Hallo,
Kurz ein "Intermezzo"
Nach der Durchführung Deiner Anweisung:
"um den Autostart von Windows XP zu verwalten:-> "Start-> ausführen-> "msconfig" (reinschreiben ohne ""-> OK -> Systemstart-> Häckhen raus-> Neustart"
komme ich in eine Art "Endlosschleife".... Es passiert nämlich folgendes:
Nach Systemneustart
1
kommt folgende Meldung:
„Systemkonfigurationsprogramm
Sie haben das Systemkonfigurationsprogramm verwendet, um einige Änderungen an den Windows-Startoptionen vorzunehmen.
Das Systemkonfigurationsprogramm befindet sich zurzeit im Diagnosemodus oder im Modus für den benutzerdefinierten Systemstart. Daher wird diese Mitteilung angezeigt und dieses Programm bei jedem Windows-Systemstart ausgeführt.
Wählen Sie den normalen Systemstart auf der Registerkarte „Allgemein“, um Windows normal zu starten und sämtliche Änderungen, die unter Verwendung des Systemkonfigurationsprogramm durchgeführt wurden, rückgängig zu machen.“
Nach click auf "OK"
2
wird dann das Systemkonfigurationsprogramm geöffnet in der Registerkarte „Allgemein“:
Systemstartauswahl
Benutzerdefinierter Systemstart
Hier sind dann Häckchen an:
Datei SYSTEM.INI verarbeiten
Datei WIN.INI verarbeiten
Systemdienste laden
3
In der Registerkarte „Systemstart“ sieht es dann so aus:
Häckchen an:
igfxtray
igfxpers
hkcmd
Keine häckchen an:
AdobeARM
LifeExp
mbamgui
asseces
msmsgs
launcher
jusched
tp4mon
BTTray
Wenn ich auf OK gehe (da erwartete ich, dass das Systemkonfigurationsprogramm schließt)
4
kommt folgende Meldung:
„Systemkonfiguration
Es wurde ein Zugriffsverweigerungsfehler, beim Versuch einen Dienst zu ändern, zurückgegeben. Sie können sich als Administrator anmelden, um diese Änderung durchzuführen“
Nach click auf OK kommt dann
5
„Systemkonfiguration
Sie müssen den Computer neu starten, damit alle Änderungen an der Systemkonfiguration wirksam werden“
Dann gehe ich auf „Computer neu starten“
6
Danach geht bei Systemneustart es von vorn (also bei 1) los.
:confused:
7
Beim Neustart habe ich dann in der Meldung (siehe 1) unten in das Kästchen "Programm nicht ausführen & Meldung nicht mehr anzeigen" ein Häckchen gesetzt
Nun frage ich Dich: Ist alles ok so? Oder sollte ich irgendwo bei „Systemstart“ im Systemkonfigurationsprogramm doch ein Häckchen irgendwo wieder dran machen?
....Nun zurück zur Hauptsache....
Textfile nach OTL-Fix Code:
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
Prefs.js: "chr-greentree_ff&type=302398" removed from browser.search.param.yahoo-fr
Prefs.js: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p=" removed from keyword.URL
C:\Programme\Mozilla Firefox\searchplugins\bing.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
File move failed. F:\AUTORUN.INF scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{71616d3c-3426-11e1-872b-000e9bdcd09e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71616d3c-3426-11e1-872b-000e9bdcd09e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{71616d3c-3426-11e1-872b-000e9bdcd09e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71616d3c-3426-11e1-872b-000e9bdcd09e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{71616d3c-3426-11e1-872b-000e9bdcd09e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71616d3c-3426-11e1-872b-000e9bdcd09e}\ not found.
File H:\iStudio.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b8f10fee-00b6-11e0-84a2-000ae43a3f3c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b8f10fee-00b6-11e0-84a2-000ae43a3f3c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b8f10fee-00b6-11e0-84a2-000ae43a3f3c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b8f10fee-00b6-11e0-84a2-000ae43a3f3c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b8f10fee-00b6-11e0-84a2-000ae43a3f3c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b8f10fee-00b6-11e0-84a2-000ae43a3f3c}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ba18daea-a73e-11df-83b1-000e9bdcd09e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba18daea-a73e-11df-83b1-000e9bdcd09e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ba18daea-a73e-11df-83b1-000e9bdcd09e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba18daea-a73e-11df-83b1-000e9bdcd09e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ba18daea-a73e-11df-83b1-000e9bdcd09e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba18daea-a73e-11df-83b1-000e9bdcd09e}\ not found.
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
ADS C:\WINDOWS\System32\drivers:GbpKmAp.lst deleted successfully.
ADS C:\WINDOWS\system32:E6FFEDAD_Bb.gbp deleted successfully.
========== FILES ==========
C:\Dokumente und Einstellungen\Gaspar\Anwendungsdaten\kodak folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Local Settings\Temp folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Local Settings folder moved successfully.
C:\Dokumente und Einstellungen\Gaspar\Anwendungsdaten\Search Settings\temp folder moved successfully.
C:\Dokumente und Einstellungen\Gaspar\Anwendungsdaten\Search Settings\res folder moved successfully.
C:\Dokumente und Einstellungen\Gaspar\Anwendungsdaten\Search Settings folder moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-725345543-1606980848-1004UA.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-725345543-1606980848-1004Core.job moved successfully. < ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Auflösungscache wurde geleert.
