| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: eType VirusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
15.04.2012, 14:43
| #1 |
 |  eType Virus Hallo zusammen, da ihr mir vor 2 Jahren schon einmal hervorragend geholfen habt, wende ich mich heute (leider) wieder an euch, in der Offnung auf wieder gut support! Gestern Abend habe ich ein Instalationsprogramm ausgeführt (eType) in der Annahme, es handelt sich um ein Codec Programm. Leider etwas naiv an die Sache heran gegangen.. Nun hab ich den PC heute gestartet und es gab eine Fehlermeldung beim Starten (hab ich leider nicht mehr parat). Es dauerte sehr lange, bis der Rechner mit dem Hochfahren fertig war. Mir kam das etwas spanisch vor. Zunächst habe ich das Programm eType über Windows Software entfernt. Das dauerte ziemlich lang und am Ende waren die Sympole noch auf dem Desktop. Ich wurde stutzig und habe im Netz gelesen, dass mit diesem Programm Viren (allg. Probleme) aufgetreten sind. Einen Neustart habe ich daher erstmal verhindert und wurde gleich aktiv. Folgende Dinge habe ich bisher getan: 1. Maleware Antibytes herunter geladen und nach der empfohlenen Vorgehensweise ausgeführt (es gab Funde) 2. SuperAntiSpyware herunter geladen und nach der empfohlenen Vorgehensweise ausgeführt (es gab viele Funde, die bisher nur im Ergebnis feststehen; weitere Aktionen habe ich noch nicht durchgeführt). Ich würde mich freuen, wenn Ihr mir wieder helfen könnt. Gruß, Dittsche Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.04.15.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Peter Lustig :: PETER-6X2VGMUVQ [Administrator] 15.04.2012 09:24:45 mbam-log-2012-04-15 (11-19-22).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 288637 Laufzeit: 1 Stunde(n), 53 Minute(n), 33 Sekunde(n) Infizierte Speicherprozesse: 1 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUpdaterService\ibsvc.exe (PUP.BundleInstaller.IB) -> 772 -> Keine Aktion durchgeführt. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 2 HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUpdaterService\ibsvc.exe (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt. C:\RECYCLER\S-1-5-21-1085031214-1482476501-725345543-1003\Dc20.exe (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt. C:\RECYCLER\S-1-5-21-1085031214-1482476501-725345543-1003\Dc21.exe (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt. (Ende) SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 04/15/2012 at 03:09 PM Application Version : 5.0.1146 Core Rules Database Version : 8458 Trace Rules Database Version: 6270 Scan type : Complete Scan Total Scan Time : 02:30:32 Operating System Information Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600) Administrator Memory items scanned : 631 Memory threats detected : 0 Registry items scanned : 34713 Registry threats detected : 20 File items scanned : 98937 File threats detected : 602 PUP.bProtector HKU\S-1-5-21-1085031214-1482476501-725345543-1003\Software\Microsoft\Internet Explorer\Main#bProtector Start Page [ hxxp://search.etype.com/?smart=1 ] HKU\S-1-5-21-1085031214-1482476501-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes#bProtectorDefaultScope [ {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} ] HKLM\System\CurrentControlSet\Services\bProtector HKLM\System\CurrentControlSet\Services\bProtector#Type HKLM\System\CurrentControlSet\Services\bProtector#Start HKLM\System\CurrentControlSet\Services\bProtector#ErrorControl HKLM\System\CurrentControlSet\Services\bProtector#ImagePath HKLM\System\CurrentControlSet\Services\bProtector#DisplayName HKLM\System\CurrentControlSet\Services\bProtector#ObjectName HKLM\System\CurrentControlSet\Services\bProtector#Description HKLM\System\CurrentControlSet\Services\bProtector#FailureActions HKLM\System\CurrentControlSet\Services\bProtector\Security HKLM\System\CurrentControlSet\Services\bProtector\Security#Security HKLM\System\CurrentControlSet\Services\bProtector\Enum HKLM\System\CurrentControlSet\Services\bProtector\Enum#0 HKLM\System\CurrentControlSet\Services\bProtector\Enum#Count HKLM\System\CurrentControlSet\Services\bProtector\Enum#NextInstance HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}#DisplayName HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}#UninstallString Adware.Tracking Cookie C:\Dokumente und Einstellungen\Peter Lustig\Cookies\peter lustig@adx.chip[1].txt [ /adx.chip ] C:\Dokumente und Einstellungen\Peter Lustig\Cookies\ZZTTCVUN.txt [ /ad3.adfarm1.adition.com ] C:\Dokumente und Einstellungen\Peter Lustig\Cookies\Y8KRQDN0.txt [ /dyntracker.com ] C:\Dokumente und Einstellungen\Peter Lustig\Cookies\HFKMKVAD.txt [ /unitymedia.de ] C:\Dokumente und Einstellungen\Peter Lustig\Cookies\X3PSHJBN.txt [ /revsci.net ] C:\Dokumente und Einstellungen\Peter Lustig\Cookies\1OQI6ERQ.txt [ /ad2.adfarm1.adition.com ] C:\Dokumente und Einstellungen\Peter Lustig\Cookies\O47UG7VA.txt [ /adfarm1.adition.com ] C:\Dokumente und Einstellungen\Peter Lustig\Cookies\8X55YX91.txt [ /ad.adserver01.de ] C:\Dokumente und Einstellungen\Peter Lustig\Cookies\28KY2RFY.txt [ /server.adform.net ] C:\Dokumente und Einstellungen\Peter Lustig\Cookies\C8HDJDGX.txt [ /adform.net ] C:\Dokumente und Einstellungen\Peter Lustig\Cookies\CV6KNIDI.txt [ /adviva.net ] C:\Dokumente und Einstellungen\Peter Lustig\Cookies\Q5NCD9SE.txt [ /atdmt.com ] C:\Dokumente und Einstellungen\Peter Lustig\Cookies\2FZ916WP.txt [ /ad.ad-srv.net ] C:\Dokumente und Einstellungen\Peter Lustig\Cookies\O3AEJX76.txt [ /webmasterplan.com ] C:\Dokumente und Einstellungen\Peter Lustig\Cookies\1111PQIP.txt [ /zanox.com ] C:\Dokumente und Einstellungen\Peter Lustig\Cookies\APLOD55B.txt [ /tracking.quisma.com ] C:\Dokumente und Einstellungen\Peter Lustig\Cookies\TV92887I.txt [ /tracking.mindshare.de ] C:\Dokumente und Einstellungen\Peter Lustig\Cookies\QM870OZ4.txt [ /doubleclick.net ] C:\Dokumente und Einstellungen\Peter Lustig\Cookies\8D2327JY.txt [ /www.zanox-affiliate.de ] C:\Dokumente und Einstellungen\Peter Lustig\Cookies\8L4TBRPZ.txt [ /de.sitestat.com ] C:\Dokumente und Einstellungen\Peter Lustig\Cookies\UKZGPCAI.txt [ /invitemedia.com ] C:\Dokumente und Einstellungen\Peter Lustig\Cookies\ZN5XAIXW.txt [ /questionmarket.com ] C:\Dokumente und Einstellungen\Peter Lustig\Cookies\2N7L646Z.txt [ /collective-media.net ] C:\Dokumente und Einstellungen\Peter Lustig\Cookies\AMI4PHB9.txt [ /tracking.mlsat02.de ] C:\Dokumente und Einstellungen\Peter Lustig\Cookies\VHCHT84R.txt [ /imrworldwide.com ] C:\Dokumente und Einstellungen\Peter Lustig\Cookies\CZP4GU5Y.txt [ /serving-sys.com ] C:\Dokumente und Einstellungen\Peter Lustig\Cookies\A9211FZP.txt [ /ad1.adfarm1.adition.com ] C:\Dokumente und Einstellungen\Peter Lustig\Cookies\5I7NNJ94.txt [ /adfarm1.adition.com ] C:\Dokumente und Einstellungen\Peter Lustig\Cookies\D5Z9581T.txt [ /smartadserver.com ] C:\Dokumente und Einstellungen\Peter Lustig\Cookies\65LJ0Z10.txt [ /fastclick.net ] C:\Dokumente und Einstellungen\Peter Lustig\Cookies\W169TMR5.txt [ /ad4.adfarm1.adition.com ] C:\Dokumente und Einstellungen\Peter Lustig\Cookies\MAM2G402.txt [ /specificclick.net ] C:\Dokumente und Einstellungen\Peter Lustig\Cookies\Y12IRT5U.txt [ /eyewonder.com ] C:\Dokumente und Einstellungen\Peter Lustig\Cookies\JGAGWC8N.txt [ /mediaplex.com ] C:\Dokumente und Einstellungen\Peter Lustig\Cookies\UROSQ8ME.txt [ /tribalfusion.com ] C:\Dokumente und Einstellungen\Peter Lustig\Cookies\MANQKQMJ.txt [ /track.adform.net ] C:\Dokumente und Einstellungen\Peter Lustig\Cookies\TWIXEUXI.txt [ /ad.adc-serv.net ] C:\Dokumente und Einstellungen\Peter Lustig\Cookies\B1WHSIAR.txt [ /ad2.adfarm1.adition.com ] C:\Dokumente und Einstellungen\Peter Lustig\Cookies\24WW66ZP.txt [ /tradedoubler.com ] C:\Dokumente und Einstellungen\Peter Lustig\Cookies\7XSH560H.txt [ /bs.serving-sys.com ] C:\Dokumente und Einstellungen\Peter Lustig\Cookies\4CT1Y9GN.txt [ /c.atdmt.com ] C:\Dokumente und Einstellungen\Peter Lustig\Cookies\Y34JM19M.txt [ /apmebf.com ] C:\Dokumente und Einstellungen\Peter Lustig\Cookies\D8Y7554C.txt [ /ad.yieldmanager.com ] C:\Dokumente und Einstellungen\Peter Lustig\Cookies\USLFM48I.txt [ /traffictrack.de ] C:\Dokumente und Einstellungen\Peter Lustig\Cookies\86IS672L.txt [ /ads.creative-serving.com ] C:\Dokumente und Einstellungen\Peter Lustig\Cookies\DICJEA6J.txt [ /adtech.de ] C:\Dokumente und Einstellungen\Peter Lustig\Cookies\CBOGKLAI.txt [ /www.traffective-tracking.net ] C:\Dokumente und Einstellungen\Peter Lustig\Cookies\AM41019H.txt [ /zanox-affiliate.de ] Wäre nett, wenn mir jemand weiter helfen könnte .-) * Hoch! *  21.05 Uhr: Ich habe nun die schädlichen Datein entfernt und neu starten müssen. Wieder Fehlermeldung beim Starten, das nicht auf den Speicher zugriffen werden konnte. Der Clou: Ich bekomme nun eine Meldung, das eType fertig installiert ist.. Bitte um hilfe! |
|
15.04.2012, 20:21
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | eType Virus Führ bitte auch ESET aus, danach sehen wir weiter:
__________________ESET Online Scanner
__________________ |
|
15.04.2012, 21:09
| #3 |
| | eType Virus Hallo Arne,
__________________vielen Dank für deine Unterstützung! Ich melde mich, sobald der Suchlauf durch ist. Zieht sich leider etwas. Bis später! ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=1dcb8dec78bb494d9df07f6a14101216 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-04-15 09:25:21 # local_time=2012-04-15 11:25:21 (+0100, Westeuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1792 16777191 100 0 14101068 14101068 0 0 # compatibility_mode=8192 67108863 100 0 254 254 0 0 # scanned=93621 # found=7 # cleaned=0 # scan_time=6056 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\bProtector\bProtect.exe a variant of Win32/bProtector application (unable to clean) 00000000000000000000000000000000 I C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUpdaterService\ibsvc.exe a variant of Win32/InstallBrain application (unable to clean) 00000000000000000000000000000000 I C:\Dokumente und Einstellungen\Peter Lustig\Lokale Einstellungen\Temporary Internet Files\Content.IE5\5UTYTPOZ\SetupDataMngr_Searchqu[1].exe a variant of Win32/Toolbar.SearchSuite application (unable to clean) 00000000000000000000000000000000 I C:\RECYCLER\S-1-5-21-1085031214-1482476501-725345543-1003\Dc20.exe a variant of Win32/InstallBrain application (unable to clean) 00000000000000000000000000000000 I C:\RECYCLER\S-1-5-21-1085031214-1482476501-725345543-1003\Dc21.exe a variant of Win32/InstallBrain application (unable to clean) 00000000000000000000000000000000 I C:\WINDOWS\system32\protector.dll a variant of Win32/bProtector application (unable to clean) 00000000000000000000000000000000 I ${Memory} multiple threats 00000000000000000000000000000000 I Eingabe: 23.49 Uhr 7.10 Uhr: Beim Neustart wieder die gleichen Probleme. Fehlermedlung beim Starten, dass nicht auf den Speicher zugegriffen werden kann. Außerdem wird mitgeteilt, das eType fertig ist und "downloding extending eType".  |
|
16.04.2012, 10:54
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | eType Virus Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
16.04.2012, 16:22
| #5 |
| | eType Virus Bitteschön Code:
ATTFilter OTL logfile created on: 16.04.2012 17:03:12 - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Dokumente und Einstellungen\Peter Lustig\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 2,50 Gb Available Physical Memory | 83,48% Memory free 4,83 Gb Paging File | 4,12 Gb Available in Paging File | 85,30% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 128,00 Gb Total Space | 100,96 Gb Free Space | 78,88% Space Free | Partition Type: NTFS Drive Z: | 468,17 Gb Total Space | 362,91 Gb Free Space | 77,52% Space Free | Partition Type: NTFS Computer Name: PETER-6X2VGMUVQ | User Name: Peter Lustig | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.04.16 17:00:24 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\OTL.exe PRC - [2012.04.15 00:31:07 | 002,167,664 | ---- | M] (DSNR Media Innovations) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype\eTypeUpdate.exe PRC - [2012.04.15 00:30:39 | 002,927,984 | ---- | M] (DSNR Media Innovations) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype\eType.exe PRC - [2012.04.15 00:28:51 | 000,342,968 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUpdaterService\ibsvc.exe PRC - [2012.03.07 23:27:25 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe PRC - [2012.02.26 17:01:44 | 000,295,728 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe PRC - [2012.02.16 16:29:02 | 000,114,992 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Programme\SweetIM\Messenger\SweetIM.exe PRC - [2012.01.18 15:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2011.10.19 17:56:15 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.10.19 17:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.10.19 17:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.10.19 17:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe PRC - [2011.07.20 08:55:02 | 000,247,872 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe PRC - [2009.04.30 13:23:26 | 000,090,112 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe PRC - [2009.04.08 21:49:30 | 000,344,064 | R--- | M] (AVerMedia) -- C:\Programme\Gemeinsame Dateien\AVerMedia\Service\AVerRemote.exe PRC - [2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.07.05 16:05:04 | 000,065,536 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe PRC - [2007.07.05 16:04:18 | 000,114,688 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe PRC - [2007.07.05 16:03:32 | 000,184,320 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe PRC - [2007.07.05 15:58:40 | 000,413,696 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe PRC - [2007.07.05 15:51:48 | 000,126,976 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe PRC - [2007.07.05 12:07:42 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe PRC - [2007.04.09 20:03:00 | 000,058,416 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\NPDIRECT\tpfnf7sp.exe PRC - [2007.03.09 07:49:42 | 000,066,176 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe PRC - [2007.03.08 06:16:48 | 000,073,776 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe PRC - [2007.02.27 18:43:30 | 000,561,213 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe PRC - [2007.02.27 18:41:50 | 001,409,108 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\BTStackServer.exe PRC - [2007.02.27 18:35:04 | 000,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe PRC - [2007.01.08 14:48:58 | 000,026,152 | ---- | M] (BVRP) -- C:\Programme\NetWaiting\NetWaiting.exe PRC - [2006.09.06 09:39:10 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe PRC - [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE ========== Modules (No Company Name) ========== MOD - [2012.04.16 15:47:29 | 000,065,024 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll MOD - [2012.04.16 15:47:29 | 000,052,736 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll MOD - [2012.04.15 12:32:49 | 000,117,760 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL MOD - [2012.04.15 12:32:49 | 000,052,224 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll MOD - [2012.04.15 00:29:23 | 000,793,080 | ---- | M] () -- C:\WINDOWS\system32\protector.dll MOD - [2012.04.15 00:28:51 | 000,342,968 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUpdaterService\ibsvc.exe MOD - [2011.10.19 17:56:03 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2011.07.20 08:55:02 | 000,247,872 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe MOD - [2010.04.13 18:45:44 | 000,109,464 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype\MyZip.dll MOD - [2009.09.03 14:25:44 | 000,053,248 | R--- | M] () -- C:\Programme\Gemeinsame Dateien\AVerMedia\dll\MsgLog.dll MOD - [2009.04.30 13:23:26 | 000,090,112 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe MOD - [2009.03.02 13:02:52 | 000,026,624 | ---- | M] () -- C:\WINDOWS\system32\ssp4ml3.dll MOD - [2008.04.14 08:52:18 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2007.09.05 18:18:00 | 000,073,728 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\PWRMGRIF.DLL MOD - [2007.09.05 18:18:00 | 000,049,152 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\GR\PWRMGRRT.DLL MOD - [2007.04.09 20:03:00 | 000,235,056 | ---- | M] () -- C:\Programme\Lenovo\NPDIRECT\tpfnf7.dll MOD - [2007.02.27 18:48:38 | 002,842,624 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll MOD - [2007.02.27 18:45:10 | 000,053,248 | ---- | M] () -- C:\Programme\ThinkPad\Bluetooth Software\BTKeyInd.dll MOD - [2007.01.25 08:25:52 | 000,069,720 | ---- | M] () -- C:\Programme\Lenovo\HOTKEY\HKVOLKEY.dll MOD - [2006.12.14 04:06:42 | 000,028,672 | ---- | M] () -- C:\Programme\Lenovo\HOTKEY\tphklock.dll MOD - [2006.11.10 06:26:02 | 000,030,256 | ---- | M] () -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2012.04.15 00:28:51 | 000,342,968 | ---- | M] () [Auto | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUpdaterService\ibsvc.exe -- (IBUpdaterService) SRV - [2012.04.14 20:27:10 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2011.10.19 17:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.10.19 17:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore.exe -- (!SASCORE) SRV - [2011.07.20 08:55:02 | 000,247,872 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2009.10.09 21:11:19 | 000,389,120 | R--- | M] () [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\AVerMedia\Service\AVerScheduleService.exe -- (AVerScheduleService) SRV - [2009.04.30 13:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service) SRV - [2009.04.08 21:49:30 | 000,344,064 | R--- | M] (AVerMedia) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\AVerMedia\Service\AVerRemote.exe -- (AVerRemote) SRV - [2007.07.05 