;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4bcb977b.qua;Trojan.Packed.19647;;
4bcb977b.qua;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED;Container enthält infizierte Objekte;Verschoben.;
4bce097c.qua\data001;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4bce097c.qua;Trojan.Siggen1.51156;;
4bce097c.qua;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED;Container enthält infizierte Objekte;Verschoben.;
4f10e97a.qua\data001;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4f10e97a.qua;Trojan.Siggen.50210;;
4f10e97a.qua;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED;Container enthält infizierte Objekte;Verschoben.;
4f46b862.qua\data001;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4f46b862.qua;Trojan.Siggen.50210;;
4f46b862.qua;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED;Container enthält infizierte Objekte;Verschoben.;
4f48a8d2.qua\data001;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4f48a8d2.qua;Trojan.Siggen.50210;;
4f48a8d2.qua;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED;Container enthält infizierte Objekte;Verschoben.;
4f49b0aa.qua\data001;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4f49b0aa.qua;Trojan.Siggen.50210;;
4f49b0aa.qua;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED;Container enthält infizierte Objekte;Verschoben.;
Firefox 3.0 WEB.DE-Edition.msi/stream001\data009;C:\Downloads\Firefox 3.0 WEB.DE-Edition.msi/stream001;Tool.Prockill;;
stream001;C:\Downloads;Container enthält infizierte Objekte;;
Firefox 3.0 WEB.DE-Edition.msi;C:\Downloads;Container enthält infizierte Objekte;Verschoben.;
Process.exe;C:\SDFix\SDFix\apps;Tool.Killproc.3;;
A0082616.msi/stream001\data009;C:\System Volume Information\_restore{017226FB-C5FE-4999-80EB-E41B3BDA380B}\RP620\A0082616.msi/stream001;Tool.Prockill;;
stream001;C:\System Volume Information\_restore{017226FB-C5FE-4999-80EB-E41B3BDA380B}\RP620;Container enthält infizierte Objekte;;
A0082616.msi;C:\System Volume Information\_restore{017226FB-C5FE-4999-80EB-E41B3BDA380B}\RP620;Container enthält infizierte Objekte;Verschoben.;

OTL Extras logfile created on: 11.01.2011 19:45:46 - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Dokumente und Einstellungen\Andrea\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 58,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 51,15 Gb Total Space | 15,11 Gb Free Space | 29,55% Space Free | Partition Type: NTFS
Drive H: | 598,81 Mb Total Space | 282,74 Mb Free Space | 47,22% Space Free | Partition Type: FAT32