C:\Dokumente und Einstellungen\Gaspar\Desktop\cmd.bat deleted successfully.
C:\Dokumente und Einstellungen\Gaspar\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: admin
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: Gaspar
->Temp folder emptied: 24143938 bytes
->Temporary Internet Files folder emptied: 2384044 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 114655977 bytes
->Flash cache emptied: 527 bytes
User: Gast
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 140856 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2366775 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 677375 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 138,00 mb
OTL by OldTimer - Version 3.2.39.2 log created on 04092012_165544
Files\Folders moved on Reboot...
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
File move failed. F:\AUTORUN.INF scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_8ac.dat moved successfully.
Registry entries deleted on Reboot... ...Weiter...
Java aktualisierung: erfolgt
Systemreinigung mit CC-cleaner: erfolgt
Superantispyware: Scan Log Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 04/09/2012 at 06:42 PM
Application Version : 5.0.1146
Core Rules Database Version : 8424
Trace Rules Database Version: 6236
Scan type : Complete Scan
Total Scan Time : 00:57:21
Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator
Memory items scanned : 543
Memory threats detected : 0
Registry items scanned : 33887
Registry threats detected : 9
File items scanned : 24621
File threats detected : 0
Browser Hijacker.Internet Explorer Zone Hijack
HKU\S-1-5-21-1644491937-725345543-1606980848-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\com.br
HKU\S-1-5-21-1644491937-725345543-1606980848-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\com.br\www.bancobrasil
HKU\S-1-5-21-1644491937-725345543-1606980848-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\com.br\www.bancobrasil#*
HKU\S-1-5-21-1644491937-725345543-1606980848-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\com.br\www.bb
HKU\S-1-5-21-1644491937-725345543-1606980848-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\com.br\www.bb#*
HKU\S-1-5-21-1644491937-725345543-1606980848-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\com.br\www14.bancobrasil
HKU\S-1-5-21-1644491937-725345543-1606980848-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\com.br\www14.bancobrasil#*
HKU\S-1-5-21-1644491937-725345543-1606980848-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\com.br\www2.bancobrasil
HKU\S-1-5-21-1644491937-725345543-1606980848-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\com.br\www2.bancobrasil#* Die Threats wurden dann durch Superantipyware auf Quarantäne gesetzt und entfernt.
...Weiter...
Autorun ausschalten: erfolgt mit TweakUI
Externe Datenträger: angechlossen ohne Autorun
Online Scan mit Eset: erfolgt
...Weiter...
Scan mit OTL: erfolgt
OTL.txt Code:
OTL logfile created on: 09.04.2012 21:59:34 - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Dokumente und Einstellungen\Gaspar\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1014,42 Mb Total Physical Memory | 321,48 Mb Available Physical Memory | 31,69% Memory free
2,38 Gb Paging File | 1,92 Gb Available in Paging File | 80,53% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 25,39 Gb Total Space | 14,54 Gb Free Space | 57,29% Space Free | Partition Type: NTFS
Drive D: | 30,49 Gb Total Space | 11,45 Gb Free Space | 37,54% Space Free | Partition Type: NTFS
Drive F: | 22,35 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive H: | 14,82 Gb Total Space | 6,57 Gb Free Space | 44,30% Space Free | Partition Type: FAT32
Drive I: | 232,88 Gb Total Space | 172,65 Gb Free Space | 74,14% Space Free | Partition Type: NTFS
Computer Name: ADMIN-B7BC655BD | User Name: Gaspar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.04.06 11:49:55 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Gaspar\Desktop\OTL.exe
PRC - [2012.01.18 14:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.12.21 17:31:24 | 000,204,872 | ---- | M] ( ) -- C:\Programme\GbPlugin\GbpSv.exe
PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe
PRC - [2011.04.27 16:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010.05.20 16:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe
PRC - [2010.04.22 18:02:50 | 000,243,048 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2010.04.22 18:02:48 | 000,103,784 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2010.04.22 17:13:00 | 000,176,128 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2009.03.24 17:10:08 | 000,114,688 | ---- | M] () -- C:\Programme\Mobile Partner\Mobile Partner.exe
PRC - [2008.04.14 08:53:04 | 000,082,944 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\tp4mon.exe
PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.11.26 15:58:08 | 000,264,800 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
========== Modules (No Company Name) ==========
MOD - [2012.01.03 15:10:46 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2011.08.28 23:19:12 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2010.04.22 17:34:04 | 000,048,128 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\Res\GR\GUIHlprRes.dll
MOD - [2010.04.22 17:33:36 | 000,081,920 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\Res\GR\SvcHlprRes.dll
MOD - [2010.04.22 17:00:26 | 000,020,480 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\ACNewBiosHelper.dll
MOD - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
MOD - [2009.05.20 10:21:14 | 000,139,264 | ---- | M] () -- C:\Programme\Mobile Partner\LocaleMgrPlugin.dll
MOD - [2009.05.20 10:20:28 | 000,159,744 | ---- | M] () -- C:\Programme\Mobile Partner\SMSPlugin.dll
MOD - [2009.05.20 10:19:32 | 000,032,768 | ---- | M] () -- C:\Programme\Mobile Partner\NotifyServicePlugin.dll
MOD - [2009.05.20 10:17:08 | 000,057,344 | ---- | M] () -- C:\Programme\Mobile Partner\ConfigFilePlugin.dll
MOD - [2009.05.20 10:15:42 | 000,098,304 | ---- | M] () -- C:\Programme\Mobile Partner\DeviceMgrPlugin.dll
MOD - [2009.05.20 10:13:14 | 000,139,264 | ---- | M] () -- C:\Programme\Mobile Partner\NetInfoPlugin.dll
MOD - [2009.05.20 10:10:26 | 000,090,112 | ---- | M] () -- C:\Programme\Mobile Partner\DialUpPlugin.dll
MOD - [2009.05.20 10:09:12 | 000,176,128 | ---- | M] () -- C:\Programme\Mobile Partner\DeviceMgrUIPlugin.dll
MOD - [2009.05.20 09:53:38 | 000,860,160 | ---- | M] () -- C:\Programme\Mobile Partner\NDISAPI.dll
MOD - [2009.03.24 17:10:08 | 000,114,688 | ---- | M] () -- C:\Programme\Mobile Partner\Mobile Partner.exe
MOD - [2009.03.10 20:06:04 | 000,061,440 | R--- | M] () -- C:\Programme\Mobile Partner\XCodec.dll
MOD - [2009.03.10 20:06:02 | 000,061,440 | R--- | M] () -- C:\Programme\Mobile Partner\DeviceOperate.dll
MOD - [2009.03.10 20:06:00 | 000,155,648 | R--- | M] () -- C:\Programme\Mobile Partner\DetectDev.dll