16:05:04 | 000,065,536 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc) SRV - [2007.07.05 16:03:32 | 000,184,320 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc) SRV - [2007.02.27 18:35:04 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins) SRV - [2005.08.24 03:29:52 | 000,118,272 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe -- (TUWinStylerThemeSvc) SRV - [2003.08.11 12:44:16 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12) SRV - [2003.07.28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys) DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\SSPORT.sys -- (SSPORT) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\DgiVecp.sys -- (DgiVecp) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.02.15 16:36:03 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2011.11.03 19:38:33 | 000,043,488 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K) DRV - [2011.10.19 17:56:15 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.10.19 17:56:15 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2010.06.17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.10.19 05:26:06 | 000,474,880 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVerAF35.sys -- (AVerAF35) DRV - [2008.04.14 01:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE) DRV - [2008.04.13 23:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) DRV - [2008.01.09 13:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri) DRV - [2007.11.02 15:22:38 | 000,105,896 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217unic.sys -- (s217unic) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM) DRV - [2007.11.02 15:22:38 | 000,103,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217mgmt.sys -- (s217mgmt) Sony Ericsson Device 217 USB WMC Device Management Drivers (WDM) DRV - [2007.11.02 15:22:38 | 000,100,008 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217obex.sys -- (s217obex) DRV - [2007.11.02 15:22:38 | 000,024,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217nd5.sys -- (s217nd5) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS) DRV - [2007.11.02 15:22:36 | 000,109,992 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217mdm.sys -- (s217mdm) DRV - [2007.11.02 15:22:36 | 000,083,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217bus.sys -- (s217bus) Sony Ericsson Device 217 driver (WDM) DRV - [2007.11.02 15:22:36 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217mdfl.sys -- (s217mdfl) DRV - [2007.09.28 17:29:00 | 000,103,472 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsX86.sys -- (Shockprf) DRV - [2007.09.28 17:28:00 | 000,019,504 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsHM86.sys -- (TPDIGIMN) DRV - [2007.09.05 18:18:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF) DRV - [2007.05.02 04:34:32 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2007.04.29 23:37:20 | 002,206,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R) DRV - [2007.04.09 20:03:00 | 000,012,848 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP) DRV - [2007.04.02 12:24:08 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK) DRV - [2007.02.27 11:02:00 | 000,868,042 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2007.01.24 11:33:00 | 000,530,861 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio) DRV - [2007.01.24 11:27:00 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2006.12.22 04:56:00 | 000,988,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV) DRV - [2006.12.22 04:56:00 | 000,209,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL) DRV - [2006.12.22 04:55:00 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2006.10.15 08:01:00 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS) DRV - [2006.10.09 16:00:00 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver) DRV - [2005.11.08 10:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/em/ IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.) IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19} IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = hxxp://search.etype.com/?smart=1&query={searchTerms} IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?ch_id=em&q={searchTerms} IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/em/" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.03.19 15:40:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\specialsavings@superfish.com: C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles/u6r1xior.default\extensions\specialsavings@superfish.com [2012.04.15 00:29:53 | 000,000,000 | ---D | M] [2012.03.13 10:24:56 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Extensions [2012.04.04 13:41:14 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\igmbdxj9.default\extensions [2012.03.29 20:55:21 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\igmbdxj9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.02.05 20:48:30 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\igmbdxj9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.04.15 09:11:30 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\u6r1xior.default\extensions [2012.03.29 21:00:30 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\u6r1xior.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.02.15 22:07:53 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\u6r1xior.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2012.02.05 20:48:30 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\u6r1xior.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.03.29 20:55:47 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\u6r1xior.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.04.15 00:29:53 | 000,000,000 | ---D | M] (SpecialSavings) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\u6r1xior.default\extensions\specialsavings@superfish.com [2011.07.14 20:19:12 | 000,001,024 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\igmbdxj9.default\searchplugins\icqplugin.xml [2012.03.19 15:40:24 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.11.04 23:52:21 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.03.19 15:40:16 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2011.09.29 03:24:37 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.29 03:16:42 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2011.09.29 03:24:37 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2011.09.29 03:24:37 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.11 18:03:55 | 000,002,519 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\Search_Results.xml [2011.09.29 03:24:37 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2011.09.29 03:24:37 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.12.31 17:33:07 | 000,000,867 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (eType Toolbar) - {d0230100-3044-43b1-a44e-70dc12fd418c} - C:\Programme\etype\file2linktemplateX.dll File not found O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (eType Toolbar) - {d0230100-3044-43b1-a44e-70dc12fd418c} - C:\Programme\etype\file2linktemplateX.dll File not found O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo ) O4 - HKLM..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo ) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BLOG] C:\Programme\ThinkPad\Utilities\BATLOGEX.DLL () O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TPFNF7] C:\Programme\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited) O4 - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) O4 - HKU\S-1-5-21-1085031214-1482476501-725345543-1003..\Run: [eType] C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype\eType.exe (DSNR Media Innovations) O4 - HKU\S-1-5-21-1085031214-1482476501-725345543-1003..\Run: [ModemOnHold] C:\Programme\NetWaiting\NetWaiting.exe (BVRP) O4 - HKU\S-1-5-21-1085031214-1482476501-725345543-1003..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Bild in &Microsoft PhotoDraw öffnen - C:\Programme\Microsoft Office\Office\1031\PHDINTL.DLL (Microsoft Corporation) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Web-Suche - C:\Programme\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html () O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63CFF96B-91AA-49FC-AC3D-AB1C6A79D748}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BBB0439-F819-4F19-BEF8-D2F9EA109FD9}: DhcpNameServer = 192.168.3.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (protector.dll) - C:\WINDOWS\System32\protector.dll () O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Programme\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O20 - Winlogon\Notify\ACNotify: DllName - (ACNotify.dll) - C:\Programme\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo ) O20 - Winlogon\Notify\tpfnf2: DllName - (C:\Programme\Lenovo\HOTKEY\notifyf2.dll) - C:\Programme\Lenovo\HOTKEY\notifyf2.dll () O20 - Winlogon\Notify\tphotkey: DllName - (C:\Programme\Lenovo\HOTKEY\tphklock.dll) - C:\Programme\Lenovo\HOTKEY\tphklock.dll () O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.11.03 17:20:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AVer HID Receiver.lnk - C:\Programme\Gemeinsame Dateien\AVerMedia\AVerQuick\AVerHIDReceiver.exe - () MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AVerQuick.lnk - C:\Programme\Gemeinsame Dateien\AVerMedia\AVerQuick\AVerQuick.exe - (AVerMedia TECHNOLOGIES, Inc.) MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Digital Imaging Monitor.lnk - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.) MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^McAfee Security Scan Plus.lnk - - File not found MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Programme\HP\HP Software Update\HPWuSchd.exe (Hewlett-Packard) MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.) MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation) MsConfig - StartUpReg: Samsung PanelMgr - hkey= - key= - C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe () MsConfig - StartUpReg: Skype - hkey= - key= - C:\Programme\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 SafeBootMin: !SASCORE - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com) SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: !SASCORE - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com) SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: UploadMgr - Service SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.ACM (fccHandler) Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm () Drivers32: msacm.at3 - C:\WINDOWS\System32\atrac3.acm () Drivers32: msacm.divxa32 - C:\WINDOWS\System32\DivXa32.acm (Packed With Joy !) Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codec - C:\WINDOWS\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lameacm - C:\WINDOWS\System32\LameACM.acm (hxxp://www.mp3dev.org/) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.3ivx - C:\WINDOWS\System32\3ivxVfWCodec.dll (3ivx.com) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIV3 - C:\WINDOWS\System32\DivXc32.dll (Packed with Joy !) Drivers32: vidc.DIV4 - C:\WINDOWS\System32\DivXc32f.dll (Packed with Joy !) Drivers32: vidc.divx - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.) Drivers32: vidc.dx50 - C:\WINDOWS\System32\divx50.dll (DivXNetworks, Inc.) Drivers32: vidc.ffds - C:\WINDOWS\System32\ffdshow.ax () Drivers32: vidc.hfyu - C:\WINDOWS\System32\huffyuv.dll (Disappearing Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: vidc.LEAD - LCODCCMP.DLL File not found Drivers32: vidc.vp60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com) Drivers32: vidc.vp61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com) Drivers32: vidc.vp62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com) Drivers32: vidc.wmv3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation) Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll () CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.04.16 17:00:12 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\OTL.exe [2012.04.15 21:40:11 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2012.04.15 21:38:50 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\esetsmartinstaller_enu.exe [2012.04.15 18:39:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\bilder_Lobeda_0412 [2012.04.15 12:32:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\SUPERAntiSpyware.com [2012.04.15 12:31:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com [2012.04.15 12:31:22 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware [2012.04.15 09:23:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Malwarebytes [2012.04.15 09:23:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.04.15 09:23:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.04.15 09:23:32 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.04.15 09:23:32 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.04.15 00:30:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Peter Lustig\Startmenü\Programme\eType [2012.04.15 00:29:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype [2012.04.15 00:29:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\bProtector [2012.04.15 00:29:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUpdaterService [2012.04.04 13:47:05 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoft [2012.04.02 13:54:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\SunODFPluginforMicrosoftOffice [2012.04.02 13:41:15 | 000,000,000 | ---D | C] -- C:\Programme\Sun [2012.03.20 19:47:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Peter Lustig\Lokale Einstellungen\Anwendungsdaten\Identities [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.04.16 17:00:24 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\OTL.exe [2012.04.16 16:27:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.04.16 15:45:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.04.16 14:37:36 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job [2012.04.15 21:38:51 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\esetsmartinstaller_enu.exe [2012.04.15 21:16:33 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk [2012.04.15 12:31:28 | 000,001,642 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.04.15 09:23:36 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.04.15 00:29:23 | 000,793,080 | ---- | M] () -- C:\WINDOWS\System32\protector.dll [2012.04.13 18:01:51 | 000,032,768 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter Lustig\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.04.13 17:15:08 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job [2012.04.11 16:09:40 | 000,562,026 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.04.11 16:09:40 | 000,534,446 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.04.11 16:09:40 | 000,114,052 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.04.11 16:09:40 | 000,095,006 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.04.11 15:59:58 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.04.04 13:47:25 | 000,001,023 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\Free YouTube to MP3 Converter.lnk [2012.04.04 13:47:25 | 000,000,906 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\DVDVideoSoft Free Studio.lnk [2012.04.01 14:58:14 | 053,364,412 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\Die stählerne Zeit - Das Reich des Stahlbarons 2_3.mp4 [2012.04.01 14:57:14 | 042,508,024 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\Die stählerne Zeit - Das Reich des Stahlbarons 3_3.mp4 [2012.04.01 14:56:46 | 054,958,069 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\Die stählerne Zeit - Das Reich des Stahlbarons 1_3.mp4 [2012.03.30 22:46:16 | 000,000,064 | ---- | M] () -- C:\WINDOWS\AVerText.ini [2012.03.28 17:28:08 | 000,002,451 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\Microsoft Office Picture Manager.lnk [2012.03.26 14:21:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.04.15 12:31:28 | 000,001,642 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.04.15 09:23:36 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.04.15 00:29:23 | 000,793,080 | ---- | C] () -- C:\WINDOWS\System32\protector.dll [2012.04.02 13:52:19 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.04.01 14:57:05 | 053,364,412 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\Die stählerne Zeit - Das Reich des Stahlbarons 2_3.mp4 [2012.04.01 14:56:08 | 042,508,024 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\Die stählerne Zeit - Das Reich des Stahlbarons 3_3.mp4 [2012.04.01 14:55:30 | 054,958,069 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\Die stählerne Zeit - Das Reich des Stahlbarons 1_3.mp4 [2012.02.15 07:16:34 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.11.21 18:30:38 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011.11.13 14:55:03 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI [2011.11.04 13:07:59 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4860.dll [2011.11.04 13:07:58 | 000,910,464 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll [2011.11.04 13:04:36 | 000,016,384 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE [2011.11.04 13:04:35 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS [2011.11.04 13:00:33 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys [2011.11.04 12:57:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll [2011.11.03 20:01:21 | 000,000,064 | ---- | C] () -- C:\WINDOWS\AVerText.ini [2011.11.03 19:53:39 | 000,000,145 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter Lustig\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2011.11.03 19:27:15 | 000,034,480 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat [2011.11.03 19:27:15 | 000,028,721 | ---- | C] () -- C:\WINDOWS\hpoins03.dat [2011.11.03 19:04:35 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2011.11.03 