Computer Name: LENOVO-99D19D6A | User Name: Andrea | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- %1 %*
cmdfile [open] -- %1 %*
comfile [open] -- %1 %*
exefile [open] -- %1 %*
htmlfile [edit] -- C:\Programme\Microsoft Office\Office\msohtmed.exe %1 (Microsoft Corporation)
htmlfile [print] -- C:\Programme\Microsoft Office\Office\msohtmed.exe /p %1 (Microsoft Corporation)
piffile [open] -- %1 %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- %1
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- %1 /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled = 1
AntiVirusDisableNotify = 0
UpdatesDisableNotify = 0
AntiVirusOverride = 0
FirewallOverride = 0
FirewallDisableNotify = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
DisableMonitoring = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
DisableSR = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
Start = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
Start = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
1900:UDP = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
2869:TCP = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
10243:TCP = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
10280:UDP = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
10281:UDP = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
10282:UDP = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
10283:UDP = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
10284:UDP = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
1900:UDP = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
2869:TCP = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
10243:TCP = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
10280:UDP = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
10281:UDP = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
10282:UDP = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
10283:UDP = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
10284:UDP = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
C:\Programme\ThinkVantage\SystemUpdate\jre\bin\javaw.exe = C:\Programme\ThinkVantage\SystemUpdate\jre\bin\javaw.exe:*:Enabled:ThinkVantage System Update -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Programme\IM\IM.exe = C:\Programme\IM\IM.exe:*:Enabled:SoapBox -- ()
C:\Programme\PPStream\PPStream.exe = C:\Programme\PPStream\PPStream.exe:*:EnabledPSÍøÂçµçÊÓ -- (PPStream Inc.)
C:\Programme\PPStream\PPSAP.exe = C:\Programme\PPStream\PPSAP.exe:*:EnabledPS ÍøÂç¼ÓËÙÆ÷ -- (PPStream Inc)
C:\Programme\iTunes\iTunes.exe = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
C:\Programme\Olivet University\Olivet24\Olivet24.exe = C:\Programme\Olivet University\Olivet24\Olivet24.exe:*:Enabled:Olivet. -- File not found
C:\Programme\Mozilla Firefox\firefox.exe = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
C:\Program Files\Real\RealPlayer\realplay.exe = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
C:\Programme\Gemeinsame Dateien\Thunder Network\DS\Ver1\1.0.2.21\ThunderService.exe = C:\Programme\Gemeinsame Dateien\Thunder Network\DS\Ver1\1.0.2.21\ThunderService.exe:*:Enabled:ThunderService.exe -- (深圳市迅雷网络技术有限公司)
C:\Programme\Gemeinsame Dateien\Thunder Network\DS\Ver1\1.0.2.21\ThunderLiveUD.exe = C:\Programme\Gemeinsame Dateien\Thunder Network\DS\Ver1\1.0.2.21\ThunderLiveUD.exe:*:Enabled:ThunderLiveUD.exe -- (Thunder Networking Technologies,LTD)
C:\Programme\Gemeinsame Dateien\Thunder Network\DS\Ver1\1.0.2.21\XLBugReport.exe = C:\Programme\Gemeinsame Dateien\Thunder Network\DS\Ver1\1.0.2.21\XLBugReport.exe:*:Enabled:XLBugReport.exe -- ()
C:\Programme\Thunder Network\Xmp\xmp.exe = C:\Programme\Thunder Network\Xmp\xmp.exe:*:Enabled:??????? -- (Thunder Networking Technologies,LTD)
C:\Programme\Thunder Network\Xmp\ThunderLiveUD.exe = C:\Programme\Thunder Network\Xmp\ThunderLiveUD.exe:*:Enabled:ThunderLiveUD -- (Thunder Networking Technologies,LTD)
C:\WINDOWS\explorer.exe = C:\WINDOWS\explorer.exe:*isabled:Windows Explorer -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
{00000407-78E1-11D2-B60F-006097C998E7} = Microsoft Office 2000 Premium
{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
{055EE59D-217B-43A7-ABFF-507B966405D8} = ATI Catalyst Control Center
{062831CB-A028-FA27-482B-35B935569892} = CCC Help Spanish
{075473F5-846A-448B-BCB3-104AA1760205} = RecordNow Data
{0940BBAB-2C46-E877-69CE-1A1B8100C6F3} = Catalyst Control Center Localization Japanese
{09672BC4-148F-3FCC-E1A9-A019453D9A4A} = CCC Help Chinese Standard
{0F03AD68-3716-DC9C-45E3-72B519D0B64E} = CCC Help Dutch
{1007F41F-7D69-468E-8017-3849A5A973C2} = ThinkVantage Technologies Welcome Message
{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP540_series = Canon MP540 series MP Drivers
{1206EF92-2E83-4859-ACCB-2048C3CB7DA6} = Sonic DLA
{1297C681-92D7-40EF-93BF-03F66EC5105C} = ThinkPad-Dienstprogramm->EasyEject'
{1ED554BA-058A-9664-2BA8-F6F2A68DE15E} = Catalyst Control Center Localization Swedish
{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
{2111B23F-7FDA-4A41-8309-E5A1663CA296} = Dienstprogramm->ThinkPad-Tastaturanpassung'
{2180B16E-47BC-456F-9BE5-1C13B7A01232} = HotSpot Manager
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = Google Toolbar for Internet Explorer
{23FB368F-1399-4EAC-817C-4B83ECBE3D83} = mProSafe
{26A24AE4-039D-4CA4-87B4-2F83216011FF} = Java(TM) 6 Update 23
{28C2DED6-325B-4CC7-983A-1777C8F7FBAB} = RealUpgrade 1.1
{2E64DF28-426C-9E02-8295-485AB959225C} = Catalyst Control Center Localization Spanish
{30465B6C-B53F-49A1-9EBA-A3F187AD502E} = Sonic Update Manager
{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227} = WebFldrs XP
{35431808-8D7E-345D-127B-BFC92CAA2352} = CCC Help English
{372853A4-796F-7042-4B26-AB2F8D780136} = CCC Help Japanese
{3AEF318B-5987-09AF-949A-3D42837684D8} = Catalyst Control Center Localization Italian
{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66} = ATI HYDRAVISION
{45A66726-69BC-466B-A7A4-12FCBA4883D7} = HiJackThis
{46CD7295-6B85-E6D1-9774-0C584F6497CB} = Catalyst Control Center Graphics Full Existing
{4A03706F-666A-4037-7777-5F2748764D10} = Java Auto Updater
{4AC3BEAD-0906-4676-BF85-12306330A66C} = StickyPad
{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA} = Nero StartSmart OEM
{56C049BE-79E9-4502-BEA7-9754A3E60F9B} = neroxml
{5f263610-b7b5-4740-a397-5cd380c05e4a} = Nero 9 Essentials
{66463B76-A188-C603-BF2F-AF6088F18012} = CCC Help Italian
{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA} = Sonic Express Labeler
{679DEB4F-FCC2-F5D7-2F23-EDF82D2CB76A} = Catalyst Control Center Localization Korean
{6956856F-B6B3-4BE0-BA0B-8F495BE32033} = Apple Software Update
{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} = Windows Media Player Firefox Plugin
{72806716-7088-41B2-8FA6-717A2A164DAB} = ThinkVantage System für aktiven Festplattenschutz
{7299052b-02a4-4627-81f2-1818da5d550d} = Microsoft Visual C++ 2005 Redistributable
{7596AEAB-2884-E87D-FD0B-BB02763998FB} = ccc-utility
{770657D0-A123-3C07-8E44-1C83EC895118} = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
{7748ac8c-18e3-43bb-959b-088faea16fb2} = Nero StartSmart
{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA} = RealNetworks - Microsoft Visual C++ 2008 Runtime
{795B7252-3FA5-20CA-D039-8E62DC590A10} = Catalyst Control Center Graphics Light
{7A62B557-7A4F-CDB1-F6E5-E7AB5625ED16} = ccc-core-preinstall
{7EB114D8-207F-45AE-BABD-1669715F2630} = ThinkVantage Access Connections
{82512BC9-BD5D-4C50-BE4D-B98E7DF78687} = ThinkPad-UltraNav-Assistent
{83E1D91E-6B79-8850-7CBB-3098BDD1D4C7} = CCC Help Korean
{83FEAEA2-0BAE-1E00-7264-C88A1BD55CE8} = Catalyst Control Center Localization French
{8675339C-128C-44DD-83BF-0A5D6ABD8297} = System Update
{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959} = Bonjour
{8A59CF7D-58AB-A28D-F02D-8473A4431A28} = Skins
{8B928BA1-EDEC-4227-A2DA-DD83026C36F5} = mPfMgr
{8DC42D05-680B-41B0-8878-6C14D24602DB} = QuickTime
{91810AFC-A4F8-4EBA-A5AA-B198BBC81144} = InterVideo WinDVD
{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6} = Apple Mobile Device Support
{981029E0-7FC9-4CF3-AB39-6F133621921A} = Skype Toolbars
{986F64DC-FF15-449D-998F-EE3BCEC6666A} = Help Center
{9A25302D-30C0-39D9-BD6F-21E6EC160475} = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
{9CC89556-3578-48DD-8408-04E66EBEF401} = mXML
{9FCE66F0-EE03-43BD-916E-66EDF0DBC18C} = Catalyst Control Center - Branding
{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016} = ThinkPad Energie-Manager
{A0F925BF-5C55-44C2-A4E7-5A4C59791C29} = mDriver
{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} = Microsoft .NET Framework 3.0 Service Pack 2
{A398B998-D540-A3D0-A35B-84A5549E1C5B} = CCC Help Swedish
{A5E81ECB-C322-35EF-E9B9-2CFE17BB1A28} = CCC Help German
{AB708C9B-97C8-4AC9-899B-DBF226AC9382} = RecordNow Audio
{ABAD4282-5D79-93D6-5687-5657BC74DC51} = Catalyst Control Center Localization German
{AC76BA86-7AD7-1031-7B44-A71000000002} = Adobe Reader 7.1.0 - Deutsch
{ADB68E57-C344-3C48-10B1-51B5959F4EA3} = Catalyst Control Center Core Implementation
{ADFAA190-E063-EB64-42A6-C5E8A1DA0A79} = Catalyst Control Center Localization Dutch
{AEA7DB99-E310-741E-D005-02BDF09E5AB3} = CCC Help Portuguese
{AEBDAEFE-DE1E-8622-C8DC-B7F8008E1925} = CCC Help French
{B12665F4-4E93-4AB4-B7FC-37053B524629} = RecordNow Copy
{b2ec4a38-b545-4a00-8214-13fe0e915e6d} = Advertising Center
{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a} = Nero ControlCenter
{BF90215F-2D7B-4C84-8A24-A03BC41B95DD} = Rescue and Recovery - Client Security Solution
{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} = Microsoft .NET Framework 2.0 Service Pack 2
{C5243A59-B2DD-EC07-23D2-D9CD9689B193} = Catalyst Control Center Graphics Full New
{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4} = XP Themes
{C6FA39A7-26B1-480A-BC74-6D17531AC222} = Access Help
{C73D0E75-D147-CD6B-29F2-C5A1C8C6579C} = ccc-core-static
{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} = Microsoft .NET Framework 1.1
{CDBFC424-DD00-497F-9BDC-4E4178332336} = ThinkVantage Fingerprint Software 5.4
{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} = Microsoft .NET Framework 3.5 SP1
{CF5737AF-8550-4546-A69B-0EA9EF5A9B55} = ThinkVantage Productivity Center
{D103C4BA-F905-437A-8049-DB24763BBE36} = Skype™ 4.2
{D52140C4-3CBD-1ED0-1CAA-7C4EAF5F75E1} = Catalyst Control Center Localization Chinese Standard
{D728E945-256D-4477-B377-6BBA693714AC} = Ergänzung zu Productivity Center für ThinkPad
{D8482C8C-B0D9-EAF3-43DC-9770D3C7DB88} = Catalyst Control Center Localization Chinese Traditional
{dba84796-8503-4ff0-af57-1747dd9a166d} = Nero Online Upgrade
{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843} = iTunes
{DDFC5759-D6BC-FE35-D423-EE93B562B2CD} = CCC Help Chinese Traditional
{E5072660-B723-422B-BB74-EAA300BF716B} = System Migration Assistant
{E78BFA60-5393-4C38-82AB-E8019E464EB4} = Microsoft .NET Framework 1.1 German Language Pack
{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4} = Message Center
{E81667C6-2856-46D6-ABEA-6A2F42166779} = mCore
{e8a80433-302b-4ff1-815d-fcc8eac482ff} = Nero Installer
{E922961C-6DB6-41DE-9FEA-426DF3E9F81C} = IBM 32-bit Runtime Environment for Java 2, v1.4.2
{EA664480-3844-11D5-8C25-444553540000} = Funktion TrackPoint-Eingabehilfen
{EFB21DE7-8C19-4A88-BB28-A766E16493BC} = Adobe Photoshop CS
{F0A37341-D692-11D4-A984-009027EC0A9C} = SoundMAX
{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5} = mMHouse
{F386C340-DF4B-4BBA-9503-420FB7EDB395} = Wallpapers
{F6A04D96-C6D7-498C-9099-BCAD0D99778D} = Diskeeper Lite
{F91040C8-F3F6-BBA5-2762-EB720EA4B556} = Catalyst Control Center Localization Portuguese
{FA80BF85-F02C-4A9D-935B-EF7DC7BAB5C5} = IM2
{FC081D4D-DF1B-4CF1-B530-027E4118D846} = ThinkPad-Konfiguration
{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4} = mWlsSafe
Adobe Flash Player ActiveX = Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin = Adobe Flash Player 10 Plugin
All ATI Software = ATI - Dienstprogramm zur Deinstallation der Software
ATI Display Driver = ATI Display Driver
Avira AntiVir Desktop = Avira AntiVir Personal - Free Antivirus
AwayTask = ThinkVantage Away Manager
Canon iP3300 Benutzerregistrierung = Canon iP3300 Benutzerregistrierung
Canon MP540 series Benutzerregistrierung = Canon MP540 series Benutzerregistrierung
Canon Setup Utility 2.3 = Canon Setup Utility 2.3
CANONIJPLM100 = Inkjet Printer/Scanner Extended Survey Program
CanonMyPrinter = Canon Utilities My Printer
CanonSolutionMenu = Canon Utilities Solution Menu
CCleaner = CCleaner
CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588 = ThinkPad Modem
DtsFilter = DTS+AC3 ÇÊÅÍ
Easy-PhotoPrint = Canon Utilities Easy-PhotoPrint
Easy-PhotoPrint EX = Canon Utilities Easy-PhotoPrint EX
Easy-PrintToolBox = Canon Utilities Easy-PrintToolBox
Easy-WebPrint = Easy-WebPrint
GOM Player = GOM Player
HijackThis = HijackThis 2.0.2
IDNMitigationAPIs = Microsoft Internationalized Domain Names Mitigation APIs
ie7 = Windows Internet Explorer 7
ie8 = Windows Internet Explorer 8
IM_is1 = IM 2.6
InstallShield_{E922961C-6DB6-41DE-9FEA-426DF3E9F81C} = IBM 32-bit Runtime Environment for Java 2, v1.4.2
InterActual Player = InterActual Player
Juniper Network Connect 6.0.0 = Juniper Networks Network Connect 6.0.0
LiveReg = LiveReg (Symantec Corporation)
LiveUpdate = LiveUpdate 2.6 (Symantec Corporation)
Malwarebytes' Anti-Malware_is1 = Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1 (1033) = Microsoft .NET Framework 1.1
Microsoft .NET Framework 3.5 SP1 = Microsoft .NET Framework 3.5 SP1
Mobile Partner = Mobile Partner
Mozilla Firefox (3.6.13) = Mozilla Firefox (3.6.13)
MP Navigator EX 2.0 = Canon MP Navigator EX 2.0
MPEG2 Codec(libmpeg2/mad) = MPEG2 Codec(libmpeg2/mad)
MSCompPackV1 = Microsoft Compression Client Pack 1.0 for Windows XP
MSNINST = MSN
MultiRes (remove only) = MultiRes (remove only)
NLSDownlevelMapping = Microsoft National Language Support Downlevel APIs
OnScreenDisplay = Anzeige am Bildschirm
PCFriendly = PCFriendly
PCMCIAPW = ThinkPad PC Card Power Policy
Power Management Driver = ThinkPad Power Management Driver
PPStream = PPStream V2.6.86.8989 Final
Presentation Director = ThinkPad-Präsentationsdirektor
ProInst = Intel(R) PROSet/Wireless Software
PROSet = Intel(R) Network Connections Drivers
Radeon Omega Drivers for Windows XP/2kv4.8.442 = Radeon Omega Drivers v4.8.442 Setup Files and Tools
RealPlayer 12.0 = RealPlayer
Remove Multimedia Center = Remove Multimedia Center
SLD Codec Pack = SLD Codec Pack
SynTPDeinstKey = ThinkPad UltraNav Driver
ThinkPad FullScreen Magnifier = ThinkPad FullScreen Magnifier
ThinkPadSoftwareInstaller = Software Installer
TrueCrypt = TrueCrypt
Windows Media Format Runtime = Windows Media Format 11 runtime
Windows Media Player = Windows Media Player 11
Windows XP Service Pack = Windows XP Service Pack 3
WMFDist11 = Windows Media Format 11 runtime
wmp11 = Windows Media Player 11
Wudf01000 = Microsoft User-Mode Driver Framework Feature Pack 1.0
XiphQT = Xiph QuickTime Components
Yahoo! Companion = Yahoo! Toolbar
迅雷看看播放器 = 迅雷看看播放器