MOD - [2009.03.10 20:05:58 | 000,561,152 | R--- | M] () -- C:\Programme\Mobile Partner\atcomm.dll
MOD - [2008.09.16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2008.04.14 07:52:18 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007.11.26 15:56:04 | 002,842,624 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2007.08.23 16:39:30 | 000,014,848 | R--- | M] () -- C:\Programme\Mobile Partner\isaputrace.dll
MOD - [2007.07.31 15:50:04 | 000,090,112 | R--- | M] () -- C:\Programme\Mobile Partner\FileManager.dll
MOD - [2001.10.28 18:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll
========== Win32 Services (SafeList) ==========
SRV - [2012.04.05 01:19:32 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.12.21 17:31:24 | 000,204,872 | ---- | M] ( ) [Auto | Running] -- C:\Programme\GbPlugin\GbpSv.exe -- (GbpSv)
SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011.04.27 16:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010.05.20 16:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2010.04.22 18:02:50 | 000,243,048 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2010.04.22 18:02:48 | 000,103,784 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2007.11.26 15:58:08 | 000,264,800 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2005.11.14 02:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter.sys -- (massfilter)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012.01.30 19:44:47 | 000,042,192 | ---- | M] (GAS Tecnologia) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GbpNdisrd.sys -- (NdisrdMP)
DRV - [2012.01.30 19:44:47 | 000,042,192 | ---- | M] (GAS Tecnologia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GbpNdisrd.sys -- (Ndisrd)
DRV - [2011.12.21 17:32:06 | 000,045,896 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\gbpkm.sys -- (GbpKm)
DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.05.20 16:27:24 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2009.11.17 15:20:40 | 000,021,504 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Ndisprot.sys -- (Ndisprot)
DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.06.22 19:38:16 | 000,102,528 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.06.22 19:24:46 | 000,100,480 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009.03.13 13:47:26 | 000,012,560 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp) SMI Helper Driver (smihlp)
DRV - [2008.05.12 20:22:04 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2007.11.27 15:40:00 | 000,539,512 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2007.11.27 15:40:00 | 000,074,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007.11.21 10:51:00 | 000,879,624 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007.06.29 11:38:00 | 000,156,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007.05.02 12:34:32 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007.03.31 12:02:00 | 000,055,352 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2007.03.23 09:50:00 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007.03.23 09:50:00 | 000,037,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2007.02.08 15:51:16 | 002,209,408 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2006.08.29 00:12:00 | 000,990,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006.08.29 00:11:00 | 000,247,808 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2006.08.29 00:10:00 | 000,728,576 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005.09.28 17:07:02 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2001.08.17 14:48:14 | 000,011,520 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TwoTrack.sys -- (TwoTrack)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.param.yahoo-fr: ""
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.03.19 19:15:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.03.10 20:22:48 | 000,000,000 | ---D | M]
[2011.04.03 12:18:18 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Gaspar\Anwendungsdaten\Mozilla\Extensions
[2012.03.10 20:53:45 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Gaspar\Anwendungsdaten\Mozilla\Firefox\Profiles\lz05b281.default\extensions
[2012.04.09 17:15:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.02.19 17:02:31 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.04.09 17:15:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012.04.09 17:15:19 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012.03.19 19:15:58 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.04.09 17:15:17 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2012.03.03 21:31:05 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.03 21:31:04 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.03 21:31:04 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.03 21:31:04 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
O1 HOSTS File: ([2012.01.30 19:54:33 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Programme\GbPlugin\gbieh.dll (Banco do Brasil)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TrackPointSrv] C:\WINDOWS\System32\tp4mon.exe (IBM Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{671DEE8C-D947-4BFB-B16A-2BA0A59032AC}: NameServer = 193.189.244.225 193.189.244.206
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Programme\GbPlugin\gbieh.dll) - C:\Programme\GbPlugin\gbieh.dll (Banco do Brasil)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Programme\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\ACNotify: DllName - (ACNotify.dll) - C:\Programme\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O20 - Winlogon\Notify\psfus: DllName - (C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Programme\GbPlugin\gbieh.dll (Banco do Brasil)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.06.01 21:40:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.01.21 03:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.) - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2007.11.18 01:41:52 | 000,000,047 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012.04.09 19:24:42 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Gaspar\Desktop\esetsmartinstaller_enu.exe
[2012.04.09 19:11:42 | 000,266,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TweakUI.exe
[2012.04.09 19:11:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Powertoys for Windows XP
[2012.04.09 17:39:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gaspar\Anwendungsdaten\SUPERAntiSpyware.com
[2012.04.09 17:37:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
[2012.04.09 17:37:33 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware
[2012.04.09 17:23:49 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Gaspar\Recent
[2012.04.09 17:19:03 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java