19:03:15 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\AVerIO.dll [2011.11.03 19:03:15 | 000,003,456 | R--- | C] () -- C:\WINDOWS\System32\AVerIO.sys [2011.11.03 19:03:00 | 000,598,016 | R--- | C] () -- C:\WINDOWS\System32\sptlib21.dll [2011.11.03 19:03:00 | 000,307,200 | R--- | C] () -- C:\WINDOWS\System32\sptlib01.dll [2011.11.03 19:03:00 | 000,294,912 | R--- | C] () -- C:\WINDOWS\System32\sptlib11.dll [2011.11.03 19:03:00 | 000,290,816 | R--- | C] () -- C:\WINDOWS\System32\sptlib22.dll [2011.11.03 19:03:00 | 000,249,856 | R--- | C] () -- C:\WINDOWS\System32\sptlib03.dll [2011.11.03 19:03:00 | 000,225,280 | R--- | C] () -- C:\WINDOWS\System32\sptlib02.dll [2011.11.03 19:03:00 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\sptlib12.dll [2011.11.03 18:59:24 | 000,482,408 | ---- | C] () -- C:\WINDOWS\ssndii.exe [2011.11.03 18:58:44 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ssp4ml3.dll [2011.11.03 18:06:29 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2011.11.03 17:54:00 | 000,032,768 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter Lustig\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.11.03 17:22:14 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2011.11.03 17:17:05 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2011.11.03 17:10:01 | 000,004,335 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2011.11.03 17:08:52 | 000,273,376 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT ========== LOP Check ========== [2011.11.10 15:54:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avanquest [2012.02.28 16:41:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVerTV [2012.03.12 08:47:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\boost_interprocess [2012.04.15 09:27:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\bProtector [2011.11.10 00:51:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software [2012.04.15 00:32:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUpdaterService [2012.03.29 20:55:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ [2011.11.15 23:07:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MSScanAppDataDir [2011.11.19 16:14:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Drivers HeadQuarters [2012.03.29 20:55:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM [2011.11.05 15:32:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2012.04.04 13:47:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\DVDVideoSoft [2012.02.05 20:48:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\DVDVideoSoftIEHelpers [2012.04.16 15:46:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype [2012.04.15 17:56:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\ICQ [2011.11.05 15:36:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\TuneUp Software [2012.04.13 17:15:08 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job [2012.04.16 14:37:36 | 000,000,314 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.11.05 15:34:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Adobe [2011.11.04 21:17:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Avira [2012.02.09 15:54:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\dvdcss [2012.04.04 13:47:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\DVDVideoSoft [2012.02.05 20:48:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\DVDVideoSoftIEHelpers [2012.04.16 15:46:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype [2012.04.15 17:56:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\ICQ [2011.11.03 17:24:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Identities [2011.11.04 13:02:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\InstallShield [2011.11.04 18:01:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Macromedia [2012.04.15 09:23:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Malwarebytes [2011.11.05 00:22:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Media Player Classic [2012.03.20 19:47:02 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Microsoft [2011.11.03 20:54:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Microsoft Web Folders [2011.11.04 21:23:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla [2012.04.15 23:23:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Skype [2011.11.19 17:03:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Sun [2012.04.02 13:54:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\SunODFPluginforMicrosoftOffice [2012.04.15 12:32:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\SUPERAntiSpyware.com [2011.11.05 15:36:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\TuneUp Software [2011.11.10 22:27:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\vlc [2011.11.05 15:31:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\WinRAR < %APPDATA%\*.exe /s > [2012.04.15 00:30:39 | 002,927,984 | ---- | M] (DSNR Media Innovations) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype\eType.exe [2012.04.15 00:31:07 | 002,167,664 | ---- | M] (DSNR Media Innovations) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype\eTypeUpdate.exe [2011.11.04 13:06:59 | 000,010,134 | R--- | M] () -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Microsoft\Installer\{BBD6BA59-4593-43CC-BBC8-8E53D354AEA4}\ARPPRODUCTICON.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2004.08.04 02:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2004.08.04 02:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys [2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [2004.08.04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys < MD5 for: ATAPI.SYS > [2004.08.04 02:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2004.08.04 02:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys [2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys [2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\atapi.sys [2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 08:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 08:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2004.08.04 01:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: IASTOR.SYS > [2007.02.12 06:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\DRIVERS\other\iastor.sys [2007.02.12 06:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\SWTOOLS\DRIVERS\IMSM\iastor.sys [2007.02.12 06:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINDOWS\system32\drivers\iaStor.sys < MD5 for: NETLOGON.DLL > [2008.04.14 08:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 08:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2004.08.04 01:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 08:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 08:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2004.08.04 01:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2004.08.04 01:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2008.04.14 08:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 08:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 08:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 08:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004.08.04 01:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2004.08.04 01:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 08:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 08:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2001.08.18 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2001.08.18 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2011.11.03 18:07:54 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2011.11.03 18:07:54 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2011.11.03 18:07:54 | 000,421,888 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < > < End of report > Code:
ATTFilter OTL Extras logfile created on: 16.04.2012 17:03:12 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Dokumente und Einstellungen\Peter Lustig\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 2,50 Gb Available Physical Memory | 83,48% Memory free
4,83 Gb Paging File | 4,12 Gb Available in Paging File | 85,30% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 128,00 Gb Total Space | 100,96 Gb Free Space | 78,88% Space Free | Partition Type: NTFS
Drive Z: | 468,17 Gb Total Space | 362,91 Gb Free Space | 77,52% Space Free | Partition Type: NTFS
Computer Name: PETER-6X2VGMUVQ | User Name: Peter Lustig | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_USERS\S-1-5-21-1085031214-1482476501-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\ICQ7.6\ICQ.exe" = C:\Programme\ICQ7.6\ICQ.exe:*:Enabled:ICQ7.6 -- (ICQ, LLC.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\ICQ7.6\ICQ.exe" = C:\Programme\ICQ7.6\ICQ.exe:*:Enabled:ICQ7.6 -- (ICQ, LLC.)
"C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe" = C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe:*:Enabled:SweetPacksUpdateManager -- (SweetIM Technologies Ltd.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{092eeeee-9fdd-4895-a568-0818c96beb6c}" = AiO_Scan
"{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}" = SweetIM for Messenger 3.6
"{0e4a0db5-801d-489e-85c0-6c3f96335d20}" = 1300Trb
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad-Dienstprogramm 'EasyEject'
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
"{2F1FD032-67D1-4569-923F-47EAF132BF0F}" = DocProc
"{2F603A45-D956-496B-81B5-50D782424976}" = SweetPacks Toolbar for Internet Explorer 4.4
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.012.00
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C5EA394-1031-11D2-A2CB-00C04F72F31D}" = Microsoft PhotoDraw 2000 V2
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FB6F304-A91D-4919-98E5-D96E074EA9E5}" = SkinsHP1
"{54e854d5-d5d4-452d-9c75-b39f5625b5fb}" = Readme
"{5ADF6293-D60F-4425-AFA7-CEB820DB872B}" = QuickProjects
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Präsentationsdirektor
"{6dc18d50-8cc3-4dea-a666-ea6f01907663}" = 1300
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{829698DE-9EAC-475E-9A05-B7BA807CA1EF}" = Director
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{868D7896-99D4-4513-BC62-2B3AD3E24926}" = TuneUp Utilities 2006
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{939227BD-19D8-4684-8A04-31AC9F6A564C}" = Scan
"{9F4EEA0C-7174-4BD3-89AF-7AB2F9F6AEDD}" = hpmdtab
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Energie-Manager
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A363B66C-1547-47bf-90F0-3834E70A841A}" = CreativeProjects
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{b17cf867-a4e5-41ba-a646-50f237810eca}" = 1300_Help
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{bb6cac2a-1fa0-471a-bc3c-ade699c39f3c}" = Fax
"{BBD6BA59-4593-43CC-BBC8-8E53D354AEA4}" = Atmel TPM Driver Installer 3.0.3.15
"{BD136CE7-6666-4273-A056-8D92F8625AAB}" = Sun ODF Plugin for Microsoft Office 3.2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{c330461f-c4a9-4fc7-af5d-c158e0b56aa7}" = AiOSoftware
"{C38BC5B7-62D3-4880-82DD-A4803FD81921}" = PhotoGallery
"{c46485b1-6527-4937-9dc0-29bb5d5613fe}" = 1300Tour
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC0A24CB-87C9-4F1C-A1F2-F87D8D4DDCAF}" = HP Software Update
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE4F8FFB-4063-4247-9F14-ECE61AFEFA25}" = TrayApp
"{CFD1B282-555D-494d-8231-4175C2AF08C2}" = PrintScreen
"{D1D8C9C4-89BE-4f37-9EC4-B80E3C239C41}" = Copy
"{D545BB81-DEB0-49f7-BE26-197BC31AAF57}" = SkinsHP2
"{D728E945-256D-4477-B377-6BBA693714AC}" = Ergänzung zu Productivity Center für ThinkPad
"{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"{E4ABB302-9D82-4D18-83D5-AD1DFE786AA8}" = Unload
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{ec7d7a6a-31cb-4810-826f-74171bef44f1}" = AIOMinimal
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}" = HP PSC & OfficeJet 3.0
"{FB697452-8CA4-46B4-98B1-165C922A2EF3}" = Update Manager for SweetPacks 1.0
"{FBBF532A-47AC-457d-AC06-0D3163D8911E}" = WebReg
"09DE32C4F7BD75AFC4FD14FE55D82891A5C397E0" = Windows Driver Package - Intel net (04/30/2007 11.1.1.11)
"6455D19F3BFC2585EA48D0648505F8DA7DAC3629" = Windows Driver Package - Intel (NETw4x32) net (04/30/2007 11.1.1.11)
"737C4F107F61FFE46CE45CCA503223FBA5BD00FC" = Windows Driver Package - Intel net (04/30/2007 11.1.1.11)
"A52334752DB8BF051DEADD0BADDDA32C2255FDC0" = Windows Driver Package - Intel (w29n51) net (04/04/2007 9.0.4.36)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"audcle" = Plus! MP3 Audio Converter LE
"AVerMedia A835 USB TV Tuner" = AVerMedia A835 USB TV Tuner 8.0.0.43
"Avira AntiVir Desktop" = Avira Free Antivirus
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
"Cole2k Media - Codec Pack" = Cole2k Media - Codec Pack (Advanced)
"drmtool.inf" = Personal License Update Wizard for Windows Media Player
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"ESET Online Scanner" = ESET Online Scanner v3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.17.319
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Photo & Imaging" = HP Photo & Imaging 3.1
"ICQToolbar" = ICQ Toolbar
"ie8" = Windows Internet Explorer 8
"InstallShield_{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"mmmusic" = Movie Maker Background Music Files
"mmsounds" = Movie Maker Sound Effects
"mmtitle" = Movie Maker Title Images
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"mplibwiz.inf" = Media Library Management Wizard
"mpxlswiz.inf" = Windows Media Player Playlist Import to Excel Wizard
"mpxptray.inf" = Windows Media Player Tray Control
"OnScreenDisplay" = Anzeige am Bildschirm
"Power Management Driver" = ThinkPad Power Management Driver
"Samsung ML-191x 252x Series" = Wartung Samsung ML-191x 252x Series
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"Updater Service" = Updater Service
"VLC media player" = VLC media player 1.1.11
"wa2wmp" = Windows Media Player Skin Importer
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"WMBK2" = Windows Media Bonus Pack for Windows XP
"XP Codec Pack" = XP Codec Pack
"xp-AntiSpy" = xp-AntiSpy 3.97-11
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1085031214-1482476501-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ActiveSlide Player" = ActiveSlide Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 06.12.2011 13:50:46 | Computer Name = PETER-6X2VGMUVQ | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung wiaacmgr.exe, Version 5.1.2600.5512, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 06.12.2011 16:34:47 | Computer Name = PETER-6X2VGMUVQ | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung _isd6.exe, Version 12.0.0.58849, fehlgeschlagenes
Modul _isd6.exe, Version 12.0.0.58849, Fehleradresse 0x0001e7b9.
Error - 06.12.2011 16:38:22 | Computer Name = PETER-6X2VGMUVQ | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung _isd6.exe, Version 12.0.0.58849, fehlgeschlagenes
Modul _isd6.exe, Version 12.0.0.58849, Fehleradresse 0x0001e7b9.
Error - 07.12.2011 14:27:23 | Computer Name = PETER-6X2VGMUVQ | Source = Microsoft Office 11 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Word.
Error - 07.12.2011 14:29:31 | Computer Name = PETER-6X2VGMUVQ | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung WINWORD.EXE, Version 11.0.5604.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 12.12.2011 09:14:43 | Computer Name = PETER-6X2VGMUVQ | Source = Avira Antivirus | ID = 4118
Description = AUSNAHMEFEHLER beim Aufruf der Funktion AVEPROC_InitEngine() für die
Datei unknown. [ACCESS_VIOLATION Exception!! EIP = 0xd461bc] Bitte Avira informieren
und die obige Datei übersenden!
Error - 11.01.2012 09:38:40 | Computer Name = PETER-6X2VGMUVQ | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown
Error - 14.01.2012 15:52:39 | Computer Name = PETER-6X2VGMUVQ | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung vlc.exe, Version 1.1.11.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 30.01.2012 09:42:09 | Computer Name = PETER-6X2VGMUVQ | Source = Avira Antivirus | ID = 4118
Description = AUSNAHMEFEHLER beim Aufruf der Funktion AVEPROC_InitEngine() für die
Datei unknown. [ACCESS_VIOLATION Exception!! EIP = 0xd461bc] Bitte Avira informieren
und die obige Datei übersenden!
Error - 09.02.2012 09:02:19 | Computer Name = PETER-6X2VGMUVQ | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung rundll32.exe, Version 5.1.2600.5512, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
[ System Events ]
Error - 16.04.2012 01:05:39 | Computer Name = PETER-6X2VGMUVQ | Source = Service Control Manager | ID = 7022
Description = Der Dienst "AVerScheduleService" wurde nicht ordnungsgemäß gestartet.
Error - 16.04.2012 01:05:39 | Computer Name = PETER-6X2VGMUVQ | Source = Service Control Manager | ID = 7034
Description = Dienst "AVerScheduleService" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 16.04.2012 07:08:36 | Computer Name = PETER-6X2VGMUVQ | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 16.04.2012 07:08:36 | Computer Name = PETER-6X2VGMUVQ | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 16.04.2012 07:10:11 | Computer Name = PETER-6X2VGMUVQ | Source = Service Control Manager | ID = 7022
Description = Der Dienst "AVerScheduleService" wurde nicht ordnungsgemäß gestartet.
Error - 16.04.2012 07:10:12 | Computer Name = PETER-6X2VGMUVQ | Source = Service Control Manager | ID = 7034
Description = Dienst "AVerScheduleService" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 16.04.2012 09:45:34 | Computer Name = PETER-6X2VGMUVQ | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 16.04.2012 09:45:34 | Computer Name = PETER-6X2VGMUVQ | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 16.04.2012 09:47:07 | Computer Name = PETER-6X2VGMUVQ | Source = Service Control Manager | ID = 7022
Description = Der Dienst "AVerScheduleService" wurde nicht ordnungsgemäß gestartet.