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
Adobe Acrobat Connect Add-in = Adobe Acrobat Connect Add-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 20.11.2010 08:16:56 | Computer Name = LENOVO-99D19D6A | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung im2.exe, Version 1.2.6.0, fehlgeschlagenes
Modul msxml3.dll, Version 8.100.1052.0, Fehleradresse 0x000337c5.

Error - 27.11.2010 04:48:23 | Computer Name = LENOVO-99D19D6A | Source = ESENT | ID = 490
Description = svchost (1456) Versuch, Datei C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

Error - 07.12.2010 12:14:17 | Computer Name = LENOVO-99D19D6A | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung outlook.exe, Version 9.0.0.2416, fehlgeschlagenes
Modul outllib.dll, Version 9.0.0.2814, Fehleradresse 0x00026b3a.

Error - 13.12.2010 08:03:20 | Computer Name = LENOVO-99D19D6A | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung acrord32.exe, Version 7.0.8.218, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x24002bcb.

Error - 18.12.2010 06:57:06 | Computer Name = LENOVO-99D19D6A | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OUTLOOK.EXE, Version 9.0.0.2416, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 19.12.2010 07:01:57 | Computer Name = LENOVO-99D19D6A | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 1.9.2.3989, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 23.12.2010 04:47:20 | Computer Name = LENOVO-99D19D6A | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OUTLOOK.EXE, Version 9.0.0.2416, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 25.12.2010 12:20:04 | Computer Name = LENOVO-99D19D6A | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung acrord32.exe, Version 7.0.8.218, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x24002bcb.

Error - 29.12.2010 12:25:34 | Computer Name = LENOVO-99D19D6A | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung realplay.exe, Version 12.0.1.609, fehlgeschlagenes
Modul ntdll.dll, Version 5.1.2600.5755, Fehleradresse 0x00010a19.

Error - 07.01.2011 04:24:50 | Computer Name = LENOVO-99D19D6A | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application mom.exe, version 2.0.0.0, stamp 469cdcb3, faulting
module mscorwks.dll, version 2.0.50727.3615, stamp 4be902c7, debug? 0, fault address
0x00097dda.

[ System Events ]
Error - 11.01.2011 14:26:14 | Computer Name = LENOVO-99D19D6A | Source = SideBySide | ID = 16842811
Description = Generate Activation Context ist für C:\program files\real\realplayer\plugins\rmxrend.dll
fehlgeschlagen. Referenzfehlermeldung: Der Vorgang wurde erfolgreich beendet. .

Error - 11.01.2011 14:26:49 | Computer Name = LENOVO-99D19D6A | Source = SideBySide | ID = 16842784
Description = Abhängige Assemblierung Microsoft.VC90.DebugCRT konnte nicht gefunden
werden. Last Error: Die referenzierte Assemblierung ist nicht auf dem Computer
installiert.

Error - 11.01.2011 14:26:49 | Computer Name = LENOVO-99D19D6A | Source = SideBySide | ID = 16842784
Description = Abhängige Assemblierung Microsoft.VC90.DebugCRT konnte nicht gefunden
werden. Last Error: Die referenzierte Assemblierung ist nicht auf dem Computer
installiert.

Error - 11.01.2011 14:26:49 | Computer Name = LENOVO-99D19D6A | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly ist für Microsoft.VC90.DebugCRT fehlgeschlagen.
Referenzfehlermeldung:
Die referenzierte Assemblierung ist nicht auf dem Computer installiert. .

Error - 11.01.2011 14:26:49 | Computer Name = LENOVO-99D19D6A | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly ist für Microsoft.VC90.DebugCRT fehlgeschlagen.
Referenzfehlermeldung:
Die referenzierte Assemblierung ist nicht auf dem Computer installiert. .

Error - 11.01.2011 14:26:49 | Computer Name = LENOVO-99D19D6A | Source = SideBySide | ID = 16842811
Description = Generate Activation Context ist für c:\program files\real\realplayer\plugins\rmxrend.dll
fehlgeschlagen. Referenzfehlermeldung: Der Vorgang wurde erfolgreich beendet. .

Error - 11.01.2011 14:26:49 | Computer Name = LENOVO-99D19D6A | Source = SideBySide | ID = 16842811
Description = Generate Activation Context ist für c:\program files\real\realplayer\plugins\rmxrend.dll
fehlgeschlagen. Referenzfehlermeldung: Der Vorgang wurde erfolgreich beendet. .

Error - 11.01.2011 14:35:52 | Computer Name = LENOVO-99D19D6A | Source = SideBySide | ID = 16842784
Description = Abhängige Assemblierung Microsoft.VC90.DebugCRT konnte nicht gefunden
werden. Last Error: Die referenzierte Assemblierung ist nicht auf dem Computer
installiert.

Error - 11.01.2011 14:35:52 | Computer Name = LENOVO-99D19D6A | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly ist für Microsoft.VC90.DebugCRT fehlgeschlagen.
Referenzfehlermeldung:
Die referenzierte Assemblierung ist nicht auf dem Computer installiert. .