[2012.04.09 17:15:53 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012.04.09 17:15:52 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012.04.09 17:15:52 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012.04.09 17:15:52 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012.04.09 17:15:03 | 000,000,000 | ---D | C] -- C:\Programme\Java
[2012.04.09 16:55:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.04.06 12:28:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CCleaner
[2012.04.06 12:28:08 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2012.04.06 11:49:43 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Gaspar\Desktop\OTL.exe
[2012.04.05 23:32:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gaspar\Anwendungsdaten\Malwarebytes
[2012.04.05 23:32:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.04.05 23:32:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.04.05 23:31:58 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.04.05 23:31:57 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.04.05 01:19:32 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012.04.03 16:54:22 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.04.02 18:57:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gaspar\Desktop\cifras
[2012.03.18 14:22:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\PCHealth
[2012.01.30 19:27:52 | 002,139,720 | ---- | C] (Banco do Brasil SA) -- C:\Programme\DiagnosticoBB.exe
========== Files - Modified Within 30 Days ==========
[2012.04.09 21:24:03 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.04.09 19:24:49 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Gaspar\Desktop\esetsmartinstaller_enu.exe
[2012.04.09 17:34:47 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012.04.09 17:32:29 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.04.09 17:29:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.04.09 17:25:37 | 000,039,194 | ---- | M] () -- C:\Dokumente und Einstellungen\Gaspar\Desktop\cc_20120409_172516.reg
[2012.04.09 17:15:14 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012.04.09 17:15:14 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012.04.09 17:15:14 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012.04.09 17:15:14 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012.04.09 17:15:13 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012.04.07 20:14:07 | 000,072,129 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2012.04.07 20:13:54 | 000,001,534 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ss.ini
[2012.04.07 14:26:03 | 000,100,864 | ---- | M] () -- C:\Dokumente und Einstellungen\Gaspar\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.04.06 23:24:52 | 000,581,100 | ---- | M] () -- C:\Dokumente und Einstellungen\Gaspar\Desktop\15yAnalysisTHAdysplasia.pdf
[2012.04.06 11:49:55 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Gaspar\Desktop\OTL.exe
[2012.04.05 01:19:32 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012.04.05 01:19:32 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012.03.27 23:07:20 | 000,519,804 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.03.27 23:07:20 | 000,495,852 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.03.27 23:07:20 | 000,101,534 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.03.27 23:07:20 | 000,084,440 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.03.15 20:07:00 | 000,194,568 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
========== Files Created - No Company Name ==========
[2012.04.09 19:11:42 | 000,160,217 | ---- | C] () -- C:\WINDOWS\System32\PowerToysLicense.rtf
[2012.04.09 17:25:25 | 000,039,194 | ---- | C] () -- C:\Dokumente und Einstellungen\Gaspar\Desktop\cc_20120409_172516.reg
[2012.04.06 23:24:52 | 000,581,100 | ---- | C] () -- C:\Dokumente und Einstellungen\Gaspar\Desktop\15yAnalysisTHAdysplasia.pdf
[2012.04.05 01:19:34 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.03.10 20:37:39 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2012.02.18 22:58:24 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.04.22 23:33:29 | 000,072,129 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2011.04.22 23:24:56 | 000,001,534 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ss.ini
[2010.11.07 15:11:07 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.08.29 11:42:31 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2010.08.29 11:42:31 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2010.08.29 11:42:31 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2010.08.29 11:42:31 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2010.08.29 11:42:31 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2010.08.07 14:59:05 | 000,482,312 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2010.08.07 11:26:45 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2010.07.28 21:32:05 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.07.08 19:55:09 | 000,100,864 | ---- | C] () -- C:\Dokumente und Einstellungen\Gaspar\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.02 12:12:38 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010.06.02 11:36:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.06.02 11:23:32 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010.06.01 22:28:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010.06.01 22:26:59 | 000,194,568 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.06.01 21:44:48 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010.06.01 21:36:34 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
========== LOP Check ==========
[2010.06.02 12:12:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2011.04.22 23:24:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FreeRIP
[2012.01.30 19:30:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GbPlugin
[2011.09.30 11:08:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2010.06.02 10:37:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UIB
[2011.09.30 10:52:19 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2011.06.09 00:29:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gaspar\Anwendungsdaten\Canneverbe Limited
[2012.04.05 20:49:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gaspar\Anwendungsdaten\FileZilla
[2012.03.10 03:30:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gaspar\Anwendungsdaten\pdfforge
[2011.09.30 10:53:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gaspar\Anwendungsdaten\TuneUp Software
[2011.04.22 23:04:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gaspar\Anwendungsdaten\XMedia Recode
[2012.04.09 17:34:47 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 208 bytes -> C:\WINDOWS\System32\drivers:GbpKmAp.lst
< End of report > Beim 1. Run war im OTL die Option "Extra-Registrierung" auf "aus"
Nach Änderung auf "Benutze SafeList" nun nochmal die Dateien
OTL.Txt Code:
OTL logfile created on: 09.04.2012 22:27:03 - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Dokumente und Einstellungen\Gaspar\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1014,42 Mb Total Physical Memory | 455,55 Mb Available Physical Memory | 44,91% Memory free
2,38 Gb Paging File | 2,05 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 25,39 Gb Total Space | 14,54 Gb Free Space | 57,26% Space Free | Partition Type: NTFS
Drive D: | 30,49 Gb Total Space | 11,45 Gb Free Space | 37,54% Space Free | Partition Type: NTFS
Drive F: | 22,35 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive H: | 14,82 Gb Total Space | 6,57 Gb Free Space | 44,30% Space Free | Partition Type: FAT32
Drive I: | 232,88 Gb Total Space | 172,65 Gb Free Space | 74,14% Space Free | Partition Type: NTFS
Computer Name: ADMIN-B7BC655BD | User Name: Gaspar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.04.06 11:49:55 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Gaspar\Desktop\OTL.exe
PRC - [2012.01.18 14:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.12.21 17:31:24 | 000,204,872 | ---- | M] ( ) -- C:\Programme\GbPlugin\GbpSv.exe
PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe
PRC - [2011.04.27 16:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010.05.20 16:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe
PRC - [2010.04.22 18:02:50 | 000,243,048 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2010.04.22 18:02:48 | 000,103,784 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2010.04.22 17:13:00 | 000,176,128 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2009.03.24 17:10:08 | 000,114,688 | ---- | M] () -- C:\Programme\Mobile Partner\Mobile Partner.exe
PRC - [2008.04.14 08:53:04 | 000,082,944 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\tp4mon.exe
PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.11.26 15:58:08 | 000,264,800 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
========== Modules (No Company Name) ==========
MOD - [2012.01.03 15:10:46 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2011.08.28 23:19:12 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2010.04.22 17:34:04 | 000,048,128 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\Res\GR\GUIHlprRes.dll
MOD - [2010.04.22 17:33:36 | 000,081,920 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\Res\GR\SvcHlprRes.dll
MOD - [2010.04.22 17:00:26 | 000,020,480 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\ACNewBiosHelper.dll
MOD - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
MOD - [2009.05.20 10:21:14 | 000,139,264 | ---- | M] () -- C:\Programme\Mobile Partner\LocaleMgrPlugin.dll
MOD - [2009.05.20 10:20:28 | 000,159,744 | ---- | M] () -- C:\Programme\Mobile Partner\SMSPlugin.dll
MOD - [2009.05.20 10:19:32 | 000,032,768 | ---- | M] () -- C:\Programme\Mobile Partner\NotifyServicePlugin.dll
MOD - [2009.05.20 10:17:08 | 000,057,344 | ---- | M] () -- C:\Programme\Mobile Partner\ConfigFilePlugin.dll
MOD - [2009.05.20 10:15:42 | 000,098,304 | ---- | M] () -- C:\Programme\Mobile Partner\DeviceMgrPlugin.dll
MOD - [2009.05.20 10:13:14 | 000,139,264 | ---- | M] () -- C:\Programme\Mobile Partner\NetInfoPlugin.dll
MOD - [2009.05.20 10:10:26 | 000,090,112 | ---- | M] () -- C:\Programme\Mobile Partner\DialUpPlugin.dll
MOD - [2009.05.20 10:09:12 | 000,176,128 | ---- | M] () -- C:\Programme\Mobile Partner\DeviceMgrUIPlugin.dll
MOD - [2009.05.20 09:53:38 | 000,860,160 | ---- | M] () -- C:\Programme\Mobile Partner\NDISAPI.dll
MOD - [2009.03.24 17:10:08 | 000,114,688 | ---- | M] () -- C:\Programme\Mobile Partner\Mobile Partner.exe
MOD - [2009.03.10 20:06:04 | 000,061,440 | R--- | M] () -- C:\Programme\Mobile Partner\XCodec.dll
MOD - [2009.03.10 20:06:02 | 000,061,440 | R--- | M] () -- C:\Programme\Mobile Partner\DeviceOperate.dll
MOD - [2009.03.10 20:06:00 | 000,155,648 | R--- | M] () -- C:\Programme\Mobile Partner\DetectDev.dll
MOD - [2009.03.10 20:05:58 | 000,561,152 | R--- | M] () -- C:\Programme\Mobile Partner\atcomm.dll
MOD - [2008.09.16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2008.04.14 07:52:18 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007.11.26 15:56:04 | 002,842,624 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2007.08.23 16:39:30 | 000,014,848 | R--- | M] () -- C:\Programme\Mobile Partner\isaputrace.dll
MOD - [2007.07.31 15:50:04 | 000,090,112 | R--- | M] () -- C:\Programme\Mobile Partner\FileManager.dll
MOD - [2001.10.28 18:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll
========== Win32 Services (SafeList) ==========
SRV - [2012.04.05 01:19:32 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.12.21 17:31:24 | 000,204,872 | ---- | M] ( ) [Auto | Running] -- C:\Programme\GbPlugin\GbpSv.exe -- (GbpSv)
SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011.04.27 16:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010.05.20 16:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2010.04.22 18:02:50 | 000,243,048 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2010.04.22 18:02:48 | 000,103,784 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2007.11.26 15:58:08 | 000,264,800 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2005.11.14 02:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter.sys -- (massfilter)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012.01.30 19:44:47 | 000,042,192 | ---- | M] (GAS Tecnologia) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GbpNdisrd.sys -- (NdisrdMP)
DRV - [2012.01.30 19:44:47 | 000,042,192 | ---- | M] (GAS Tecnologia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GbpNdisrd.sys -- (Ndisrd)
DRV - [2011.12.21 17:32:06 | 000,045,896 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\gbpkm.sys -- (GbpKm)
DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.05.20 16:27:24 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2009.11.17 15:20:40 | 000,021,504 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Ndisprot.sys -- (Ndisprot)
DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.06.22 19:38:16 | 000,102,528 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.06.22 19:24:46 | 000,100,480 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009.03.13 13:47:26 | 000,012,560 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp) SMI Helper Driver (smihlp)