Error - 16.04.2012 09:47:08 | Computer Name = PETER-6X2VGMUVQ | Source = Service Control Manager | ID = 7034
Description = Dienst "AVerScheduleService" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
< End of report >
|
|
16.04.2012, 19:28
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | eType VirusZitat:
Deinstalliere über Systemsteuerung unter Software bzw. Programme und Funktionen alles wo Toolbar zu sehen ist. Bei zukünftigen Programminstallation immer die benutzerdefinierte Methode anklicken, damit man bei der Installation mögliche Toolbars abwählen kann. Deinstalliere bei der Gelegenheit auch alle anderen unnötigen Programme über die Systemsteuerung. Mach danach bitte wieder ein neues OTL-Log
__________________ --> eType Virus |
|
16.04.2012, 19:52
| #7 |
| | eType Virus Vielen Dank! OTL läuft nun unter deinem obigen Vorgehen. Ich sende dann alles, sobald es durch ist. Was mich jedoch noch sehr wundert ist, das eType sich bei jedem Start wieder meldet, obwohl es eigentlich deinstalliert wurde? Evtl. hast du da eine Idee? Bis später! 21.15 Uhr: Ich hoffe ich habe alles gelöscht! Anbei der neue Suchlauf: Code:
ATTFilter OTL logfile created on: 16.04.2012 20:49:47 - Run 2 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Dokumente und Einstellungen\Peter Lustig\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 65,86% Memory free 4,83 Gb Paging File | 3,65 Gb Available in Paging File | 75,47% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 128,00 Gb Total Space | 100,88 Gb Free Space | 78,82% Space Free | Partition Type: NTFS Drive Z: | 468,17 Gb Total Space | 362,91 Gb Free Space | 77,52% Space Free | Partition Type: NTFS Computer Name: PETER-6X2VGMUVQ | User Name: Peter Lustig | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.04.16 17:00:24 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\OTL.exe PRC - [2012.04.15 00:31:07 | 002,167,664 | ---- | M] (DSNR Media Innovations) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype\eTypeUpdate.exe PRC - [2012.04.15 00:30:39 | 002,927,984 | ---- | M] (DSNR Media Innovations) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype\eType.exe PRC - [2012.04.15 00:28:51 | 000,342,968 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUpdaterService\ibsvc.exe PRC - [2012.03.19 15:40:16 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2012.03.07 23:27:25 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe PRC - [2012.02.26 17:01:44 | 000,295,728 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe PRC - [2012.02.16 16:29:02 | 000,114,992 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Programme\SweetIM\Messenger\SweetIM.exe PRC - [2012.01.18 15:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2011.10.19 17:56:15 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.10.19 17:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.10.19 17:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.10.19 17:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe PRC - [2009.10.09 21:11:19 | 000,389,120 | R--- | M] () -- C:\Programme\Gemeinsame Dateien\AVerMedia\Service\AVerScheduleService.exe PRC - [2009.04.30 13:23:26 | 000,090,112 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe PRC - [2009.04.08 21:49:30 | 000,344,064 | R--- | M] (AVerMedia) -- C:\Programme\Gemeinsame Dateien\AVerMedia\Service\AVerRemote.exe PRC - [2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.07.05 16:05:04 | 000,065,536 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe PRC - [2007.07.05 16:04:18 | 000,114,688 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe PRC - [2007.07.05 16:03:32 | 000,184,320 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe PRC - [2007.07.05 15:58:40 | 000,413,696 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe PRC - [2007.07.05 15:51:48 | 000,126,976 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe PRC - [2007.07.05 12:07:42 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe PRC - [2007.04.09 20:03:00 | 000,058,416 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\NPDIRECT\tpfnf7sp.exe PRC - [2007.03.09 07:49:42 | 000,066,176 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe PRC - [2007.03.08 06:16:48 | 000,073,776 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe PRC - [2007.02.27 18:43:30 | 000,561,213 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe PRC - [2007.02.27 18:41:50 | 001,409,108 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\BTStackServer.exe PRC - [2007.02.27 18:35:04 | 000,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe PRC - [2007.01.08 14:48:58 | 000,026,152 | ---- | M] (BVRP) -- C:\Programme\NetWaiting\NetWaiting.exe PRC - [2006.09.06 09:39:10 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe PRC - [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE ========== Modules (No Company Name) ========== MOD - [2012.04.16 15:47:29 | 000,065,024 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll MOD - [2012.04.16 15:47:29 | 000,052,736 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll MOD - [2012.04.15 12:32:49 | 000,117,760 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL MOD - [2012.04.15 12:32:49 | 000,052,224 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll MOD - [2012.04.15 00:29:23 | 000,793,080 | ---- | M] () -- C:\WINDOWS\system32\protector.dll MOD - [2012.04.15 00:28:51 | 000,342,968 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUpdaterService\ibsvc.exe MOD - [2012.04.14 20:27:09 | 008,797,344 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll MOD - [2012.03.19 15:40:15 | 001,969,080 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2012.02.14 21:57:36 | 000,085,288 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\u6r1xior.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCoreGecko11.dll MOD - [2011.10.19 17:56:03 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2010.04.13 18:45:44 | 000,109,464 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype\MyZip.dll MOD - [2009.10.09 21:11:19 | 000,389,120 | R--- | M] () -- C:\Programme\Gemeinsame Dateien\AVerMedia\Service\AVerScheduleService.exe MOD - [2009.09.03 14:25:44 | 000,053,248 | R--- | M] () -- C:\Programme\Gemeinsame Dateien\AVerMedia\dll\MsgLog.dll MOD - [2009.04.30 13:23:26 | 000,090,112 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe MOD - [2009.03.02 13:02:52 | 000,026,624 | ---- | M] () -- C:\WINDOWS\system32\ssp4ml3.dll MOD - [2008.04.14 08:52:18 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2007.09.05 18:18:00 | 000,073,728 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\PWRMGRIF.DLL MOD - [2007.09.05 18:18:00 | 000,049,152 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\GR\PWRMGRRT.DLL MOD - [2007.04.09 20:03:00 | 000,235,056 | ---- | M] () -- C:\Programme\Lenovo\NPDIRECT\tpfnf7.dll MOD - [2007.02.27 18:48:38 | 002,842,624 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll MOD - [2007.02.27 18:45:10 | 000,053,248 | ---- | M] () -- C:\Programme\ThinkPad\Bluetooth Software\BTKeyInd.dll MOD - [2007.01.25 08:25:52 | 000,069,720 | ---- | M] () -- C:\Programme\Lenovo\HOTKEY\HKVOLKEY.dll MOD - [2006.12.14 04:06:42 | 000,028,672 | ---- | M] () -- C:\Programme\Lenovo\HOTKEY\tphklock.dll MOD - [2006.11.10 06:26:02 | 000,030,256 | ---- | M] () -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2012.04.15 00:28:51 | 000,342,968 | ---- | M] () [Auto | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUpdaterService\ibsvc.exe -- (IBUpdaterService) SRV - [2012.04.14 20:27:10 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2011.10.19 17:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.10.19 17:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore.exe -- (!SASCORE) SRV - [2009.10.09 21:11:19 | 000,389,120 | R--- | M] () [Auto | Running] -- C:\Programme\Gemeinsame Dateien\AVerMedia\Service\AVerScheduleService.exe -- (AVerScheduleService) SRV - [2009.04.30 13:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service) SRV - [2009.04.08 21:49:30 | 000,344,064 | R--- | M] (AVerMedia) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\AVerMedia\Service\AVerRemote.exe -- (AVerRemote) SRV - [2007.07.05 16:05:04 | 000,065,536 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc) SRV - [2007.07.05 16:03:32 | 000,184,320 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc) SRV - [2007.02.27 18:35:04 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins) SRV - [2005.08.24 03:29:52 | 000,118,272 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe -- (TUWinStylerThemeSvc) SRV - [2003.08.11 12:44:16 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12) SRV - [2003.07.28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys) DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\SSPORT.sys -- (SSPORT) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\DgiVecp.sys -- (DgiVecp) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.02.15 16:36:03 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2011.11.03 19:38:33 | 000,043,488 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K) DRV - [2011.10.19 17:56:15 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.10.19 17:56:15 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2010.06.17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.10.19 05:26:06 | 000,474,880 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVerAF35.sys -- (AVerAF35) DRV - [2008.04.14 01:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE) DRV - [2008.04.13 23:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) DRV - [2008.01.09 13:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri) DRV - [2007.11.02 15:22:38 | 000,105,896 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217unic.sys -- (s217unic) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM) DRV - [2007.11.02 15:22:38 | 000,103,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217mgmt.sys -- (s217mgmt) Sony Ericsson Device 217 USB WMC Device Management Drivers (WDM) DRV - [2007.11.02 15:22:38 | 000,100,008 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217obex.sys -- (s217obex) DRV - [2007.11.02 15:22:38 | 000,024,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217nd5.sys -- (s217nd5) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS) DRV - [2007.11.02 15:22:36 | 000,109,992 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217mdm.sys -- (s217mdm) DRV - [2007.11.02 15:22:36 | 000,083,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217bus.sys -- (s217bus) Sony Ericsson Device 217 driver (WDM) DRV - [2007.11.02 15:22:36 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217mdfl.sys -- (s217mdfl) DRV - [2007.09.28 17:29:00 | 000,103,472 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsX86.sys -- (Shockprf) DRV - [2007.09.28 17:28:00 | 000,019,504 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsHM86.sys -- (TPDIGIMN) DRV - [2007.09.05 18:18:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF) DRV - [2007.05.02 04:34:32 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2007.04.29 23:37:20 | 002,206,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R) DRV - [2007.04.09 20:03:00 | 000,012,848 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP) DRV - [2007.04.02 12:24:08 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK) DRV - [2007.02.27 11:02:00 | 000,868,042 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2007.01.24 11:33:00 | 000,530,861 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio) DRV - [2007.01.24 11:27:00 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2006.12.22 04:56:00 | 000,988,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV) DRV - [2006.12.22 04:56:00 | 000,209,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL) DRV - [2006.12.22 04:55:00 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2006.10.15 08:01:00 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS) DRV - [2006.10.09 16:00:00 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver) DRV - [2005.11.08 10:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/em/ IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\SearchScopes,bProtectorDefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = hxxp://search.etype.com/?smart=1&query={searchTerms} IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?ch_id=em&q={searchTerms} IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/em/" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.03.19 15:40:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\specialsavings@superfish.com: C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles/u6r1xior.default\extensions\specialsavings@superfish.com [2012.04.15 00:29:53 | 000,000,000 | ---D | M] [2012.03.13 10:24:56 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Extensions [2012.04.04 13:41:14 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\igmbdxj9.default\extensions [2012.03.29 20:55:21 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\igmbdxj9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.02.05 20:48:30 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\igmbdxj9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.04.15 09:11:30 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\u6r1xior.default\extensions [2012.03.29 21:00:30 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\u6r1xior.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.02.15 22:07:53 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\u6r1xior.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2012.02.05 20:48:30 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\u6r1xior.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.03.29 20:55:47 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\u6r1xior.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.04.15 00:29:53 | 000,000,000 | ---D | M] (SpecialSavings) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\u6r1xior.default\extensions\specialsavings@superfish.com [2011.07.14 20:19:12 | 000,001,024 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\igmbdxj9.default\searchplugins\icqplugin.xml [2012.03.19 15:40:24 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.11.04 23:52:21 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.03.19 15:40:16 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2011.09.29 03:24:37 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.29 03:16:42 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2011.09.29 03:24:37 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2011.09.29 03:24:37 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.11 18:03:55 | 000,002,519 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\Search_Results.xml [2011.09.29 03:24:37 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2011.09.29 03:24:37 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.12.31 17:33:07 | 000,000,867 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (eType Toolbar) - {d0230100-3044-43b1-a44e-70dc12fd418c} - C:\Programme\etype\file2linktemplateX.dll File not found O3 - HKLM\..\Toolbar: (eType Toolbar) - {d0230100-3044-43b1-a44e-70dc12fd418c} - C:\Programme\etype\file2linktemplateX.dll File not found O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo ) O4 - HKLM..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo ) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BLOG] C:\Programme\ThinkPad\Utilities\BATLOGEX.DLL () O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TPFNF7] C:\Programme\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited) O4 - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) O4 - HKU\S-1-5-21-1085031214-1482476501-725345543-1003..\Run: [eType] C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype\eType.exe (DSNR Media Innovations) O4 - HKU\S-1-5-21-1085031214-1482476501-725345543-1003..\Run: [ModemOnHold] C:\Programme\NetWaiting\NetWaiting.exe (BVRP) O4 - HKU\S-1-5-21-1085031214-1482476501-725345543-1003..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Bild in &Microsoft PhotoDraw öffnen - C:\Programme\Microsoft Office\Office\1031\PHDINTL.DLL (Microsoft Corporation) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Web-Suche - C:\Programme\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63CFF96B-91AA-49FC-AC3D-AB1C6A79D748}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BBB0439-F819-4F19-BEF8-D2F9EA109FD9}: DhcpNameServer = 192.168.3.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (protector.dll) - C:\WINDOWS\System32\protector.dll () O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Programme\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O20 - Winlogon\Notify\ACNotify: DllName - (ACNotify.dll) - C:\Programme\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo ) O20 - Winlogon\Notify\tpfnf2: DllName - (C:\Programme\Lenovo\HOTKEY\notifyf2.dll) - C:\Programme\Lenovo\HOTKEY\notifyf2.dll () O20 - Winlogon\Notify\tphotkey: DllName - (C:\Programme\Lenovo\HOTKEY\tphklock.dll) - C:\Programme\Lenovo\HOTKEY\tphklock.dll () O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.11.03 17:20:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AVer HID Receiver.lnk - C:\Programme\Gemeinsame Dateien\AVerMedia\AVerQuick\AVerHIDReceiver.exe - () MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AVerQuick.lnk - C:\Programme\Gemeinsame Dateien\AVerMedia\AVerQuick\AVerQuick.exe - (AVerMedia TECHNOLOGIES, Inc.) MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Digital Imaging Monitor.lnk - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.) MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^McAfee Security Scan Plus.lnk - - File not found MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Programme\HP\HP Software Update\HPWuSchd.exe (Hewlett-Packard) MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.) MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation) MsConfig - StartUpReg: Samsung PanelMgr - hkey= - key= - C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe () MsConfig - StartUpReg: Skype - hkey= - key= - C:\Programme\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 SafeBootMin: !SASCORE - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com) SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: !SASCORE - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com) SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: UploadMgr - Service SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.ACM (fccHandler) Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm () Drivers32: msacm.at3 - C:\WINDOWS\System32\atrac3.acm () Drivers32: msacm.divxa32 - C:\WINDOWS\System32\DivXa32.acm (Packed With Joy !) Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codec - C:\WINDOWS\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lameacm - C:\WINDOWS\System32\LameACM.acm (hxxp://www.mp3dev.org/) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.3ivx - C:\WINDOWS\System32\3ivxVfWCodec.dll (3ivx.com) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIV3 - C:\WINDOWS\System32\DivXc32.dll (Packed with Joy !) Drivers32: vidc.DIV4 - C:\WINDOWS\System32\DivXc32f.dll (Packed with Joy !) Drivers32: vidc.divx - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.) Drivers32: vidc.dx50 - C:\WINDOWS\System32\divx50.dll (DivXNetworks, Inc.) Drivers32: vidc.ffds - C:\WINDOWS\System32\ffdshow.ax () Drivers32: vidc.hfyu - C:\WINDOWS\System32\huffyuv.dll (Disappearing Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: vidc.LEAD - LCODCCMP.DLL File not found Drivers32: vidc.vp60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com) Drivers32: vidc.vp61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com) Drivers32: vidc.vp62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com) Drivers32: vidc.wmv3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation) Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll () CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.04.16 17:00:12 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\OTL.exe [2012.04.15 21:40:11 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2012.04.15 21:38:50 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\esetsmartinstaller_enu.exe [2012.04.15 18:39:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\bilder_Lobeda_0412 [2012.04.15 12:32:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\SUPERAntiSpyware.com [2012.04.15 12:31:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com [2012.04.15 12:31:22 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware [2012.04.15 09:23:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Malwarebytes [2012.04.15 09:23:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.04.15 09:23:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.04.15 09:23:32 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.04.15 09:23:32 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.04.15 00:30:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Peter Lustig\Startmenü\Programme\eType [2012.04.15 00:29:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype [2012.04.15 00:29:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\bProtector [2012.04.15 00:29:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUpdaterService [2012.04.04 13:47:05 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoft [2012.04.02 13:54:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\SunODFPluginforMicrosoftOffice [2012.04.02 13:41:15 | 000,000,000 | ---D | C] -- C:\Programme\Sun [2012.03.20 19:47:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Peter Lustig\Lokale Einstellungen\Anwendungsdaten\Identities [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.04.16 20:27:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.04.16 19:20:39 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk [2012.04.16 17:00:24 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\OTL.exe [2012.04.16 15:45:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.04.16 14:37:36 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job [2012.04.15 21:38:51 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\esetsmartinstaller_enu.exe [2012.04.15 12:31:28 | 000,001,642 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.04.15 09:23:36 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.04.15 00:29:23 | 000,793,080 | ---- | M] () -- C:\WINDOWS\System32\protector.dll [2012.04.13 18:01:51 | 000,032,768 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter Lustig\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.04.13 17:15:08 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job [2012.04.11 16:09:40 | 000,562,026 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.04.11 16:09:40 | 000,534,446 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.04.11 16:09:40 | 000,114,052 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.04.11 16:09:40 | 000,095,006 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.04.11 15:59:58 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.04.04 13:47:25 | 000,001,023 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\Free YouTube to MP3 Converter.lnk [2012.04.04 13:47:25 | 000,000,906 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\DVDVideoSoft Free Studio.lnk [2012.04.01 14:58:14 | 053,364,412 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\Die stählerne Zeit - Das Reich des Stahlbarons 2_3.mp4 [2012.04.01 14:57:14 | 042,508,024 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\Die stählerne Zeit - Das Reich des Stahlbarons 3_3.mp4 [2012.04.01 14:56:46 | 054,958,069 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\Die stählerne Zeit - Das Reich des Stahlbarons 1_3.mp4 [2012.03.30 22:46:16 | 000,000,064 | ---- | M] () -- C:\WINDOWS\AVerText.ini [2012.03.28 17:28:08 | 000,002,451 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\Microsoft Office Picture Manager.lnk [2012.03.26 14:21:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.04.15 12:31:28 | 000,001,642 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.04.15 09:23:36 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.04.15 00:29:23 | 000,793,080 | ---- | C] () -- C:\WINDOWS\System32\protector.dll [2012.04.02 13:52:19 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.04.01 14:57:05 | 053,364,412 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\Die stählerne Zeit - Das Reich des Stahlbarons 2_3.mp4 [2012.04.01 14:56:08 | 042,508,024 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\Die stählerne Zeit - Das Reich des Stahlbarons 3_3.mp4 [2012.04.01 14:55:30 | 054,958,069 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\Die stählerne Zeit - Das Reich des Stahlbarons 1_3.mp4 [2012.02.15 07:16:34 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.11.21 18:30:38 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011.11.13 14:55:03 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI [2011.11.04 13:07:59 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4860.dll [2011.11.04 13:07:58 | 000,910,464 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll [2011.11.04 13:04:36 | 000,016,384 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE [2011.11.04 13:04:35 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS [2011.11.04 13:00:33 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys [2011.11.04 12:57:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll [2011.11.03 20:01:21 | 000,000,064 | ---- | C] () -- C:\WINDOWS\AVerText.ini [2011.11.03 19:53:39 | 000,000,145 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter Lustig\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2011.11.03 19:27:15 | 000,034,480 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat [2011.11.03 19:27:15 | 000,028,721 | ---- | C] () -- C:\WINDOWS\hpoins03.dat [2011.11.03 19:04:35 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2011.11.03 19:03:15 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\AVerIO.dll [2011.11.03 19:03:15 | 000,003,456 | R--- | C] () -- C:\WINDOWS\System32\AVerIO.sys [2011.11.03 19:03:00 | 000,598,016 | R--- | C] () -- C:\WINDOWS\System32\sptlib21.dll [2011.11.03 19:03:00 | 000,307,200 | R--- | C] () -- C:\WINDOWS\System32\sptlib01.dll [2011.11.03 19:03:00 | 000,294,912 | R--- | C] () -- C:\WINDOWS\System32\sptlib11.dll [2011.11.03 19:03:00 | 000,290,816 | R--- | C] () -- C:\WINDOWS\System32\sptlib22.dll [2011.11.03 19:03:00 | 000,249,856 | R--- | C] () -- C:\WINDOWS\System32\sptlib03.dll [2011.11.03 19:03:00 | 000,225,280 | R--- | C] () -- C:\WINDOWS\System32\sptlib02.dll [2011.11.03 19:03:00 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\sptlib12.dll [2011.11.03 18:59:24 | 000,482,408 | ---- | C] () -- C:\WINDOWS\ssndii.exe [2011.11.03 18:58:44 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ssp4ml3.dll [2011.11.03 18:06:29 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2011.11.03 17:54:00 | 000,032,768 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter Lustig\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.11.03 17:22:14 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2011.11.03 17:17:05 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2011.11.03 17:10:01 | 000,004,335 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2011.11.03 17:08:52 | 000,273,376 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT ========== LOP Check ========== [2011.11.10 15:54:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avanquest [2012.02.28 16:41:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVerTV [2012.03.12 08:47:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\boost_interprocess [2012.04.15 09:27:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\bProtector [2011.11.10 00:51:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software [2012.04.15 00:32:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUpdaterService [2012.03.29 20:55:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ [2011.11.15 23:07:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MSScanAppDataDir [2011.11.19 16:14:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Drivers HeadQuarters [2012.04.16 20:46:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM [2011.11.05 15:32:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2012.04.04 13:47:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\DVDVideoSoft [2012.02.05 20:48:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\DVDVideoSoftIEHelpers [2012.04.16 15:46:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype [2012.04.15 17:56:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\ICQ [2011.11.05 15:36:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\TuneUp Software [2012.04.13 17:15:08 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job [2012.04.16 14:37:36 | 000,000,314 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.11.05 15:34:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Adobe [2011.11.04 21:17:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Avira [2012.02.09 15:54:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\dvdcss [2012.04.04 13:47:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\DVDVideoSoft [2012.02.05 20:48:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\DVDVideoSoftIEHelpers [2012.04.16 15:46:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype [2012.04.15 17:56:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\ICQ [2011.11.03 17:24:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Identities [2011.11.04 13:02:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\InstallShield [2011.11.04 18:01:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Macromedia [2012.04.15 09:23:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Malwarebytes [2011.11.05 00:22:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Media Player Classic [2012.03.20 19:47:02 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Microsoft [2011.11.03 20:54:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Microsoft Web Folders [2011.11.04 21:23:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla [2012.04.16 20:56:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Skype [2011.11.19 17:03:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Sun [2012.04.02 13:54:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\SunODFPluginforMicrosoftOffice [2012.04.15 12:32:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\SUPERAntiSpyware.com [2011.11.05 15:36:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\TuneUp Software [2011.11.10 22:27:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\vlc [2011.11.05 15:31:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\WinRAR < %APPDATA%\*.exe /s > [2012.04.15 00:30:39 | 002,927,984 | ---- | M] (DSNR Media Innovations) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype\eType.exe [2012.04.15 00:31:07 | 002,167,664 | ---- | M] (DSNR Media Innovations) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype\eTypeUpdate.exe [2011.11.04 13:06:59 | 000,010,134 | R--- | M] () -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Microsoft\Installer\{BBD6BA59-4593-43CC-BBC8-8E53D354AEA4}\ARPPRODUCTICON.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2004.08.04 02:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2004.08.04 02:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys [2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [2004.08.04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys < MD5 for: ATAPI.SYS > [2004.08.04 02:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2004.08.04 02:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys [2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys [2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\atapi.sys [2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 08:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 08:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2004.08.04 01:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: IASTOR.SYS > [2007.02.12 06:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\DRIVERS\other\iastor.sys [2007.02.12 06:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\SWTOOLS\DRIVERS\IMSM\iastor.sys [2007.02.12 06:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINDOWS\system32\drivers\iaStor.sys < MD5 for: NETLOGON.DLL > [2008.04.14 08:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 08:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2004.08.04 01:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 08:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 08:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2004.08.04 01:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2004.08.04 01:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2008.04.14 08:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 08:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 08:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 08:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004.08.04 01:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2004.08.04 01:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 08:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 08:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2001.08.18 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2001.08.18 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2011.11.03 18:07:54 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2011.11.03 18:07:54 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2011.11.03 18:07:54 | 000,421,888 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < > < End of report > |
|
16.04.2012, 20:41
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | eType Virus Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/em/
IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\SearchScopes,bProtectorDefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://search.etype.com/?smart=1&query={searchTerms}
IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?ch_id=em&q={searchTerms}
IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
FF - prefs.js..browser.startup.homepage: "http://start.icq.com/em/"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - user.js - File not found
[2012.03.29 20:55:21 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\igmbdxj9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.03.29 21:00:30 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\u6r1xior.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.02.15 22:07:53 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\u6r1xior.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2012.04.15 00:29:53 | 000,000,000 | ---D | M] (SpecialSavings) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\u6r1xior.default\extensions\specialsavings@superfish.com
[2011.07.14 20:19:12 | 000,001,024 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\igmbdxj9.default\searchplugins\icqplugin.xml
[2012.03.11 18:03:55 | 000,002,519 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\Search_Results.xml
O2 - BHO: (eType Toolbar) - {d0230100-3044-43b1-a44e-70dc12fd418c} - C:\Programme\etype\file2linktemplateX.dll File not found
O3 - HKLM\..\Toolbar: (eType Toolbar) - {d0230100-3044-43b1-a44e-70dc12fd418c} - C:\Programme\etype\file2linktemplateX.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-21-1085031214-1482476501-725345543-1003..\Run: [eType] C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype\eType.exe (DSNR Media Innovations)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.11.03 17:20:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
[2012.04.16 15:46:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype
[2012.04.15 00:30:39 | 002,927,984 | ---- | M] (DSNR Media Innovations) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype\eType.exe
[2012.04.15 00:31:07 | 002,167,664 | ---- | M] (DSNR Media Innovations) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype\eTypeUpdate.exe
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.04.2012, 22:25
| #9 |
| | eType Virus 23.22 Uhr: OTL ist abgestürzt. Folgende Meldung erschien: "Cannot create file c:\WINDOWS\SYSTEM32\drivers\etc\Hots. Dennoch: Immerhin kam die Meldung von eType nicht mehr. Am Anfang des Start jedoch immer noch die alte Fehlermeldung. |
|
17.04.2012, 11:42
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | eType Virus Wiederhol den Fix im abgesicherten Modus bitte
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.04.2012, 17:21
| #11 |
| | eType Virus Nun hat es geklappt. Beim Neustarten durch OTL kam allerdings leider wieder die Fehlermeldung. Hier die Log-Datei: Code:
ATTFilter
All processes killed
========== OTL ==========
HKU\S-1-5-21-1085031214-1482476501-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1085031214-1482476501-725345543-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
HKEY_USERS\S-1-5-21-1085031214-1482476501-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-21-1085031214-1482476501-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1085031214-1482476501-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1085031214-1482476501-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ not found.
Registry key HKEY_USERS\S-1-5-21-1085031214-1482476501-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_USERS\S-1-5-21-1085031214-1482476501-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Prefs.js: "hxxp://start.icq.com/em/" removed from browser.startup.homepage
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Folder C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\igmbdxj9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\ not found.
Folder C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\u6r1xior.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\ not found.
Folder C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\u6r1xior.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
Folder C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\u6r1xior.default\extensions\specialsavings@superfish.com\ not found.
File C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\igmbdxj9.default\searchplugins\icqplugin.xml not found.
File C:\Programme\mozilla firefox\searchplugins\Search_Results.xml not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d0230100-3044-43b1-a44e-70dc12fd418c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0230100-3044-43b1-a44e-70dc12fd418c}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{d0230100-3044-43b1-a44e-70dc12fd418c} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0230100-3044-43b1-a44e-70dc12fd418c}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 not found.
Registry value HKEY_USERS\S-1-5-21-1085031214-1482476501-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_USERS\S-1-5-21-1085031214-1482476501-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\eType not found.
File C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype\eType.exe not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\AUTOEXEC.BAT not found.
Folder C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype\ not found.
File C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype\eType.exe not found.