Error - 11.01.2011 14:35:52 | Computer Name = LENOVO-99D19D6A | Source = SideBySide | ID = 16842811
Description = Generate Activation Context ist für c:\program files\real\realplayer\plugins\rmxrend.dll
fehlgeschlagen. Referenzfehlermeldung: Der Vorgang wurde erfolgreich beendet. .


< End of report >

OTL logfile created on: 11.01.2011 19:45:46 - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Dokumente und Einstellungen\Andrea\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 58,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 51,15 Gb Total Space | 15,11 Gb Free Space | 29,55% Space Free | Partition Type: NTFS
Drive H: | 598,81 Mb Total Space | 282,74 Mb Free Space | 47,22% Space Free | Partition Type: FAT32

Computer Name: LENOVO-99D19D6A | User Name: Andrea | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Dokumente und Einstellungen\Andrea\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
PRC - C:\Programme\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
PRC - C:\Programme\PPStream\PPSAP.exe (PPStream Inc)
PRC - C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - c:\Programme\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Programme\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
PRC - C:\Programme\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
PRC - C:\WINDOWS\system32\ibmpmsvc.exe (Lenovo)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
PRC - C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)
PRC - C:\Programme\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\Programme\StickyPad\StickyPad.exe (Green Eclipse)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
PRC - C:\Programme\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
PRC - C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe ()
PRC - C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
PRC - C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
PRC - C:\Programme\IBM ThinkVantage\Rescue and Recovery\rrservice.exe ()
PRC - C:\Programme\IBM ThinkVantage\Client Security Solution\pwmgr.exe (Lenovo Group Limited)
PRC - C:\Programme\IBM ThinkVantage\Client Security Solution\cssauth.exe (Lenovo Group Limited)
PRC - C:\Programme\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe (IBM)
PRC - C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
PRC - C:\WINDOWS\system32\IPSSVC.EXE (Lenovo Group Limited)
PRC - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Programme\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Limited)
PRC - C:\Programme\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe (Utimaco Safeware AG)
PRC - C:\WINDOWS\system32\TpShocks.exe (Lenovo, Ltd. and IBM Corporation.)
PRC - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\WINDOWS\system32\TPHDEXLG.exe (Lenovo.)
PRC - C:\WINDOWS\system32\TpKmpSvc.exe ()
PRC - C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)


========== Modules (SafeList) ==========

MOD - C:\Dokumente und Einstellungen\Andrea\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll (RealNetworks, Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\PROCHLP.DLL (Lenovo Group Limited)
MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.)


========== Win32 Services (SafeList) ==========

SRV - (PsaSrv) -- C:\WINDOWS\System32\PsaSrv.exe File not found
SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (SUService) -- c:\Programme\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (dsNcService) -- C:\Programme\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (IBMPMSVC) -- C:\WINDOWS\system32\ibmpmsvc.exe (Lenovo)
SRV - (Adobe LM Service) -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe ()
SRV - (TVT Scheduler) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)
SRV - (IJPLMSVC) -- C:\Programme\Canon\IJPLM\ijplmsvc.exe ()
SRV - (ThinkVantage Registry Monitor Service) -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (AcSvc) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo)
SRV - (AcPrfMgrSvc) -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe ()
SRV - (TVT Backup Service) -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\rrservice.exe ()
SRV - (TSSCoreService) -- C:\Programme\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe (IBM)
SRV - (Diskeeper) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
SRV - (IPSSVC) -- C:\WINDOWS\system32\IPSSVC.EXE (Lenovo Group Limited)
SRV - (S24EventMonitor) Intel(R) -- C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (TPHDEXLGSVC) -- C:\WINDOWS\system32\TPHDEXLG.exe (Lenovo.)
SRV - (TpKmpSVC) -- C:\WINDOWS\system32\TpKmpSvc.exe ()


========== Driver Services (SafeList) ==========

DRV - (catchme) -- C:\DOKUME~1\Andrea\LOKALE~1\Temp\catchme.sys File not found
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (e1express) Intel(R) -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (dsNcAdpt) -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys (Juniper Networks)
DRV - (EGATHDRV) -- C:\WINDOWS\system32\EGATHDRV.SYS (IBM Corporation)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (IBMPMDRV) -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys (Lenovo.)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (TPHKDRV) -- C:\WINDOWS\system32\drivers\TPHKDRV.sys (Lenovo Group Limited)
DRV - (NSCIRDA) -- C:\WINDOWS\system32\drivers\nscirda.sys (National Semiconductor Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (truecrypt) -- C:\WINDOWS\system32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (IBMTPCHK) -- C:\WINDOWS\system32\drivers\IBMBLDID.sys ()
DRV - (ibmfilter) -- C:\WINDOWS\system32\drivers\ibmfilter.sys (IBM)
DRV - (smi2) -- C:\Programme\SMI2\smi2.sys (IBM Corp.)
DRV - (ADIHdAudAddService) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (TcUsb) -- C:\WINDOWS\system32\drivers\tcusb.sys (UPEK Inc.)
DRV - (smihlp) -- C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys (UPEK Inc.)
DRV - (TPPWRIF) -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS ()
DRV - (HSXHWAZL) -- C:\WINDOWS\system32\drivers\hsxhwazl.sys (Conexant Systems, Inc.)
DRV - (PROCDD) -- C:\WINDOWS\system32\drivers\PROCDD.SYS (Lenovo Group Limited)
DRV - (Shockprf) -- C:\WINDOWS\System32\drivers\shockprf.sys (Lenovo)
DRV - (Smapint) -- C:\WINDOWS\system32\drivers\SMAPINT.SYS (Microsoft Corporation)
DRV - (TDSMAPI) -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS ()
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (w39n51) Intel(R) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (TSMAPIP) -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS ()
DRV - (PrivateDisk) -- C:\Programme\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys (Utimaco Safeware AG)
DRV - (ANC) -- C:\WINDOWS\system32\drivers\ANC.sys (IBM Corp.)
DRV - (iaStor) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (ShockMgr) -- C:\WINDOWS\System32\drivers\ShockMgr.sys (Lenovo.)
DRV - (atmeltpm) -- C:\WINDOWS\system32\drivers\atmeltpm.sys (Atmel, Inc.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (ac97intc) Intel(r) 82801 Audiotreiber-Installationsdienst (WDM) -- C:\WINDOWS\system32\drivers\ac97intc.sys (Intel Corporation)
DRV - (PCANDIS5) -- C:\Programme\HotSpot Manager\Pcandis5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (pmem) -- C:\WINDOWS\system32\drivers\PMEMNT.SYS (Microsoft Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://dsl-start.computerbild.de/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.christiantoday.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: ProxyEnable = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: ProxyOverride = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: GMX Suche
FF - prefs.js..browser.search.order.1: GMX Suche
FF - prefs.js..browser.search.order.2: WEB.DE Suche
FF - prefs.js..browser.search.order.3: 1und1 Suche
FF - prefs.js..browser.search.order.4: amazon.de
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: www.gmx.net
FF - prefs.js..browser.startup.homepage: http://go.web.de/home | http://go.web.de/tab2
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {C473DC2B-895F-4E11-B8BF-FF28DFD62829}:1.6.4
FF - prefs.js..keyword.URL: http://go.gmx.net/suchbox/gmxsuche?su=


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.12.07 15:20:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.12.14 09:52:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.12.14 09:52:14 | 000,000,000 | ---D | M]