DRV - [2008.05.12 20:22:04 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2007.11.27 15:40:00 | 000,539,512 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2007.11.27 15:40:00 | 000,074,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007.11.21 10:51:00 | 000,879,624 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007.06.29 11:38:00 | 000,156,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007.05.02 12:34:32 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007.03.31 12:02:00 | 000,055,352 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2007.03.23 09:50:00 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007.03.23 09:50:00 | 000,037,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2007.02.08 15:51:16 | 002,209,408 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2006.08.29 00:12:00 | 000,990,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006.08.29 00:11:00 | 000,247,808 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2006.08.29 00:10:00 | 000,728,576 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005.09.28 17:07:02 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2001.08.17 14:48:14 | 000,011,520 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TwoTrack.sys -- (TwoTrack)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.param.yahoo-fr: ""
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.03.19 19:15:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.03.10 20:22:48 | 000,000,000 | ---D | M]
[2011.04.03 12:18:18 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Gaspar\Anwendungsdaten\Mozilla\Extensions
[2012.03.10 20:53:45 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Gaspar\Anwendungsdaten\Mozilla\Firefox\Profiles\lz05b281.default\extensions
[2012.04.09 17:15:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.02.19 17:02:31 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.04.09 17:15:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012.04.09 17:15:19 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012.03.19 19:15:58 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.04.09 17:15:17 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2012.03.03 21:31:05 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.03 21:31:04 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.03 21:31:04 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.03 21:31:04 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
O1 HOSTS File: ([2012.01.30 19:54:33 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Programme\GbPlugin\gbieh.dll (Banco do Brasil)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TrackPointSrv] C:\WINDOWS\System32\tp4mon.exe (IBM Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{671DEE8C-D947-4BFB-B16A-2BA0A59032AC}: NameServer = 193.189.244.225 193.189.244.206
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Programme\GbPlugin\gbieh.dll) - C:\Programme\GbPlugin\gbieh.dll (Banco do Brasil)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Programme\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\ACNotify: DllName - (ACNotify.dll) - C:\Programme\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O20 - Winlogon\Notify\psfus: DllName - (C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Programme\GbPlugin\gbieh.dll (Banco do Brasil)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.06.01 21:40:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.01.21 03:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.) - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2007.11.18 01:41:52 | 000,000,047 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012.04.09 19:24:42 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Gaspar\Desktop\esetsmartinstaller_enu.exe
[2012.04.09 19:11:42 | 000,266,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TweakUI.exe
[2012.04.09 19:11:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Powertoys for Windows XP
[2012.04.09 17:39:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gaspar\Anwendungsdaten\SUPERAntiSpyware.com
[2012.04.09 17:37:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
[2012.04.09 17:37:33 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware
[2012.04.09 17:23:49 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Gaspar\Recent
[2012.04.09 17:19:03 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java
[2012.04.09 17:15:53 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012.04.09 17:15:52 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012.04.09 17:15:52 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012.04.09 17:15:52 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012.04.09 17:15:03 | 000,000,000 | ---D | C] -- C:\Programme\Java
[2012.04.09 16:55:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.04.06 12:28:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CCleaner
[2012.04.06 12:28:08 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2012.04.06 11:49:43 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Gaspar\Desktop\OTL.exe
[2012.04.05 23:32:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gaspar\Anwendungsdaten\Malwarebytes
[2012.04.05 23:32:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.04.05 23:32:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.04.05 23:31:58 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.04.05 23:31:57 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.04.05 01:19:32 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012.04.03 16:54:22 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.04.02 18:57:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gaspar\Desktop\cifras
[2012.03.18 14:22:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\PCHealth
[2012.01.30 19:27:52 | 002,139,720 | ---- | C] (Banco do Brasil SA) -- C:\Programme\DiagnosticoBB.exe
========== Files - Modified Within 30 Days ==========
[2012.04.09 22:24:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.04.09 19:24:49 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Gaspar\Desktop\esetsmartinstaller_enu.exe
[2012.04.09 17:34:47 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012.04.09 17:32:29 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.04.09 17:29:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.04.09 17:25:37 | 000,039,194 | ---- | M] () -- C:\Dokumente und Einstellungen\Gaspar\Desktop\cc_20120409_172516.reg
[2012.04.09 17:15:14 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012.04.09 17:15:14 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012.04.09 17:15:14 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012.04.09 17:15:14 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012.04.09 17:15:13 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012.04.07 20:14:07 | 000,072,129 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2012.04.07 20:13:54 | 000,001,534 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ss.ini
[2012.04.07 14:26:03 | 000,100,864 | ---- | M] () -- C:\Dokumente und Einstellungen\Gaspar\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.04.06 23:24:52 | 000,581,100 | ---- | M] () -- C:\Dokumente und Einstellungen\Gaspar\Desktop\15yAnalysisTHAdysplasia.pdf
[2012.04.06 11:49:55 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Gaspar\Desktop\OTL.exe