File C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype\eTypeUpdate.exe not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Peter Lustig
->Temp folder emptied: 187856 bytes
->Temporary Internet Files folder emptied: 859602 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 177013301 bytes
->Flash cache emptied: 1358 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 190464 bytes
Total Files Cleaned = 170,00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
User: Default User
User: LocalService
User: NetworkService
User: Peter Lustig
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.39.2 log created on 04172012_181150
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
17.04.2012, 18:53
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | eType Virus Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.04.2012, 19:15
| #13 |
| | eType Virus Danke! Anbei die Log-Datei: Code:
ATTFilter 20:07:22.0781 3552 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
20:07:22.0859 3552 ============================================================
20:07:22.0859 3552 Current date / time: 2012/04/17 20:07:22.0859
20:07:22.0859 3552 SystemInfo:
20:07:22.0859 3552
20:07:22.0859 3552 OS Version: 5.1.2600 ServicePack: 3.0
20:07:22.0859 3552 Product type: Workstation
20:07:22.0859 3552 ComputerName: PETER-6X2VGMUVQ
20:07:22.0859 3552 UserName: Peter Lustig
20:07:22.0859 3552 Windows directory: C:\WINDOWS
20:07:22.0859 3552 System windows directory: C:\WINDOWS
20:07:22.0859 3552 Processor architecture: Intel x86
20:07:22.0859 3552 Number of processors: 2
20:07:22.0859 3552 Page size: 0x1000
20:07:22.0859 3552 Boot type: Normal boot
20:07:22.0859 3552 ============================================================
20:07:24.0687 3552 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x14301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
20:07:24.0687 3552 \Device\Harddisk0\DR0:
20:07:24.0687 3552 MBR used
20:07:24.0687 3552 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xFFFD851
20:07:24.0687 3552 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xFFFD890, BlocksNum 0x3A859280
20:07:24.0765 3552 Initialize success
20:07:24.0765 3552 ============================================================
20:09:01.0250 3984 ============================================================
20:09:01.0250 3984 Scan started
20:09:01.0250 3984 Mode: Manual; SigCheck; TDLFS;
20:09:01.0250 3984 ============================================================
20:09:01.0578 3984 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Programme\SUPERAntiSpyware\SASCORE.EXE
20:09:01.0828 3984 !SASCORE - ok
20:09:01.0906 3984 Abiosdsk - ok
20:09:01.0921 3984 abp480n5 - ok
20:09:01.0953 3984 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:09:03.0125 3984 ACPI - ok
20:09:03.0234 3984 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
20:09:03.0437 3984 ACPIEC - ok
20:09:03.0546 3984 AcPrfMgrSvc (ac83da08b02bc2ac4f9920523275bb0f) C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
20:09:03.0578 3984 AcPrfMgrSvc ( UnsignedFile.Multi.Generic ) - warning
20:09:03.0578 3984 AcPrfMgrSvc - detected UnsignedFile.Multi.Generic (1)
20:09:03.0609 3984 AcSvc (f0dfcab03cc9c71137d00c17feb08873) C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
20:09:03.0625 3984 AcSvc ( UnsignedFile.Multi.Generic ) - warning
20:09:03.0625 3984 AcSvc - detected UnsignedFile.Multi.Generic (1)
20:09:03.0656 3984 ADIHdAudAddService (d537f3d03c6301fefa21f3eee8cc82d8) C:\WINDOWS\system32\drivers\ADIHdAud.sys
20:09:03.0718 3984 ADIHdAudAddService - ok
20:09:03.0765 3984 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:09:03.0796 3984 AdobeFlashPlayerUpdateSvc - ok
20:09:03.0796 3984 adpu160m - ok
20:09:03.0812 3984 AEAudio (860df7676869cd8690cb2b23ab6de66a) C:\WINDOWS\system32\drivers\AEAudio.sys
20:09:03.0843 3984 AEAudio - ok
20:09:03.0875 3984 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:09:04.0093 3984 aec - ok
20:09:04.0156 3984 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:09:04.0187 3984 AFD - ok
20:09:04.0218 3984 AFS2K (c719341a1cf6afd4fa0808ae3d23d6a3) C:\WINDOWS\system32\drivers\AFS2K.sys
20:09:04.0265 3984 AFS2K - ok
20:09:04.0265 3984 Aha154x - ok
20:09:04.0281 3984 aic78u2 - ok
20:09:04.0296 3984 aic78xx - ok
20:09:04.0328 3984 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
20:09:04.0500 3984 Alerter - ok
20:09:04.0531 3984 ALG (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
20:09:04.0625 3984 ALG - ok
20:09:04.0625 3984 AliIde - ok
20:09:04.0640 3984 amsint - ok
20:09:04.0671 3984 ANC (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS
20:09:04.0687 3984 ANC ( UnsignedFile.Multi.Generic ) - warning
20:09:04.0687 3984 ANC - detected UnsignedFile.Multi.Generic (1)
20:09:04.0750 3984 AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Programme\Avira\AntiVir Desktop\sched.exe
20:09:04.0781 3984 AntiVirSchedulerService - ok
20:09:04.0812 3984 AntiVirService (2fe359edeb34efcf42574752f8aebd3f) C:\Programme\Avira\AntiVir Desktop\avguard.exe
20:09:04.0828 3984 AntiVirService - ok
20:09:04.0875 3984 AppMgmt (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
20:09:05.0015 3984 AppMgmt - ok
20:09:05.0046 3984 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:09:05.0234 3984 Arp1394 - ok
20:09:05.0250 3984 asc - ok
20:09:05.0250 3984 asc3350p - ok
20:09:05.0265 3984 asc3550 - ok
20:09:05.0390 3984 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:09:05.0437 3984 aspnet_state - ok
20:09:05.0468 3984 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:09:05.0656 3984 AsyncMac - ok
20:09:05.0687 3984 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:09:05.0875 3984 atapi - ok
20:09:05.0890 3984 Atdisk - ok
20:09:05.0937 3984 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:09:06.0109 3984 Atmarpc - ok
20:09:06.0140 3984 atmeltpm (dbf0d7e2df33b469eb55406fea759350) C:\WINDOWS\system32\DRIVERS\atmeltpm.sys
20:09:06.0187 3984 atmeltpm - ok
20:09:06.0218 3984 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
20:09:06.0390 3984 AudioSrv - ok
20:09:06.0421 3984 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:09:06.0609 3984 audstub - ok
20:09:06.0671 3984 AVerAF35 (c143c69e089c7a13520eaf06175b3a3b) C:\WINDOWS\system32\Drivers\AVerAF35.sys
20:09:06.0765 3984 AVerAF35 - ok
20:09:06.0843 3984 AVerRemote (a33c07f7527fc4cbc664c3137eb7d744) C:\Programme\Gemeinsame Dateien\AVerMedia\Service\AVerRemote.exe
20:09:06.0890 3984 AVerRemote ( UnsignedFile.Multi.Generic ) - warning
20:09:06.0890 3984 AVerRemote - detected UnsignedFile.Multi.Generic (1)
20:09:06.0906 3984 AVerScheduleService (9aebb2d487d9bf4c0f354899d842edd0) C:\Programme\Gemeinsame Dateien\AVerMedia\Service\AVerScheduleService.exe
20:09:06.0968 3984 AVerScheduleService ( UnsignedFile.Multi.Generic ) - warning
20:09:06.0968 3984 AVerScheduleService - detected UnsignedFile.Multi.Generic (1)
20:09:06.0984 3984 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
20:09:07.0062 3984 avgntflt - ok
20:09:07.0078 3984 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\WINDOWS\system32\DRIVERS\avipbb.sys
20:09:07.0109 3984 avipbb - ok
20:09:07.0125 3984 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
20:09:07.0140 3984 avkmgr - ok
20:09:07.0156 3984 b57w2k (66dd574749c38153c6067ebba929befc) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
20:09:07.0203 3984 b57w2k - ok
20:09:07.0265 3984 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:09:07.0437 3984 Beep - ok
20:09:07.0484 3984 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
20:09:07.0703 3984 BITS - ok
20:09:07.0734 3984 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
20:09:07.0921 3984 Browser - ok
20:09:07.0953 3984 btaudio (3aa4bf555c00c5b87fd48dd7bdbd4e97) C:\WINDOWS\system32\drivers\btaudio.sys
20:09:08.0062 3984 btaudio - ok
20:09:08.0109 3984 BTDriver (07f0a66cfa550b13ad0674ae09e3cba0) C:\WINDOWS\system32\DRIVERS\btport.sys
20:09:08.0140 3984 BTDriver - ok
20:09:08.0187 3984 BTKRNL (9da09b5800b9de8336948664e3b9cc94) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
20:09:08.0265 3984 BTKRNL - ok
20:09:08.0375 3984 btwdins (d14c346d293e6f83cbb55ac641ff941e) C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
20:09:08.0390 3984 btwdins ( UnsignedFile.Multi.Generic ) - warning
20:09:08.0390 3984 btwdins - detected UnsignedFile.Multi.Generic (1)
20:09:08.0421 3984 BTWDNDIS (b1d350f3f13cf340fce93912d2ba1ebf) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
20:09:08.0515 3984 BTWDNDIS - ok
20:09:08.0531 3984 BTWUSB (57e91e9925976bbc98984eebaaf1d84c) C:\WINDOWS\system32\Drivers\btwusb.sys
20:09:08.0562 3984 BTWUSB - ok
20:09:08.0593 3984 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:09:08.0781 3984 cbidf2k - ok
20:09:08.0828 3984 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:09:08.0984 3984 CCDECODE - ok
20:09:09.0000 3984 cd20xrnt - ok
20:09:09.0031 3984 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:09:09.0218 3984 Cdaudio - ok
20:09:09.0234 3984 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:09:09.0421 3984 Cdfs - ok
20:09:09.0437 3984 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:09:09.0625 3984 Cdrom - ok
20:09:09.0625 3984 Changer - ok
20:09:09.0656 3984 cisvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\System32\cisvc.exe
20:09:10.0328 3984 cisvc - ok
20:09:10.0343 3984 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
20:09:10.0515 3984 ClipSrv - ok
20:09:10.0625 3984 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:09:10.0687 3984 clr_optimization_v2.0.50727_32 - ok
20:09:10.0734 3984 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:09:10.0750 3984 clr_optimization_v4.0.30319_32 - ok
20:09:10.0781 3984 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:09:10.0953 3984 CmBatt - ok
20:09:10.0953 3984 CmdIde - ok
20:09:10.0968 3984 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:09:11.0140 3984 Compbatt - ok
20:09:11.0140 3984 COMSysApp - ok
20:09:11.0156 3984 Cpqarray - ok
20:09:11.0203 3984 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
20:09:11.0375 3984 CryptSvc - ok
20:09:11.0390 3984 dac2w2k - ok
20:09:11.0406 3984 dac960nt - ok
20:09:11.0453 3984 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
20:09:11.0609 3984 DcomLaunch - ok
20:09:11.0625 3984 DgiVecp - ok
20:09:11.0640 3984 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
20:09:11.0828 3984 Dhcp - ok
20:09:11.0859 3984 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:09:12.0031 3984 Disk - ok
20:09:12.0046 3984 dmadmin - ok
20:09:12.0109 3984 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
20:09:12.0328 3984 dmboot - ok
20:09:12.0375 3984 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
20:09:12.0562 3984 dmio - ok
20:09:12.0609 3984 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:09:12.0781 3984 dmload - ok
20:09:12.0812 3984 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
20:09:13.0000 3984 dmserver - ok
20:09:13.0031 3984 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:09:13.0218 3984 DMusic - ok
20:09:13.0250 3984 Dnscache (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
20:09:13.0312 3984 Dnscache - ok
20:09:13.0343 3984 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
20:09:13.0515 3984 Dot3svc - ok
20:09:13.0531 3984 dpti2o - ok
20:09:13.0531 3984 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:09:13.0734 3984 drmkaud - ok
20:09:13.0765 3984 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
20:09:13.0937 3984 EapHost - ok
20:09:13.0968 3984 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
20:09:14.0140 3984 ERSvc - ok
20:09:14.0171 3984 Eventlog (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
20:09:14.0218 3984 Eventlog - ok
20:09:14.0265 3984 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\System32\es.dll
20:09:14.0296 3984 EventSystem - ok
20:09:14.0328 3984 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:09:14.0500 3984 Fastfat - ok
20:09:14.0531 3984 FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
20:09:14.0562 3984 FastUserSwitchingCompatibility - ok
20:09:14.0578 3984 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
20:09:14.0750 3984 Fdc - ok
20:09:14.0765 3984 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
20:09:14.0953 3984 Fips - ok
20:09:14.0953 3984 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
20:09:15.0125 3984 Flpydisk - ok
20:09:15.0171 3984 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:09:15.0343 3984 FltMgr - ok
20:09:15.0453 3984 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:09:15.0484 3984 FontCache3.0.0.0 - ok
20:09:15.0500 3984 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:09:15.0687 3984 Fs_Rec - ok
20:09:15.0703 3984 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:09:15.0875 3984 Ftdisk - ok
20:09:15.0906 3984 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:09:16.0078 3984 Gpc - ok
20:09:16.0109 3984 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:09:16.0265 3984 HDAudBus - ok
20:09:16.0343 3984 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:09:16.0515 3984 helpsvc - ok
20:09:16.0515 3984 HidServ - ok
20:09:16.0562 3984 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
20:09:16.0734 3984 hkmsvc - ok
20:09:16.0750 3984 hpn - ok
20:09:16.0750 3984 hpt3xx - ok
20:09:16.0796 3984 HPZid412 (287a63bd8509bd78e7978823b38afa81) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
20:09:16.0906 3984 HPZid412 - ok
20:09:16.0921 3984 HPZipr12 (0b4fda2657c3e0315eaa57f9c6d4fd1f) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
20:09:16.0968 3984 HPZipr12 - ok
20:09:17.0000 3984 HPZius12 (29559db25258b60510a60c4e470fce32) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
20:09:17.0078 3984 HPZius12 - ok
20:09:17.0125 3984 HSFHWAZL (6a5c4732d6803f84e2987edd8e4359ce) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
20:09:17.0171 3984 HSFHWAZL - ok
20:09:17.0203 3984 HSF_DPV (21c31273c6cc4826e74be8ae3b09d4a8) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
20:09:17.0265 3984 HSF_DPV - ok
20:09:17.0328 3984 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:09:17.0375 3984 HTTP - ok
20:09:17.0406 3984 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
20:09:17.0578 3984 HTTPFilter - ok
20:09:17.0578 3984 i2omgmt - ok
20:09:17.0593 3984 i2omp - ok
20:09:17.0625 3984 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:09:17.0796 3984 i8042prt - ok
20:09:17.0968 3984 ialm (06b71441957b48a4866de2fe27cb79c8) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
20:09:18.0234 3984 ialm - ok
20:09:18.0296 3984 iastor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\WINDOWS\system32\Drivers\iaStor.sys
20:09:18.0328 3984 iastor - ok
20:09:18.0359 3984 IBMPMDRV (bf648877413f6160e480814a24942b65) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
20:09:18.0375 3984 IBMPMDRV - ok
20:09:18.0406 3984 IBMPMSVC (a75ce11915e4ecc5e1597d6e0f7bb2db) C:\WINDOWS\system32\ibmpmsvc.exe
20:09:18.0421 3984 IBMPMSVC - ok
20:09:18.0453 3984 IBMTPCHK (083d095fed4b01fff9d501b98d50db68) C:\WINDOWS\system32\Drivers\IBMBLDID.sys
20:09:18.0453 3984 IBMTPCHK ( UnsignedFile.Multi.Generic ) - warning
20:09:18.0453 3984 IBMTPCHK - detected UnsignedFile.Multi.Generic (1)
20:09:18.0515 3984 IBUpdaterService (7e22c5fdca42458b8bc6892fec135258) C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUpdaterService\ibsvc.exe
20:09:18.0546 3984 IBUpdaterService - ok
20:09:18.0687 3984 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:09:18.0750 3984 idsvc - ok
20:09:18.0781 3984 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\drivers\Imapi.sys
20:09:18.0968 3984 Imapi - ok
20:09:19.0000 3984 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\System32\imapi.exe
20:09:19.0156 3984 ImapiService - ok
20:09:19.0187 3984 ini910u - ok
20:09:19.0203 3984 IntelIde - ok
20:09:19.0234 3984 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:09:19.0421 3984 intelppm - ok
20:09:19.0453 3984 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:09:19.0640 3984 ip6fw - ok
20:09:19.0671 3984 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:09:20.0125 3984 IpFilterDriver - ok
20:09:20.0156 3984 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:09:20.0343 3984 IpInIp - ok
20:09:20.0375 3984 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:09:20.0546 3984 IpNat - ok
20:09:20.0562 3984 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:09:20.0750 3984 IPSec - ok
20:09:20.0765 3984 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:09:20.0859 3984 IRENUM - ok
20:09:20.0906 3984 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:09:21.0062 3984 isapnp - ok
20:09:21.0171 3984 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Programme\Java\jre6\bin\jqs.exe