[2008.08.06 14:32:22 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Andrea\Anwendungsdaten\Mozilla\Extensions
[2010.02.17 17:14:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Andrea\Anwendungsdaten\Mozilla\Firefox\Profiles\308fz82j.default\extensions
[2009.11.10 16:33:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Andrea\Anwendungsdaten\Mozilla\Firefox\Profiles\308fz82j.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.02.12 11:59:54 | 000,000,000 | ---D | M] (GMX Firefox Addon) -- C:\Dokumente und Einstellungen\Andrea\Anwendungsdaten\Mozilla\Firefox\Profiles\308fz82j.default\extensions\{C473DC2B-895F-4E11-B8BF-FF28DFD62829}
[2009.11.25 19:46:08 | 000,000,000 | ---D | M] (Alexa Sparky) -- C:\Dokumente und Einstellungen\Andrea\Anwendungsdaten\Mozilla\Firefox\Profiles\308fz82j.default\extensions\[email protected]
[2009.02.11 06:21:07 | 000,000,000 | ---D | M] (Yahoo! Deutschland Toolbar und Extras) -- C:\Dokumente und Einstellungen\Andrea\Anwendungsdaten\Mozilla\Firefox\Profiles\308fz82j.default\extensions\[email protected]
[2011.01.11 19:35:38 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Andrea\Anwendungsdaten\Mozilla\Firefox\Profiles\3hjfo65d.Standard-Benutzer\extensions
[2010.04.28 06:53:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Andrea\Anwendungsdaten\Mozilla\Firefox\Profiles\3hjfo65d.Standard-Benutzer\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.02.12 11:56:24 | 000,005,591 | ---- | M] () -- C:\Dokumente und Einstellungen\Andrea\Anwendungsdaten\Mozilla\Firefox\Profiles\308fz82j.default\searchplugins\1und1-suche.xml
[2010.02.12 11:56:23 | 000,001,371 | ---- | M] () -- C:\Dokumente und Einstellungen\Andrea\Anwendungsdaten\Mozilla\Firefox\Profiles\308fz82j.default\searchplugins\amazonde.xml
[2008.10.25 11:32:23 | 000,001,904 | ---- | M] () -- C:\Dokumente und Einstellungen\Andrea\Anwendungsdaten\Mozilla\Firefox\Profiles\308fz82j.default\searchplugins\bibleservercom-lut.xml
[2010.02.12 11:56:23 | 000,010,605 | ---- | M] () -- C:\Dokumente und Einstellungen\Andrea\Anwendungsdaten\Mozilla\Firefox\Profiles\308fz82j.default\searchplugins\gmx-suche.xml
[2008.10.25 11:36:03 | 000,001,660 | ---- | M] () -- C:\Dokumente und Einstellungen\Andrea\Anwendungsdaten\Mozilla\Firefox\Profiles\308fz82j.default\searchplugins\leo-deu-eng.xml
[2010.02.12 12:07:22 | 000,005,588 | ---- | M] () -- C:\Dokumente und Einstellungen\Andrea\Anwendungsdaten\Mozilla\Firefox\Profiles\308fz82j.default\searchplugins\webde-suche.xml
[2011.01.11 19:35:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.05.14 07:42:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.01 07:50:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.15 18:43:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.05 09:44:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD\FIREFOX\EXT
[2009.01.20 19:31:41 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.08.18 07:12:27 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.08.18 07:12:27 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.08.18 07:12:27 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.08.18 07:12:27 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.08.18 07:12:27 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010.02.11 16:26:53 | 000,000,686 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (WEB.DE Browser Configuration by mquadr.at) - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\WINDOWS\system32\ieconfig_1und1.dll (mquadr.at softwareengineering und consulting gmbh)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BLOG] C:\Programme\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [cssauth] C:\Programme\IBM ThinkVantage\Client Security Solution\cssauth.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [EZEJMNAP] C:\Programme\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [ISUSPM Startup] c:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] c:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LPMailChecker] C:\Programme\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [LPManager] C:\Programme\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [PDService.exe] C:\Programme\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe (Utimaco Safeware AG)
O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Programme\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo, Ltd. and IBM Corporation.)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKCU..\Run: [PPS Accelerator] C:\Programme\PPStream\PPSAP.exe (PPStream Inc)
O4 - HKCU..\Run: [Sticky Pad] C:\Programme\StickyPad\StickyPad.exe (Green Eclipse)
O4 - HKCU..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DontSetAutoplayCheckbox = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutorun = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DontSetAutoplayCheckbox = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutorun = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra->Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ThinkPad-Software - Aktualisierung - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Programme\Lenovo\PkgMgr\\PkgMgr.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1218029111640 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://ssl.cms.hu-berlin.de/dana-cached/setup/JuniperSetupSP1.cab (JuniperSetupSP1 Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\psfus: DllName - psqlpwd.dll - C:\WINDOWS\System32\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\tpfnf2: DllName - C:\Programme\Lenovo\HOTKEY\notifyf2.dll - C:\Programme\Lenovo\HOTKEY\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - C:\Programme\Lenovo\HOTKEY\tphklock.dll - C:\Programme\Lenovo\HOTKEY\tphklock.dll (Lenovo Group Limited)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.08.06 12:52:35 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- %1 %*
O35 - HKLM\..exefile [open] -- %1 %*
O37 - HKLM\...com [@ = comfile] -- %1 %*
O37 - HKLM\...exe [@ = exefile] -- %1 %*

========== Files/Folders - Created Within 30 Days ==========

[2011.01.11 13:17:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Andrea\DoctorWeb
[2011.01.11 13:10:52 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Andrea\Recent
[2011.01.10 11:06:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Andrea\Startmenü\Programme\HiJackThis
[2011.01.05 09:44:41 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011.01.05 09:44:41 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011.01.05 09:44:41 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.12.31 09:46:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Andrea\Lokale Einstellungen\Anwendungsdaten\IM2
[2010.12.15 09:02:30 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2010.12.15 08:59:37 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.01.11 19:35:53 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3793994210-524462437-3665233683-1005.job
[2011.01.11 19:35:53 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3793994210-524462437-3665233683-1005.job
[2011.01.11 19:26:43 | 000,459,396 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.01.11 19:26:43 | 000,441,458 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.01.11 19:26:43 | 000,084,722 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.01.11 19:26:43 | 000,071,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.01.11 19:24:50 | 000,002,284 | ---- | M] () -- C:\WINDOWS\psnetwork.ini
[2011.01.11 19:24:26 | 000,000,072 | ---- | M] () -- C:\WINDOWS\PCDNSetting.ini
[2011.01.11 19:22:43 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2011.01.11 19:22:12 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.01.11 19:21:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.01.11 19:21:57 | 000,045,668 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2011.01.11 19:21:55 | 1608,962,048 | -HS- | M] () -- C:\hiberfil.sys
[2011.01.11 19:16:30 | 000,005,211 | ---- | M] () -- C:\Dokumente und Einstellungen\Andrea\Desktop\DrWeb.csv
[2011.01.11 11:54:11 | 054,486,224 | ---- | M] () -- C:\Dokumente und Einstellungen\Andrea\Desktop\7zl7xjkf.exe
[2011.01.10 14:53:59 | 000,019,456 | ---- | M] () -- C:\Dokumente und Einstellungen\Andrea\Desktop\Römer 8.doc
[2011.01.10 11:06:58 | 000,002,433 | ---- | M] () -- C:\Dokumente und Einstellungen\Andrea\Desktop\HiJackThis.lnk
[2011.01.09 19:09:19 | 000,020,480 | ---- | M] () -- C:\Dokumente und Einstellungen\Andrea\Desktop\Mein Problem.doc
[2011.01.09 15:25:21 | 000,000,767 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.07 10:20:24 | 000,007,850 | ---- | M] () -- C:\WINDOWS\powerplayer.ini
[2011.01.07 10:20:24 | 000,000,178 | ---- | M] () -- C:\WINDOWS\powerlist.ini
[2011.01.05 21:32:16 | 000,026,112 | ---- | M] () -- C:\Dokumente und Einstellungen\Andrea\Desktop\Jesaja 61.doc
[2011.01.02 17:47:03 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.12.31 09:46:46 | 000,001,269 | ---- | M] () -- C:\Dokumente und Einstellungen\Andrea\Desktop\IM2.lnk
[2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.12.20 17:55:38 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010.12.16 09:51:12 | 000,120,544 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.01.11 19:21:55 | 1608,962,048 | -HS- | C] () -- C:\hiberfil.sys
[2011.01.11 19:16:30 | 000,005,211 | ---- | C] () -- C:\Dokumente und Einstellungen\Andrea\Desktop\DrWeb.csv
[2011.01.11 11:32:45 | 054,486,224 | ---- | C] () -- C:\Dokumente und Einstellungen\Andrea\Desktop\7zl7xjkf.exe
[2011.01.10 14:53:58 | 000,019,456 | ---- | C] () -- C:\Dokumente und Einstellungen\Andrea\Desktop\Römer 8.doc
[2011.01.09 18:47:04 | 000,000,116 | ---- | C] () -- C:\Dokumente und Einstellungen\Andrea\LuResult.txt
[2011.01.09 16:02:20 | 000,002,433 | ---- | C] () -- C:\Dokumente und Einstellungen\Andrea\Desktop\HiJackThis.lnk
[2011.01.09 16:00:27 | 000,020,480 | ---- | C] () -- C:\Dokumente und Einstellungen\Andrea\Desktop\Mein Problem.doc
[2011.01.09 15:25:21 | 000,000,767 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.05 18:59:06 | 000,026,112 | ---- | C] () -- C:\Dokumente und Einstellungen\Andrea\Desktop\Jesaja 61.doc
[2010.12.31 09:46:46 | 000,001,269 | ---- | C] () -- C:\Dokumente und Einstellungen\Andrea\Desktop\IM2.lnk
[2009.11.06 20:47:41 | 000,000,060 | ---- | C] () -- C:\WINDOWS\MediaList.ini
[2009.06.15 13:51:39 | 000,036,948 | ---- | C] () -- C:\Dokumente und Einstellungen\Andrea\Anwendungsdaten\JuniperExtXP.exe
[2009.06.15 13:51:39 | 000,000,450 | ---- | C] () -- C:\Dokumente und Einstellungen\Andrea\Anwendungsdaten\JuniperExtXP.log
[2009.05.24 12:44:23 | 000,009,358 | ---- | C] () -- C:\Dokumente und Einstellungen\Andrea\Anwendungsdaten\Kommagetrennte Werte (Windows).EML
[2009.05.24 12:43:29 | 000,012,997 | ---- | C] () -- C:\Dokumente und Einstellungen\Andrea\Anwendungsdaten\Kommagetrennte Werte (Windows).CAL
[2009.03.21 19:59:17 | 000,000,072 | ---- | C] () -- C:\WINDOWS\PCDNSetting.ini
[2009.03.21 19:55:46 | 000,000,022 | ---- | C] () -- C:\WINDOWS\MList.INI
[2009.03.21 19:53:37 | 000,000,143 | ---- | C] () -- C:\WINDOWS\PPSMediaList.ini
[2009.03.21 19:53:36 | 000,000,178 | ---- | C] () -- C:\WINDOWS\powerlist.ini
[2009.03.21 19:53:30 | 000,007,850 | ---- | C] () -- C:\WINDOWS\powerplayer.ini
[2009.03.21 19:53:30 | 000,002,284 | ---- | C] () -- C:\WINDOWS\psnetwork.ini
[2008.11.18 21:20:16 | 000,000,031 | ---- | C] () -- C:\WINDOWS\msgtn.ini
[2008.11.02 19:25:37 | 000,000,075 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008.11.01 20:36:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008.10.24 18:57:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2008.09.22 19:11:59 | 000,014,336 | ---- | C] () -- C:\Dokumente und Einstellungen\Andrea\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.08.06 14:01:03 | 000,000,403 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.08.06 12:52:29 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\Andrea\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2008.08.06 12:36:05 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008.08.06 12:35:44 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2008.08.06 12:35:29 | 000,006,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2008.08.06 12:27:05 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008.08.06 12:27:05 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008.08.06 12:27:04 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008.08.06 12:27:04 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008.08.06 12:27:04 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008.08.06 12:27:04 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008.08.06 12:26:01 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2008.08.06 12:25:41 | 000,000,148 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008.08.06 12:15:30 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2008.08.06 12:14:44 | 000,009,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2008.08.06 12:12:28 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2008.08.06 11:58:34 | 000,002,458 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008.08.06 11:53:06 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll
[2008.08.06 11:53:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll
[2008.08.06 11:50:44 | 000,000,487 | ---- | C] () -- C:\WINDOWS\System32\IPSCTRL.INI
[2005.10.17 14:22:24 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL
[2005.09.06 09:05:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004.12.20 11:08:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004.12.20 11:03:26 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004.08.10 12:48:32 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004.08.10 12:18:03 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002.12.14 22:46:02 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\oggDS.dll
[2002.12.14 22:46:02 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002.12.14 22:46:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002.12.14 21:46:04 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002.11.15 13:11:26 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[1999.01.23 02:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998.10.11 00:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll
[1979.12.31 23:00:00 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll

========== Files - Unicode (All) ==========
(C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\????) -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\迅雷软件

< End of report >

ComboFix 11-01-12.04 - Andrea 13.01.2011 19:02:43.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.1534.927 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Andrea\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\dokumente und einstellungen\Andrea\Anwendungsdaten\JuniperExtXP.exe

.
((((((((((((((((((((((( Dateien erstellt von 2010-12-13 bis 2011-01-13 ))))))))))))))))))))))))))))))
.

2011-01-11 12:17 . 2011-01-11 13:21 -------- d-----w- c:\dokumente und einstellungen\Andrea\DoctorWeb
2011-01-10 10:06 . 2011-01-10 10:06 388096 ----a-r- c:\dokumente und einstellungen\Andrea\Anwendungsdaten\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-31 08:46 . 2010-12-31 08:46 -------- d-----w- c:\dokumente und einstellungen\Andrea\Lokale Einstellungen\Anwendungsdaten\IM2
2010-12-15 08:02 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 07:59 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 17:09 . 2010-02-10 19:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-02-10 19:31 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 16:55 . 2009-05-17 06:59 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-11-23 09:27 . 2009-05-17 06:59 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-18 18:12 . 2004-08-10 11:24 86016 ------w- c:\windows\system32\isign32.dll
2010-11-12 17:53 . 2010-05-14 06:42 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 15:34 . 2009-01-20 18:31 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-09 14:51 . 1979-12-31 22:00 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:21 . 1979-12-31 22:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:21 . 1979-12-31 22:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:21 . 1979-12-31 22:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 1979-12-31 22:00 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 1979-12-31 22:00 40960 ------w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:12 . 1979-12-31 22:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 14:05 . 1979-12-31 22:00 1853440 ------w- c:\windows\system32\win32k.sys
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Sticky Pad=c:\programme\StickyPad\StickyPad.exe [2007-04-23 528441]
updateMgr=c:\programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
PPS Accelerator=c:\programme\PPStream\ppsap.exe [2009-07-22 210312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SynTPLpr=c:\programme\Synaptics\SynTP\SynTPLpr.exe [2005-09-15 110592]
SynTPEnh=c:\programme\Synaptics\SynTP\SynTPEnh.exe [2005-09-15 512000]
TPKMAPHELPER=c:\programme\ThinkPad\Utilities\TpKmapAp.exe [2005-10-28 864256]
TpShocks=TpShocks.exe [2005-11-07 106496]
TP4EX=tp4ex.exe [2005-10-16 65536]
EZEJMNAP=c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [2005-11-17 237568]
TPHOTKEY=c:\programme\Lenovo\HOTKEY\TPOSDSVC.exe [2008-09-30 68976]
SoundMAXPnP=c:\programme\Analog Devices\Core\smax4pnp.exe [2005-12-15 925696]
LPManager=c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe [2009-07-23 185688]
DLA=c:\windows\System32\DLA\DLACTRLW.EXE [2005-08-01 122940]
ISUSPM Startup=c:\progra~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
ISUSScheduler=c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
cssauth=c:\programme\IBM ThinkVantage\Client Security Solution\cssauth.exe [2005-12-21 1996336]
PDService.exe=c:\programme\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe [2005-11-15 49152]
DiskeeperSystray=c:\programme\Diskeeper Corporation\Diskeeper\DkIcon.exe [2005-11-29 196696]
ACTray=c:\programme\ThinkPad\ConnectUtilities\ACTray.exe [2006-01-31 409600]
ACWLIcon=c:\programme\ThinkPad\ConnectUtilities\ACWLIcon.exe [2006-01-31 98304]
PWRMGRTR=c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL [2005-12-06 151552]
BLOG=c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL [2005-12-06 208896]
QuickTime Task=c:\programme\QuickTime\qttask.exe [2008-09-06 413696]
iTunesHelper=c:\programme\iTunes\iTunesHelper.exe [2008-10-01 289576]
avgnt=c:\programme\Avira\AntiVir Desktop\avgnt.exe [2010-11-04 281768]
Easy-PrintToolBox=c:\programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2004-01-14 409600]
CanonSolutionMenu=c:\programme\Canon\SolutionMenu\CNSLMAIN.exe [2008-03-10 689488]
CanonMyPrinter=c:\programme\Canon\MyPrinter\BJMyPrt.exe [2008-03-17 1848648]
TVT Scheduler Proxy=c:\programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe [2008-03-04 487424]
StartCCC=c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-01 61440]
LPMailChecker=c:\progra~1\THINKV~2\PrdCtr\LPMLCHK.exe [2009-07-23 124248]
SunJavaUpdateSched=c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [2010-05-14 248552]
TkBellExe=c:\program files\real\realplayer\update\realsched.exe [2010-12-07 274608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE=c:\windows\system32\CTFMON.EXE [2008-04-14 15360]