[2012.04.05 01:19:32 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012.04.05 01:19:32 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012.03.27 23:07:20 | 000,519,804 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.03.27 23:07:20 | 000,495,852 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.03.27 23:07:20 | 000,101,534 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.03.27 23:07:20 | 000,084,440 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.03.15 20:07:00 | 000,194,568 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
========== Files Created - No Company Name ==========
[2012.04.09 19:11:42 | 000,160,217 | ---- | C] () -- C:\WINDOWS\System32\PowerToysLicense.rtf
[2012.04.09 17:25:25 | 000,039,194 | ---- | C] () -- C:\Dokumente und Einstellungen\Gaspar\Desktop\cc_20120409_172516.reg
[2012.04.06 23:24:52 | 000,581,100 | ---- | C] () -- C:\Dokumente und Einstellungen\Gaspar\Desktop\15yAnalysisTHAdysplasia.pdf
[2012.04.05 01:19:34 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.03.10 20:37:39 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2012.02.18 22:58:24 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.04.22 23:33:29 | 000,072,129 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2011.04.22 23:24:56 | 000,001,534 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ss.ini
[2010.11.07 15:11:07 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.08.29 11:42:31 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2010.08.29 11:42:31 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2010.08.29 11:42:31 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2010.08.29 11:42:31 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2010.08.29 11:42:31 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2010.08.07 14:59:05 | 000,482,312 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2010.08.07 11:26:45 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2010.07.28 21:32:05 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.07.08 19:55:09 | 000,100,864 | ---- | C] () -- C:\Dokumente und Einstellungen\Gaspar\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.02 12:12:38 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010.06.02 11:36:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.06.02 11:23:32 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010.06.01 22:28:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010.06.01 22:26:59 | 000,194,568 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.06.01 21:44:48 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010.06.01 21:36:34 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
========== LOP Check ==========
[2010.06.02 12:12:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2011.04.22 23:24:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FreeRIP
[2012.01.30 19:30:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GbPlugin
[2011.09.30 11:08:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2010.06.02 10:37:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UIB
[2011.09.30 10:52:19 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2011.06.09 00:29:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gaspar\Anwendungsdaten\Canneverbe Limited
[2012.04.05 20:49:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gaspar\Anwendungsdaten\FileZilla
[2012.03.10 03:30:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gaspar\Anwendungsdaten\pdfforge
[2011.09.30 10:53:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gaspar\Anwendungsdaten\TuneUp Software
[2011.04.22 23:04:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gaspar\Anwendungsdaten\XMedia Recode
[2012.04.09 17:34:47 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 208 bytes -> C:\WINDOWS\System32\drivers:GbpKmAp.lst
< End of report > Extras.Txt Code:
OTL Extras logfile created on: 09.04.2012 22:27:03 - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Dokumente und Einstellungen\Gaspar\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1014,42 Mb Total Physical Memory | 455,55 Mb Available Physical Memory | 44,91% Memory free
2,38 Gb Paging File | 2,05 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 25,39 Gb Total Space | 14,54 Gb Free Space | 57,26% Space Free | Partition Type: NTFS
Drive D: | 30,49 Gb Total Space | 11,45 Gb Free Space | 37,54% Space Free | Partition Type: NTFS
Drive F: | 22,35 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive H: | 14,82 Gb Total Space | 6,57 Gb Free Space | 44,30% Space Free | Partition Type: FAT32
Drive I: | 232,88 Gb Total Space | 172,65 Gb Free Space | 74,14% Space Free | Partition Type: NTFS
Computer Name: ADMIN-B7BC655BD | User Name: Gaspar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Dokumente und Einstellungen\Gaspar\Lokale Einstellungen\Anwendungsdaten\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Dokumente und Einstellungen\Gaspar\Lokale Einstellungen\Anwendungsdaten\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Programme\Microsoft LifeCam\LifeCam.exe" = C:\Programme\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Programme\Microsoft LifeCam\LifeEnC2.exe" = C:\Programme\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe -- (Microsoft Corporation)
"C:\Programme\Microsoft LifeCam\LifeExp.exe" = C:\Programme\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Programme\Microsoft LifeCam\LifeTray.exe" = C:\Programme\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{381CC72A-6BC3-430a-A847-A7BCEB63A8A1}" = SPSS 13.0 for Windows
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.6
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}" = Microsoft LifeCam
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6CE851D7-DD98-489A-9227-5BBE08E7064B}" = ThinkVantage Fingerprint Software
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A89DEBCA-F743-3412-97F6-B2E489194551}" = Google Talk Plugin
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D09E1835-02C7-43F2-99DA-0AE1F39D386D}" = Samsung RAW Converter 3
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014" = ThinkPad Integrated 56K Modem
"FileZilla Client" = FileZilla Client 3.5.1
"foobar2000" = foobar2000 v0.9.6.9
"InstallShield_{D09E1835-02C7-43F2-99DA-0AE1F39D386D}" = Samsung RAW Converter 3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"Power Management Driver" = ThinkPad Power Management Driver
"Tweak UI 2.10" = Tweak UI
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"XMedia Recode" = XMedia Recode 2.3.2.0
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 29.03.2012 07:36:35 | Computer Name = ADMIN-B7BC655BD | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 11.0.0.4454, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 04.04.2012 19:31:40 | Computer Name = ADMIN-B7BC655BD | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80240022, P2 processdownloadresults, P3
download, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials
(edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 NIL, P10 NIL.