20:09:21.0187 3984 JavaQuickStarterService - ok
20:09:21.0203 3984 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:09:21.0375 3984 Kbdclass - ok
20:09:21.0406 3984 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:09:21.0578 3984 kmixer - ok
20:09:21.0609 3984 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:09:21.0703 3984 KSecDD - ok
20:09:21.0750 3984 lanmanserver (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
20:09:21.0828 3984 lanmanserver - ok
20:09:21.0859 3984 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
20:09:21.0890 3984 lanmanworkstation - ok
20:09:21.0906 3984 lbrtfdc - ok
20:09:21.0953 3984 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
20:09:22.0125 3984 LmHosts - ok
20:09:22.0156 3984 MDM (11f714f85530a2bd134074dc30e99fca) C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
20:09:22.0187 3984 MDM - ok
20:09:22.0218 3984 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
20:09:22.0234 3984 mdmxsdk - ok
20:09:22.0250 3984 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
20:09:22.0437 3984 Messenger - ok
20:09:22.0468 3984 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:09:22.0656 3984 mnmdd - ok
20:09:22.0687 3984 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\System32\mnmsrvc.exe
20:09:22.0859 3984 mnmsrvc - ok
20:09:22.0890 3984 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
20:09:23.0062 3984 Modem - ok
20:09:23.0062 3984 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:09:23.0234 3984 Mouclass - ok
20:09:23.0265 3984 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:09:23.0437 3984 MountMgr - ok
20:09:23.0453 3984 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
20:09:23.0640 3984 MPE - ok
20:09:23.0640 3984 mraid35x - ok
20:09:23.0656 3984 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:09:23.0828 3984 MRxDAV - ok
20:09:23.0875 3984 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:09:23.0953 3984 MRxSmb - ok
20:09:23.0968 3984 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\System32\msdtc.exe
20:09:24.0140 3984 MSDTC - ok
20:09:24.0156 3984 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:09:24.0312 3984 Msfs - ok
20:09:24.0328 3984 MSIServer - ok
20:09:24.0343 3984 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:09:24.0515 3984 MSKSSRV - ok
20:09:24.0531 3984 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:09:24.0703 3984 MSPCLOCK - ok
20:09:24.0734 3984 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:09:24.0890 3984 MSPQM - ok
20:09:24.0921 3984 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:09:25.0093 3984 mssmbios - ok
20:09:25.0109 3984 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
20:09:25.0281 3984 MSTEE - ok
20:09:25.0312 3984 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:09:25.0328 3984 Mup - ok
20:09:25.0359 3984 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:09:25.0531 3984 NABTSFEC - ok
20:09:25.0578 3984 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
20:09:25.0781 3984 napagent - ok
20:09:25.0796 3984 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:09:25.0968 3984 NDIS - ok
20:09:25.0984 3984 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:09:26.0156 3984 NdisIP - ok
20:09:26.0218 3984 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:09:26.0265 3984 NdisTapi - ok
20:09:26.0281 3984 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:09:26.0453 3984 Ndisuio - ok
20:09:26.0468 3984 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:09:26.0625 3984 NdisWan - ok
20:09:26.0671 3984 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:09:26.0734 3984 NDProxy - ok
20:09:26.0750 3984 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:09:26.0921 3984 NetBIOS - ok
20:09:26.0953 3984 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:09:27.0109 3984 NetBT - ok
20:09:27.0156 3984 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
20:09:27.0328 3984 NetDDE - ok
20:09:27.0343 3984 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
20:09:27.0515 3984 NetDDEdsdm - ok
20:09:27.0531 3984 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\System32\lsass.exe
20:09:27.0703 3984 Netlogon - ok
20:09:27.0734 3984 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
20:09:27.0921 3984 Netman - ok
20:09:27.0984 3984 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:09:28.0015 3984 NetTcpPortSharing - ok
20:09:28.0093 3984 NETw4x32 (18b2d3e11ed7a3c898ade6a6692b6929) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
20:09:28.0312 3984 NETw4x32 - ok
20:09:28.0328 3984 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:09:28.0500 3984 NIC1394 - ok
20:09:28.0546 3984 Nla (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
20:09:28.0578 3984 Nla - ok
20:09:28.0609 3984 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:09:28.0781 3984 Npfs - ok
20:09:28.0812 3984 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:09:29.0031 3984 Ntfs - ok
20:09:29.0078 3984 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\System32\lsass.exe
20:09:29.0234 3984 NtLmSsp - ok
20:09:29.0328 3984 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
20:09:29.0515 3984 NtmsSvc - ok
20:09:29.0562 3984 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:09:29.0953 3984 Null - ok
20:09:30.0000 3984 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:09:30.0171 3984 NwlnkFlt - ok
20:09:30.0171 3984 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:09:30.0343 3984 NwlnkFwd - ok
20:09:30.0375 3984 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:09:30.0546 3984 ohci1394 - ok
20:09:30.0578 3984 OMSI download service (da345de3b450e9e1691e7b9956d8ffc3) C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
20:09:30.0609 3984 OMSI download service ( UnsignedFile.Multi.Generic ) - warning
20:09:30.0609 3984 OMSI download service - detected UnsignedFile.Multi.Generic (1)
20:09:30.0625 3984 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
20:09:30.0656 3984 ose - ok
20:09:30.0687 3984 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
20:09:30.0890 3984 Parport - ok
20:09:30.0890 3984 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:09:31.0062 3984 PartMgr - ok
20:09:31.0093 3984 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
20:09:31.0265 3984 ParVdm - ok
20:09:31.0296 3984 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
20:09:31.0468 3984 PCI - ok
20:09:31.0484 3984 PCIDump - ok
20:09:31.0484 3984 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:09:31.0656 3984 PCIIde - ok
20:09:31.0671 3984 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
20:09:31.0828 3984 Pcmcia - ok
20:09:31.0843 3984 PDCOMP - ok
20:09:31.0859 3984 PDFRAME - ok
20:09:31.0859 3984 PDRELI - ok
20:09:31.0875 3984 PDRFRAME - ok
20:09:31.0890 3984 perc2 - ok
20:09:31.0906 3984 perc2hib - ok
20:09:31.0968 3984 PlugPlay (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
20:09:31.0984 3984 PlugPlay - ok
20:09:32.0031 3984 Pml Driver HPZ12 (5c1cadd1cb67c0b9d8a84ec6e4d6b5cc) C:\WINDOWS\system32\HPZipm12.exe
20:09:32.0062 3984 Pml Driver HPZ12 - ok
20:09:32.0125 3984 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\System32\lsass.exe
20:09:32.0281 3984 PolicyAgent - ok
20:09:32.0312 3984 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:09:32.0468 3984 PptpMiniport - ok
20:09:32.0484 3984 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
20:09:32.0671 3984 Processor - ok
20:09:32.0671 3984 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
20:09:32.0843 3984 ProtectedStorage - ok
20:09:32.0859 3984 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:09:33.0046 3984 PSched - ok
20:09:33.0046 3984 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:09:33.0218 3984 Ptilink - ok
20:09:33.0234 3984 ql1080 - ok
20:09:33.0250 3984 Ql10wnt - ok
20:09:33.0265 3984 ql12160 - ok
20:09:33.0281 3984 ql1240 - ok
20:09:33.0296 3984 ql1280 - ok
20:09:33.0296 3984 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:09:33.0468 3984 RasAcd - ok
20:09:33.0515 3984 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
20:09:33.0687 3984 RasAuto - ok
20:09:33.0703 3984 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:09:33.0890 3984 Rasl2tp - ok
20:09:33.0921 3984 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
20:09:34.0093 3984 RasMan - ok
20:09:34.0109 3984 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:09:34.0265 3984 RasPppoe - ok
20:09:34.0281 3984 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:09:34.0453 3984 Raspti - ok
20:09:34.0484 3984 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:09:34.0656 3984 Rdbss - ok
20:09:34.0671 3984 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:09:34.0828 3984 RDPCDD - ok
20:09:34.0859 3984 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:09:35.0015 3984 rdpdr - ok
20:09:35.0062 3984 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
20:09:35.0125 3984 RDPWD - ok
20:09:35.0156 3984 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
20:09:35.0328 3984 RDSessMgr - ok
20:09:35.0343 3984 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:09:35.0515 3984 redbook - ok
20:09:35.0546 3984 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
20:09:35.0718 3984 RemoteAccess - ok
20:09:35.0750 3984 RemoteRegistry (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
20:09:35.0906 3984 RemoteRegistry - ok
20:09:35.0921 3984 RpcLocator (2a02e21867497df20b8fc95631395169) C:\WINDOWS\System32\locator.exe
20:09:36.0093 3984 RpcLocator - ok
20:09:36.0125 3984 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
20:09:36.0156 3984 RpcSs - ok
20:09:36.0203 3984 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\System32\rsvp.exe
20:09:36.0375 3984 RSVP - ok
20:09:36.0421 3984 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
20:09:36.0593 3984 rtl8139 - ok
20:09:36.0625 3984 s217bus (0266151de3f36429f6ac3c4b28085061) C:\WINDOWS\system32\DRIVERS\s217bus.sys
20:09:36.0656 3984 s217bus - ok
20:09:36.0687 3984 s217mdfl (a43c0af0e46be7ef0c7e8ccf0f058600) C:\WINDOWS\system32\DRIVERS\s217mdfl.sys
20:09:36.0703 3984 s217mdfl - ok
20:09:36.0734 3984 s217mdm (005f5ded1ed8f8a9d2399d765ead20f1) C:\WINDOWS\system32\DRIVERS\s217mdm.sys
20:09:36.0750 3984 s217mdm - ok
20:09:36.0781 3984 s217mgmt (de9562ad0c91e1857d11f65a91ee1a47) C:\WINDOWS\system32\DRIVERS\s217mgmt.sys
20:09:36.0796 3984 s217mgmt - ok
20:09:36.0812 3984 s217nd5 (11cc5d7f992799e7e75d018e9c018563) C:\WINDOWS\system32\DRIVERS\s217nd5.sys
20:09:36.0843 3984 s217nd5 - ok
20:09:36.0859 3984 s217obex (0f9f4045799afb66b85eef999d0609ec) C:\WINDOWS\system32\DRIVERS\s217obex.sys
20:09:36.0890 3984 s217obex - ok
20:09:36.0890 3984 s217unic (1c91e1023f07b6407d84b5a43537d984) C:\WINDOWS\system32\DRIVERS\s217unic.sys
20:09:36.0921 3984 s217unic - ok
20:09:36.0937 3984 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
20:09:37.0109 3984 SamSs - ok
20:09:37.0187 3984 SASDIFSV (39763504067962108505bff25f024345) C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
20:09:37.0203 3984 SASDIFSV - ok
20:09:37.0203 3984 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
20:09:37.0234 3984 SASKUTIL - ok
20:09:37.0250 3984 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
20:09:37.0437 3984 SCardSvr - ok
20:09:37.0468 3984 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
20:09:37.0640 3984 Schedule - ok
20:09:37.0687 3984 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:09:37.0781 3984 Secdrv - ok
20:09:37.0796 3984 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
20:09:37.0968 3984 seclogon - ok
20:09:38.0000 3984 seehcri (e5b56569a9f79b70314fede6c953641e) C:\WINDOWS\system32\DRIVERS\seehcri.sys
20:09:38.0078 3984 seehcri - ok
20:09:38.0093 3984 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
20:09:38.0281 3984 SENS - ok
20:09:38.0312 3984 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
20:09:38.0484 3984 Serial - ok
20:09:38.0515 3984 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:09:38.0687 3984 Sfloppy - ok
20:09:38.0734 3984 SharedAccess (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
20:09:38.0906 3984 SharedAccess - ok
20:09:38.0953 3984 ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
20:09:38.0968 3984 ShellHWDetection - ok
20:09:39.0000 3984 Shockprf (e22ef09693396bfeda7edc47b6c16e26) C:\WINDOWS\system32\DRIVERS\Apsx86.sys
20:09:39.0015 3984 Shockprf - ok
20:09:39.0031 3984 Simbad - ok
20:09:39.0046 3984 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:09:39.0234 3984 SLIP - ok
20:09:39.0250 3984 Sparrow - ok
20:09:39.0328 3984 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:09:39.0484 3984 splitter - ok
20:09:39.0515 3984 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
20:09:39.0578 3984 Spooler - ok
20:09:39.0593 3984 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
20:09:39.0687 3984 sr - ok
20:09:39.0703 3984 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\System32\srsvc.dll
20:09:39.0968 3984 srservice - ok
20:09:40.0000 3984 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:09:40.0062 3984 Srv - ok
20:09:40.0078 3984 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
20:09:40.0171 3984 SSDPSRV - ok
20:09:40.0203 3984 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
20:09:40.0234 3984 ssmdrv - ok
20:09:40.0234 3984 SSPORT - ok
20:09:40.0265 3984 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
20:09:40.0453 3984 stisvc - ok
20:09:40.0484 3984 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:09:40.0656 3984 streamip - ok
20:09:40.0671 3984 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:09:40.0843 3984 swenum - ok
20:09:40.0859 3984 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:09:41.0031 3984 swmidi - ok
20:09:41.0031 3984 SwPrv - ok
20:09:41.0046 3984 symc810 - ok
20:09:41.0062 3984 symc8xx - ok
20:09:41.0078 3984 sym_hi - ok
20:09:41.0093 3984 sym_u3 - ok
20:09:41.0125 3984 SynTP (b248b5fe80b285b91cb1e6f85b0ae1d7) C:\WINDOWS\system32\DRIVERS\SynTP.sys
20:09:41.0203 3984 SynTP - ok
20:09:41.0234 3984 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:09:41.0406 3984 sysaudio - ok
20:09:41.0437 3984 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
20:09:41.0609 3984 SysmonLog - ok
20:09:41.0640 3984 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
20:09:41.0812 3984 TapiSrv - ok
20:09:41.0875 3984 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:09:41.0937 3984 Tcpip - ok
20:09:41.0953 3984 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:09:42.0109 3984 TDPIPE - ok
20:09:42.0156 3984 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:09:42.0328 3984 TDTCP - ok
20:09:42.0343 3984 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:09:42.0500 3984 TermDD - ok
20:09:42.0531 3984 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
20:09:42.0718 3984 TermService - ok
20:09:42.0750 3984 Themes (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
20:09:42.0781 3984 Themes - ok
20:09:42.0796 3984 TlntSvr (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\System32\tlntsvr.exe
20:09:42.0890 3984 TlntSvr - ok
20:09:42.0906 3984 TosIde - ok
20:09:42.0953 3984 TPDIGIMN (a44928f04032d49a6c2e151f869fb152) C:\WINDOWS\system32\DRIVERS\ApsHM86.sys
20:09:42.0968 3984 TPDIGIMN - ok
20:09:42.0984 3984 TPHDEXLGSVC (33d918574810b910de2cc18874d51c97) C:\WINDOWS\system32\TPHDEXLG.exe
20:09:43.0015 3984 TPHDEXLGSVC - ok
20:09:43.0046 3984 TPHKDRV (542770c8925e13b29b1ba63f05898058) C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys
20:09:43.0093 3984 TPHKDRV - ok
20:09:43.0109 3984 TPPWRIF (44672de6cea9569c21c4b7a8d2560750) C:\WINDOWS\system32\drivers\Tppwrif.sys
20:09:43.0125 3984 TPPWRIF ( UnsignedFile.Multi.Generic ) - warning
20:09:43.0125 3984 TPPWRIF - detected UnsignedFile.Multi.Generic (1)
20:09:43.0140 3984 TrkWks (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
20:09:43.0296 3984 TrkWks - ok
20:09:43.0328 3984 TSMAPIP (ea856d91b3c088ce331e7740c72f43a3) C:\WINDOWS\system32\drivers\TSMAPIP.SYS
20:09:43.0343 3984 TSMAPIP - ok
20:09:43.0421 3984 TUWinStylerThemeSvc (8f5d673617d0101fc85dd30a27fc20c4) C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
20:09:43.0453 3984 TUWinStylerThemeSvc ( UnsignedFile.Multi.Generic ) - warning
20:09:43.0453 3984 TUWinStylerThemeSvc - detected UnsignedFile.Multi.Generic (1)
20:09:43.0468 3984 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:09:43.0656 3984 Udfs - ok
20:09:43.0656 3984 UIUSys - ok
20:09:43.0671 3984 ultra - ok
20:09:43.0687 3984 UMWdf (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\system32\wdfmgr.exe
20:09:43.0765 3984 UMWdf - ok
20:09:43.0796 3984 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:09:44.0000 3984 Update - ok
20:09:44.0031 3984 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