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Adobe Gamma Loader.lnk - c:\programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [2008-8-9 113664]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-10-28 50688]
Microsoft Office.lnk - c:\programme\Microsoft Office\Office\OSA9.EXE [1999-2-18 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
DontSetAutoplayCheckbox= 1 (0x1)
NoAutorun= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
DontSetAutoplayCheckbox= 1 (0x1)
NoAutorun= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2005-12-08 12:59 39936 ------w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 15:37 34344 ------w- c:\programme\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2008-08-08 18:14 28672 ------w- c:\programme\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
DisableMonitoring=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
%windir%\\system32\\sessmgr.exe=
%windir%\\Network Diagnostic\\xpnetdiag.exe=
c:\\Programme\\IM\\IM.exe=
c:\\Programme\\Messenger\\msmsgs.exe=
c:\\Programme\\PPStream\\PPStream.exe=
c:\\Programme\\PPStream\\PPSAP.exe=
c:\\Programme\\Bonjour\\mDNSResponder.exe=
c:\\Programme\\iTunes\\iTunes.exe=
c:\\Programme\\Mozilla Firefox\\firefox.exe=
c:\\Program Files\\Real\\RealPlayer\\realplay.exe=
c:\\Programme\\Gemeinsame Dateien\\Thunder Network\\DS\\Ver1\\1.0.2.21\\ThunderService.exe=
c:\\Programme\\Gemeinsame Dateien\\Thunder Network\\DS\\Ver1\\1.0.2.21\\ThunderLiveUD.exe=
c:\\Programme\\Gemeinsame Dateien\\Thunder Network\\DS\\Ver1\\1.0.2.21\\XLBugReport.exe=
c:\\Programme\\Thunder Network\\Xmp\\xmp.exe=
c:\\Programme\\Thunder Network\\Xmp\\ThunderLiveUD.exe=
c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe=
c:\\Programme\\Skype\\Phone\\Skype.exe=

R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [17.05.2009 07:59 135336]
R2 PrivateDisk;PrivateDisk;c:\programme\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys [15.11.2005 12:11 46142]
R2 smi2;smi2;c:\programme\SMI2\smi2.sys [21.12.2005 15:45 3968]
R2 smihlp;SMI helper driver;c:\programme\ThinkVantage Fingerprint Software\smihlp.sys [08.12.2005 13:44 3328]
S4 Dlhe5ntfi;Dlhe5ntfi;c:\windows\system32\drivers\netbios.sys [31.12.1979 23:00 34688]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Inhalt des geplante Tasks Ordners

2011-01-13 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-08-06 23:12]

2011-01-13 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3793994210-524462437-3665233683-1005.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]

2011-01-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3793994210-524462437-3665233683-1005.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]

2008-08-06 c:\windows\Tasks\Symantec NetDetect.job
- c:\programme\Symantec\LiveUpdate\NDETECT.EXE [2008-08-06 15:38]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.christiantoday.com/
mStart Page = hxxp://dsl-start.computerbild.de/
uInternet Connection Wizard,ShellNext = hxxp://www.lenovo.com/de/de
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://go.gmx.net/suchbox/gmxsuche?su=%s
FF - ProfilePath - c:\dokumente und einstellungen\Andrea\Anwendungsdaten\Mozilla\Firefox\Profiles\3hjfo65d.Standard-Benutzer\
FF - prefs.js: browser.search.selectedEngine - Bibleserver.com (LUT)
FF - prefs.js: browser.startup.homepage - www.christiantoday.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\programme\Java\jre6\lib\deploy\jqs\ff
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\dokumente und einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

AddRemove-2kv4.8.442 - c:\windows\Radeon Omega Drivers v4.8.442



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-13 19:09
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - >->winlogon.exe'(980)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\psqlpwd.dll
c:\programme\ThinkVantage Fingerprint Software\infra.dll
c:\programme\ThinkVantage Fingerprint Software\homefus2.dll
c:\windows\system32\biologon.dll
c:\programme\ThinkVantage Fingerprint Software\homepass.dll
c:\programme\ThinkVantage Fingerprint Software\bio.dll
c:\programme\ThinkVantage Fingerprint Software\remote.dll
c:\programme\ThinkVantage Fingerprint Software\ps2css.dll
c:\programme\Lenovo\HOTKEY\tphklock.dll

- - - - - - - >->explorer.exe'(4412)
c:\windows\system32\PROCHLP.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\programme\Intel\Wireless\Bin\EvtEng.exe
c:\windows\system32\Ati2evxx.exe
c:\programme\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\IPSSVC.EXE
c:\programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\programme\Diskeeper Corporation\Diskeeper\DkService.exe
c:\programme\Juniper Networks\Common Files\dsNcService.exe
c:\programme\Canon\IJPLM\IJPLMSVC.EXE
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
c:\programme\Intel\Wireless\Bin\RegSrvc.exe
c:\programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.EXE
c:\windows\system32\TpKmpSVC.exe
c:\programme\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
c:\programme\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
c:\programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
c:\programme\lenovo\system update\suservice.exe
c:\programme\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\TpShocks.exe
c:\programme\Lenovo\HOTKEY\TPONSCR.exe
c:\programme\Lenovo\Zoom\TpScrex.exe
c:\windows\system32\rundll32.exe
c:\programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\programme\iPod\bin\iPodService.exe
c:\programme\IBM ThinkVantage\Client Security Solution\pwmgr.exe
c:\programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-01-13 19:16:26 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-01-13 18:16
ComboFix2.txt 2010-02-11 10:27

Vor Suchlauf: 22 Verzeichnis(se), 16.017.338.368 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 16.232.849.408 Bytes frei

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT=Microsoft Windows Recovery Console /cmdcons
UnsupportedDebug=do not select this /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=Microsoft Windows XP Professional /fastdetect