Error - 05.04.2012 16:26:14 | Computer Name = ADMIN-B7BC655BD | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P2 3.0.8402.0, P3 timeout, P4 1.1.8202.0, P5 fixed, P6 1 _ 1024, P7 5 _ not boot,
P8 NIL, P9 NIL, P10 NIL.
Error - 05.04.2012 16:29:33 | Computer Name = ADMIN-B7BC655BD | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung AcSvc.exe, Version 5.6.2.57, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x00be6107.
Error - 05.04.2012 18:00:23 | Computer Name = ADMIN-B7BC655BD | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile,
P4 3.0.8402.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.
Error - 06.04.2012 17:48:04 | Computer Name = ADMIN-B7BC655BD | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0,
P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.
Error - 07.04.2012 06:25:28 | Computer Name = ADMIN-B7BC655BD | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0,
P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.
Error - 07.04.2012 14:11:24 | Computer Name = ADMIN-B7BC655BD | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Skype.exe, Version 5.5.0.124, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 09.04.2012 09:46:04 | Computer Name = ADMIN-B7BC655BD | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80240022, P2 processdownloadresults, P3
download, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials
(edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 NIL, P10 NIL.
Error - 09.04.2012 13:44:17 | Computer Name = ADMIN-B7BC655BD | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile,
P4 3.0.8402.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.
[ System Events ]
Error - 09.04.2012 13:43:59 | Computer Name = ADMIN-B7BC655BD | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
Error - 09.04.2012 13:44:02 | Computer Name = ADMIN-B7BC655BD | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
Error - 09.04.2012 13:44:04 | Computer Name = ADMIN-B7BC655BD | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
Error - 09.04.2012 13:44:07 | Computer Name = ADMIN-B7BC655BD | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
Error - 09.04.2012 13:44:10 | Computer Name = ADMIN-B7BC655BD | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
Error - 09.04.2012 13:44:12 | Computer Name = ADMIN-B7BC655BD | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
Error - 09.04.2012 14:02:38 | Computer Name = ADMIN-B7BC655BD | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
Error - 09.04.2012 14:02:41 | Computer Name = ADMIN-B7BC655BD | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
Error - 09.04.2012 14:02:44 | Computer Name = ADMIN-B7BC655BD | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
Error - 09.04.2012 14:02:46 | Computer Name = ADMIN-B7BC655BD | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
< End of report > ...Zwischenfrage...
Sollte ich mit sorgen machen wegen des Eintrags
"Error - 09.04.2012 14:02:46 | Computer Name = ADMIN-B7BC655BD | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D."
aus Extras.Txt vom OTL-Scan??
...Weiter...
GMER: hat nicht gefunzt (gemäß Anleitung keinen 2. Versuch gestartet)
...Weiter...
MBR-Check: erfolgt
Logfile Code:
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 5.1.2600 Disk: HTC426060G9AT00 rev.00P3A0B4 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys
1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x86554AB8]
3 CLASSPNP[0xF75FCFD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\00000081[0x8654EF18]
5 ACPI[0xF7492620] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Ide\IdeDeviceP0T0L0-3[0x8650F4A8]
kernel: MBR read successfully
user & kernel MBR OK
Kannst Du mir bitte Kommentare schreiben, auch zu den Zwischenfragen?
-Bezügl Microsoft Security Essentials und Legitimitätsüberprüfung (s. meinen Post von vorgestern) bei Vorinstalliertem MS-O ohne CD/key - bitte um Vorschlag... MSE deinstallieren, anderes Prog stattdessen (falls ja, welches?)
-Bezügl Trusted Zone Einträge checken ggf. bereinigen (s. Deinen Post von vorgestern) - Vorgehensweise? Oder sind die vielleicht durch die Scans/Runs von heute doch beseitigt worden?
Gruß und Danke für die Unterstützung
g |