20:09:44.0140 3984 upnphost - ok
20:09:44.0156 3984 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
20:09:44.0343 3984 UPS - ok
20:09:44.0359 3984 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:09:44.0515 3984 usbccgp - ok
20:09:44.0562 3984 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:09:44.0734 3984 usbehci - ok
20:09:44.0781 3984 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:09:44.0937 3984 usbhub - ok
20:09:44.0953 3984 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:09:45.0125 3984 usbprint - ok
20:09:45.0156 3984 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:09:45.0312 3984 usbscan - ok
20:09:45.0343 3984 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:09:45.0500 3984 USBSTOR - ok
20:09:45.0531 3984 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:09:45.0687 3984 usbuhci - ok
20:09:45.0703 3984 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:09:45.0859 3984 VgaSave - ok
20:09:45.0875 3984 ViaIde - ok
20:09:45.0890 3984 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
20:09:46.0062 3984 VolSnap - ok
20:09:46.0093 3984 VSS (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
20:09:46.0187 3984 VSS - ok
20:09:46.0218 3984 W32Time (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\System32\w32time.dll
20:09:46.0390 3984 W32Time - ok
20:09:46.0421 3984 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:09:46.0593 3984 Wanarp - ok
20:09:46.0593 3984 WDICA - ok
20:09:46.0625 3984 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:09:46.0796 3984 wdmaud - ok
20:09:46.0828 3984 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
20:09:46.0984 3984 WebClient - ok
20:09:47.0046 3984 winachsf (307d248f97835b6879bdd361086924fe) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
20:09:47.0093 3984 winachsf - ok
20:09:47.0156 3984 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
20:09:47.0328 3984 winmgmt - ok
20:09:47.0390 3984 WmdmPmSN (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\MsPMSNSv.dll
20:09:47.0437 3984 WmdmPmSN - ok
20:09:47.0484 3984 Wmi (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
20:09:47.0531 3984 Wmi - ok
20:09:47.0578 3984 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\System32\wbem\wmiapsrv.exe
20:09:47.0734 3984 WmiApSrv - ok
20:09:47.0765 3984 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
20:09:47.0796 3984 WpdUsb - ok
20:09:47.0921 3984 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:09:47.0968 3984 WPFFontCache_v0400 - ok
20:09:48.0031 3984 wscsvc (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
20:09:48.0203 3984 wscsvc - ok
20:09:48.0234 3984 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:09:48.0406 3984 WSTCODEC - ok
20:09:48.0421 3984 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
20:09:48.0609 3984 wuauserv - ok
20:09:48.0656 3984 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
20:09:48.0875 3984 WZCSVC - ok
20:09:48.0906 3984 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
20:09:49.0093 3984 xmlprov - ok
20:09:49.0125 3984 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
20:09:49.0359 3984 \Device\Harddisk0\DR0 - ok
20:09:49.0359 3984 Boot (0x1200) (3d31d5bc0e6e03e30ce042d04bd4f953) \Device\Harddisk0\DR0\Partition0
20:09:49.0359 3984 \Device\Harddisk0\DR0\Partition0 - ok
20:09:49.0406 3984 Boot (0x1200) (1f70e1be3945d5cc3fd28bd642382d80) \Device\Harddisk0\DR0\Partition1
20:09:49.0421 3984 \Device\Harddisk0\DR0\Partition1 - ok
20:09:49.0421 3984 ============================================================
20:09:49.0421 3984 Scan finished
20:09:49.0421 3984 ============================================================
20:09:49.0531 3612 Detected object count: 10
20:09:49.0531 3612 Actual detected object count: 10
20:12:14.0000 3612 AcPrfMgrSvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:14.0000 3612 AcPrfMgrSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:14.0000 3612 AcSvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:14.0000 3612 AcSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:14.0015 3612 ANC ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:14.0015 3612 ANC ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:14.0015 3612 AVerRemote ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:14.0015 3612 AVerRemote ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:14.0015 3612 AVerScheduleService ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:14.0015 3612 AVerScheduleService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:14.0015 3612 btwdins ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:14.0015 3612 btwdins ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:14.0015 3612 IBMTPCHK ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:14.0015 3612 IBMTPCHK ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:14.0015 3612 OMSI download service ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:14.0015 3612 OMSI download service ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:14.0015 3612 TPPWRIF ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:14.0015 3612 TPPWRIF ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:14.0015 3612 TUWinStylerThemeSvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:14.0015 3612 TUWinStylerThemeSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
17.04.2012, 19:54
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | eType Virus Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.04.2012, 20:28
| #15 |
| | eType Virus Anbei die Log-Datei: Combofix Logfile: Code:
ATTFilter ComboFix 12-04-16.04 - Peter Lustig 17.04.2012 21:14:02.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.3062.2558 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Peter Lustig\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programme\xp-AntiSpy
c:\programme\xp-AntiSpy\Uninstall.exe
c:\programme\xp-AntiSpy\xp-AntiSpy.chm
c:\programme\xp-AntiSpy\xp-AntiSpy.exe
c:\programme\xp-AntiSpy\xp-AntiSpy.url
c:\windows\system32\pthreadVC.dll
c:\windows\system32\TPHDLOG0.LOG
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-03-17 bis 2012-04-17 ))))))))))))))))))))))))))))))
.
.
2012-04-17 16:07 . 2012-04-17 16:07 -------- d-----w- c:\dokumente und einstellungen\Administrator
2012-04-16 19:45 . 2012-04-16 19:45 -------- d-----w- C:\_OTL
2012-04-15 19:40 . 2012-04-15 19:40 -------- d-----w- c:\programme\ESET
2012-04-15 10:32 . 2012-04-15 10:32 -------- d-----w- c:\dokumente und einstellungen\Peter Lustig\Anwendungsdaten\SUPERAntiSpyware.com
2012-04-15 10:31 . 2012-04-15 10:32 -------- d-----w- c:\programme\SUPERAntiSpyware
2012-04-15 10:31 . 2012-04-15 10:31 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
2012-04-15 07:23 . 2012-04-15 07:23 -------- d-----w- c:\dokumente und einstellungen\Peter Lustig\Anwendungsdaten\Malwarebytes
2012-04-15 07:23 . 2012-04-15 07:23 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-04-15 07:23 . 2012-04-15 07:23 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2012-04-15 07:23 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-14 22:29 . 2012-04-15 07:27 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\bProtector
2012-04-14 22:29 . 2012-04-14 22:29 793080 ----a-w- c:\windows\system32\protector.dll
2012-04-14 22:29 . 2012-04-14 22:32 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\IBUpdaterService
2012-04-04 11:47 . 2012-04-04 11:47 -------- d-----w- c:\programme\DVDVideoSoft
2012-04-02 11:54 . 2012-04-02 11:54 -------- d-----w- c:\dokumente und einstellungen\Peter Lustig\Anwendungsdaten\SunODFPluginforMicrosoftOffice
2012-04-02 11:52 . 2012-04-14 18:27 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-02 11:41 . 2012-04-02 12:10 -------- d-----w- c:\programme\Sun
2012-03-20 17:47 . 2012-03-20 17:47 -------- d-----w- c:\dokumente und einstellungen\Peter Lustig\Lokale Einstellungen\Anwendungsdaten\Identities
2012-03-19 13:40 . 2012-03-19 13:40 592824 ----a-w- c:\programme\Mozilla Firefox\gkmedias.dll
2012-03-19 13:40 . 2012-03-19 13:40 44472 ----a-w- c:\programme\Mozilla Firefox\mozglue.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 18:27 . 2011-11-04 20:44 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-02 06:46 . 2012-03-02 06:46 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-02 06:46 . 2011-11-19 15:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-01 11:00 . 2001-08-18 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:00 . 2001-08-18 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:00 . 2001-08-18 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:09 . 2001-08-18 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:09 . 2001-08-18 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2011-11-03 15:42 385024 ------w- c:\windows\system32\html.iec
2012-02-15 14:36 . 2011-11-04 19:11 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-02-03 09:57 . 2001-08-18 12:00 1860224 ----a-w- c:\windows\system32\win32k.sys
2012-03-19 13:40 . 2011-11-04 19:23 97208 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\programme\NetWaiting\NetWaiting.exe" [2007-01-08 26152]
"SUPERAntiSpyware"="c:\programme\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\programme\Synaptics\SynTP\SynTPLpr.exe" [2007-07-05 110592]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2007-07-05 512000]
"TPFNF7"="c:\progra~1\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-04-09 58416]
"SoundMAXPnP"="c:\programme\Analog Devices\Core\smax4pnp.exe" [2007-04-09 1015808]
"ACTray"="c:\programme\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 413696]
"ACWLIcon"="c:\programme\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 126976]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-28 243248]
"TPHOTKEY"="c:\programme\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176]
"TpShocks"="TpShocks.exe" [2007-09-28 181544]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-09-05 200704]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-09-05 208896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-07 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-07 162328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-07 137752]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2011-10-19 258512]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-01-18 254696]
"SweetIM"="c:\programme\SweetIM\Messenger\SweetIM.exe" [2012-02-16 114992]
"Sweetpacks Communicator"="c:\programme\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-02-26 295728]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
BTTray.lnk - c:\programme\ThinkPad\Bluetooth Software\BTTray.exe [2007-2-27 561213]
Digital Line Detect.lnk - c:\programme\Digital Line Detect\DLG.exe [2011-11-4 50688]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programme\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\programme\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 07:37 34344 ----a-w- c:\programme\Lenovo\HOTKEY\notifyf2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2006-12-14 02:06 28672 ----a-w- c:\programme\Lenovo\HOTKEY\tphklock.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=protector.dll
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AVer HID Receiver.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\AVer HID Receiver.lnk
backup=c:\windows\pss\AVer HID Receiver.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AVerQuick.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\AVerQuick.lnk
backup=c:\windows\pss\AVerQuick.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Digital Imaging Monitor.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^McAfee Security Scan Plus.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 21:16 39792 ----a-w- c:\programme\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2003-06-25 10:24 49152 ----a-w- c:\programme\HP\HP Software Update\hpwuSchd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-11-04 20:34 127040 ----a-w- c:\programme\ICQ7.6\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 06:52 1695232 ------w- c:\programme\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr]
2009-08-14 08:10 614400 ----a-w- c:\windows\Samsung\PanelMgr\SSMMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 08:27 17351304 ----a-r- c:\programme\Skype\Phone\Skype.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\ICQ7.6\\ICQ.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Programme\\SweetIM\\Communicator\\SweetPacksUpdateManager.exe"=
.
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [28.09.2007 17:28 19504]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [04.11.2011 21:11 36000]
R1 SASDIFSV;SASDIFSV;c:\programme\SUPERAntiSpyware\sasdifsv.sys [22.07.2011 18:27 12880]
R1 SASKUTIL;SASKUTIL;c:\programme\SUPERAntiSpyware\SASKUTIL.SYS [12.07.2011 23:55 67664]
R2 !SASCORE;SAS Core Service;c:\programme\SUPERAntiSpyware\SASCore.exe [12.08.2011 01:38 116608]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [04.11.2011 21:11 86224]
R2 AVerRemote;AVerRemote;c:\programme\Gemeinsame Dateien\AVerMedia\Service\AVerRemote.exe [03.11.2011 19:02 344064]
R2 AVerScheduleService;AVerScheduleService;c:\programme\Gemeinsame Dateien\AVerMedia\Service\AVerScheduleService.exe [03.11.2011 19:02 389120]
R2 IBUpdaterService;Updater Service;c:\dokumente und einstellungen\All Users\Anwendungsdaten\IBUpdaterService\ibsvc.exe [15.04.2012 00:29 342968]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [13.11.2011 16:30 90112]
R3 AVerAF35;AVerMedia A835 USB DVB-T;c:\windows\system32\drivers\AVerAF35.sys [03.11.2011 19:04 474880]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [13.11.2011 16:31 27632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.03.2010 14:16 130384]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [02.04.2012 13:52 253088]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.03.2010 14:16 753504]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-13 c:\windows\Tasks\1-Klick-Wartung.job
- c:\programme\TuneUp Utilities 2006\SystemOptimizer.exe [2005-08-24 01:29]
.
2012-04-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 18:27]
.
2012-04-17 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2011-11-04 16:18]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
IE: Bild in &Microsoft PhotoDraw öffnen - c:\progra~1\MICROS~2\Office\1031\phdintl.dll/phdContext.htm
IE: Free YouTube to MP3 Converter - c:\dokumente und einstellungen\Peter Lustig\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Senden an &Bluetooth-Gerät... - c:\programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Web-Suche - c:\programme\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\programme\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\dokumente und einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\u6r1xior.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/resultsext.aspx?ctid=ct2269050&searchsource=3&q={searchterms}
FF - prefs.js: browser.search.selectedengine - google
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/em/
FF - prefs.js: keyword.url - hxxp://dts.search-results.com/sr?src=ffb&appid=286&systemid=406&sr=0&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{d0230100-3044-43b1-a44e-70dc12fd418c} - (no file)
Toolbar-{d0230100-3044-43b1-a44e-70dc12fd418c} - (no file)
Notify-ACNotify - ACNotify.dll
AddRemove-xp-AntiSpy - c:\programme\xp-AntiSpy\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-04-17 21:22
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(976)
c:\programme\SUPERAntiSpyware\SASWINLO.DLL
c:\programme\ThinkPad\ConnectUtilities\ACNotify.dll
c:\programme\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\programme\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\programme\ThinkPad\ConnectUtilities\ACHelper.dll
c:\programme\Lenovo\HOTKEY\tphklock.dll
.
- - - - - - - > 'explorer.exe'(2428)
c:\windows\system32\btmmhook.dll
c:\windows\system32\webcheck.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\System32\TPHDEXLG.exe
c:\windows\system32\wdfmgr.exe
c:\programme\ThinkPad\ConnectUtilities\AcSvc.exe
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\TpShocks.exe
c:\windows\system32\rundll32.exe
c:\programme\Lenovo\HOTKEY\TPONSCR.exe
c:\windows\system32\igfxsrvc.exe
c:\programme\Lenovo\Zoom\TpScrex.exe
c:\progra~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-04-17 21:25:59 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-04-17 19:25
.
Vor Suchlauf: 10 Verzeichnis(se), 110.822.125.568 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 110.696.505.344 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - C5BE54E6C021F37F63153A9DEA4D1182
10.45 Uhr: Die Fehlermeldung erscheint nun auch nicht mehr beim Starten!  |
|
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