- - End Of File - - D4704482C8B7D0A81E09347E0B664E4C

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000008c

Kernel Drivers (total 170):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F78000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F67000 pci.sys
0xBA0A8000 isapnp.sys
0xBA4BC000 compbatt.sys
0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xB9F49000 pcmcia.sys
0xBA0B8000 MountMgr.sys
0xB9F2A000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9F04000 dmio.sys
0xBA330000 PartMgr.sys
0xBA4C4000 ACPIEC.sys
0xBA671000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xB9EEF000 Shockprf.sys
0xBA0C8000 VolSnap.sys
0xB9ED7000 atapi.sys
0xB9E01000 iaStor.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9DE1000 fltmgr.sys
0xB9DCF000 sr.sys
0xB9DB9000 DRVMCDB.SYS
0xBA338000 PxHelp20.sys
0xB9DA2000 KSecDD.sys
0xB9D15000 Ntfs.sys
0xB9CE8000 NDIS.sys
0xB9CCE000 Mup.sys
0xBA148000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB84A7000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xA58B9000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xA5891000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xA5854000 \SystemRoot\system32\DRIVERS\e1e5132.sys
0xA56F7000 \SystemRoot\system32\DRIVERS\w39n51.sys
0xBA448000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xA56D3000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA450000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xA6421000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA458000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xA56A7000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xA85F1000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA460000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA468000 \SystemRoot\system32\DRIVERS\nscirda.sys
0xA6579000 \SystemRoot\system32\DRIVERS\irenum.sys
0xBA478000 \SystemRoot\system32\DRIVERS\atmeltpm.sys
0xA5B62000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xBA480000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys
0xA6411000 \SystemRoot\system32\DRIVERS\imapi.sys
0xA85EF000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xA6401000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xA63F1000 \SystemRoot\system32\DRIVERS\redbook.sys
0xA5684000 \SystemRoot\system32\DRIVERS\ks.sys
0xA5B5A000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xA63E1000 \SystemRoot\system32\DRIVERS\dsNcAdpt.sys
0xA5D4F000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA488000 \SystemRoot\system32\DRIVERS\rasirda.sys
0xBA490000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xA63D1000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xA5B4E000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xA566D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xA5C8D000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xA5C7D000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xA565C000 \SystemRoot\system32\DRIVERS\psched.sys
0xA5C6D000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA498000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA4A0000 \SystemRoot\system32\DRIVERS\raspti.sys
0xA562C000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xA5C5D000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA4A8000 \SystemRoot\system32\DRIVERS\psadd.sys
0xA85ED000 \SystemRoot\system32\DRIVERS\swenum.sys
0xA55CE000 \SystemRoot\system32\DRIVERS\update.sys
0xB44A5000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xA5C1D000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xA157E000 \SystemRoot\system32\drivers\ADIHdAud.sys
0xA155A000 \SystemRoot\system32\drivers\portcls.sys
0xAE7FC000 \SystemRoot\system32\drivers\drmk.sys
0xA1534000 \SystemRoot\system32\drivers\AEAudio.sys
0xA1500000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0xA140E000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xA135B000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xB5AF3000 \SystemRoot\System32\Drivers\Modem.SYS
0xAE7BC000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xAD61B000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xA6571000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA717000 \SystemRoot\System32\Drivers\Null.SYS
0xA64BB000 \SystemRoot\System32\Drivers\DLARTL_N.SYS
0xA64AB000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xA64A3000 \SystemRoot\System32\drivers\vga.sys
0xA656D000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xA656B000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xA649B000 \SystemRoot\System32\Drivers\Msfs.SYS
0xA6493000 \SystemRoot\System32\Drivers\Npfs.SYS
0xAD60F000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA1308000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA12AF000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA1287000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA1261000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA123F000 \SystemRoot\System32\drivers\afd.sys
0xAE78C000 \SystemRoot\system32\DRIVERS\netbios.sys
0xACED4000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA648B000 \SystemRoot\System32\drivers\TSMAPIP.SYS
0xA120F000 \??\C:\WINDOWS\system32\Drivers\truecrypt.sys
0xA6483000 \SystemRoot\System32\drivers\Tppwrif.sys
0xA647B000 \SystemRoot\system32\DRIVERS\TPHKDRV.sys
0xA593D000 \SystemRoot\System32\drivers\TDSMAPI.SYS
0xA5945000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xA5935000 \SystemRoot\System32\drivers\Smapint.sys
0xA6569000 \SystemRoot\System32\Drivers\ShockMgr.SYS
0xA11C4000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA1154000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA6567000 \??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys
0xACEB4000 \SystemRoot\System32\Drivers\Fips.SYS
0xA112E000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xA5B03000 \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys
0xBA58C000 \SystemRoot\System32\drivers\ANC.SYS
0xACE64000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB9CA6000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xACE54000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB0718000 \SystemRoot\System32\Drivers\tcusb.sys
0xB9C96000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB89D6000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xA1058000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xB9C92000 \SystemRoot\System32\drivers\Dxapi.sys
0xAE5CB000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA7A3000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF062000 \SystemRoot\System32\ati2cqag.dll
0xBF0EB000 \SystemRoot\System32\atikvmag.dll
0xBF158000 \SystemRoot\System32\atiok3x2.dll
0xBF19B000 \SystemRoot\System32\ati3duag.dll
0xBF55B000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0x9EE43000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xA6431000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xBA726000 \SystemRoot\System32\DLA\DLADResN.SYS
0x9EE2D000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xAD627000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xAC6A4000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xBA728000 \??\C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys
0xB5AE3000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0x9EE16000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0x9EE00000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xA5915000 \SystemRoot\system32\DRIVERS\AegisP.sys
0x9ED9A000 \SystemRoot\system32\DRIVERS\irda.sys
0xB44C9000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xB9C31000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9EB8D000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xAE5AB000 \SystemRoot\system32\DRIVERS\PROCDD.SYS
0xA8032000 \??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS
0x9E994000 \SystemRoot\System32\Drivers\HTTP.sys
0x9EAC1000 \??\C:\WINDOWS\system32\drivers\ibmfilter.sys
0x9EC06000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x9E8EC000 \SystemRoot\system32\DRIVERS\srv.sys
0xA7480000 \??\C:\WINDOWS\System32\drivers\pmemnt.sys
0xAC15E000 \??\C:\Programme\IBM ThinkVantage\SafeGuard PrivateDisk\PrivateDiskM.sys
0xBA7D2000 \??\C:\Programme\SMI2\smi2.sys
0xBA4B0000 \SystemRoot\System32\Drivers\TDTCP.SYS
0x9E7B1000 \SystemRoot\System32\Drivers\RDPWD.SYS
0x9E544000 \SystemRoot\system32\drivers\wdmaud.sys
0xBA1F8000 \SystemRoot\system32\drivers\sysaudio.sys
0x9CB32000 \SystemRoot\System32\Drivers\Fastfat.SYS
0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 79):
0 System Idle Process
4 System
876 C:\WINDOWS\system32\smss.exe
952 csrss.exe
984 C:\WINDOWS\system32\winlogon.exe
1028 C:\WINDOWS\system32\services.exe
1040 C:\WINDOWS\system32\lsass.exe
1240 C:\WINDOWS\system32\ibmpmsvc.exe
1272 C:\WINDOWS\system32\ati2evxx.exe
1288 C:\WINDOWS\system32\svchost.exe
1408 svchost.exe
1448 C:\WINDOWS\system32\svchost.exe
1528 C:\Programme\Intel\Wireless\Bin\EvtEng.exe
1568 C:\WINDOWS\system32\ati2evxx.exe
1616 C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
1840 svchost.exe
1892 svchost.exe
376 C:\WINDOWS\system32\spoolsv.exe
436 C:\Programme\Avira\AntiVir Desktop\sched.exe
568 svchost.exe
908 C:\WINDOWS\system32\IPSSVC.EXE
936 C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
1092 C:\Programme\Avira\AntiVir Desktop\avguard.exe
1344 C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
1504 C:\Programme\Bonjour\mDNSResponder.exe
1596 C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe
236 C:\Programme\Juniper Networks\Common Files\dsNcService.exe
660 C:\WINDOWS\system32\svchost.exe
676 C:\Programme\Canon\IJPLM\ijplmsvc.exe
1148 C:\Programme\Java\jre6\bin\jqs.exe
736 C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
756 C:\Programme\Avira\AntiVir Desktop\avshadow.exe
1832 C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
2064 C:\WINDOWS\system32\svchost.exe
2156 C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
2420 C:\WINDOWS\system32\TPHDEXLG.exe
2448 C:\WINDOWS\system32\TpKmpSvc.exe
2500 ibmtcsd.exe
2536 C:\Programme\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
2576 C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
2692 C:\Programme\Lenovo\System Update\SUService.exe
3204 wmpnetwk.exe
3520 C:\WINDOWS\explorer.exe
2168 C:\Programme\Synaptics\SynTP\SynTPLpr.exe
1380 C:\Programme\Synaptics\SynTP\SynTPEnh.exe
2480 C:\WINDOWS\system32\wbem\wmiapsrv.exe
2668 C:\WINDOWS\system32\TpShocks.exe
2740 C:\Programme\ThinkPad\Utilities\EZEJMNAP.EXE
2788 C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
2812 C:\Programme\Analog Devices\Core\smax4pnp.exe
2836 C:\Programme\ThinkVantage\PrdCtr\LPMGR.EXE
2960 alg.exe
2964 C:\WINDOWS\system32\DLA\DLACTRLW.EXE
3180 C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
3328 C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
3384 C:\Programme\IBM ThinkVantage\Client Security Solution\cssauth.exe
204 C:\Programme\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
240 C:\Programme\Lenovo\ZOOM\TpScrex.exe
1312 C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe
3248 C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe
1648 C:\WINDOWS\system32\rundll32.exe
2372 C:\Programme\iTunes\iTunesHelper.exe
2180 C:\Programme\Avira\AntiVir Desktop\avgnt.exe
2280 C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
3880 C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
2400 C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.EXE
2992 C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
3296 C:\Programme\iPod\bin\iPodService.exe
3304 C:\Program Files\Real\RealPlayer\Update\realsched.exe
4028 C:\Programme\StickyPad\StickyPad.exe
2320 C:\Programme\PPStream\PPSAP.exe
3712 C:\Program Files\Digital Line Detect\DLG.exe
4688 C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
5284 C:\Programme\IBM ThinkVantage\Client Security Solution\pwmgr.exe
2856 C:\Programme\TrueCrypt\TrueCrypt.exe
5372 C:\WINDOWS\system32\ctfmon.exe
6012 C:\Programme\Mozilla Firefox\firefox.exe
4348 C:\Programme\Mozilla Firefox\plugin-container.exe
2660 C:\Dokumente und Einstellungen\Andrea\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\H: --> error 1

PhysicalDrive0 Model Number: HTS541060G9SA00, Rev: MB3IC60H

Size Device Name MBR Status
--------------------------------------------
55 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 1CE6F8CB15DF8D4B01EA8B9F2394590D4F78C99A


Found non-standard or infected MBR.
Enter->Y' and hit ENTER for more options, or->N' to exit:

Done!