Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: eType Virus

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 15.04.2012, 14:43   #1
Dittsche182
 
eType Virus - Standard

eType Virus



Hallo zusammen,

da ihr mir vor 2 Jahren schon einmal hervorragend geholfen habt, wende ich mich heute (leider) wieder an euch, in der Offnung auf wieder gut support!

Gestern Abend habe ich ein Instalationsprogramm ausgeführt (eType) in der Annahme, es handelt sich um ein Codec Programm. Leider etwas naiv an die Sache heran gegangen..

Nun hab ich den PC heute gestartet und es gab eine Fehlermeldung beim Starten (hab ich leider nicht mehr parat). Es dauerte sehr lange, bis der Rechner mit dem Hochfahren fertig war. Mir kam das etwas spanisch vor. Zunächst habe ich das Programm eType über Windows Software entfernt. Das dauerte ziemlich lang und am Ende waren die Sympole noch auf dem Desktop. Ich wurde stutzig und habe im Netz gelesen, dass mit diesem Programm Viren (allg. Probleme) aufgetreten sind. Einen Neustart habe ich daher erstmal verhindert und wurde gleich aktiv.

Folgende Dinge habe ich bisher getan:

1. Maleware Antibytes herunter geladen und nach der empfohlenen Vorgehensweise ausgeführt (es gab Funde)
2. SuperAntiSpyware herunter geladen und nach der empfohlenen Vorgehensweise ausgeführt (es gab viele Funde, die bisher nur im Ergebnis feststehen; weitere Aktionen habe ich noch nicht durchgeführt).

Ich würde mich freuen, wenn Ihr mir wieder helfen könnt.

Gruß, Dittsche

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.15.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Peter Lustig :: PETER-6X2VGMUVQ [Administrator]

15.04.2012 09:24:45
mbam-log-2012-04-15 (11-19-22).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 288637
Laufzeit: 1 Stunde(n), 53 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUpdaterService\ibsvc.exe (PUP.BundleInstaller.IB) -> 772 -> Keine Aktion durchgeführt.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUpdaterService\ibsvc.exe (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt.
C:\RECYCLER\S-1-5-21-1085031214-1482476501-725345543-1003\Dc20.exe (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt.
C:\RECYCLER\S-1-5-21-1085031214-1482476501-725345543-1003\Dc21.exe (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt.

(Ende)




SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 04/15/2012 at 03:09 PM

Application Version : 5.0.1146

Core Rules Database Version : 8458
Trace Rules Database Version: 6270

Scan type : Complete Scan
Total Scan Time : 02:30:32

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 631
Memory threats detected : 0
Registry items scanned : 34713
Registry threats detected : 20
File items scanned : 98937
File threats detected : 602

PUP.bProtector
HKU\S-1-5-21-1085031214-1482476501-725345543-1003\Software\Microsoft\Internet Explorer\Main#bProtector Start Page [ hxxp://search.etype.com/?smart=1 ]
HKU\S-1-5-21-1085031214-1482476501-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes#bProtectorDefaultScope [ {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} ]
HKLM\System\CurrentControlSet\Services\bProtector
HKLM\System\CurrentControlSet\Services\bProtector#Type
HKLM\System\CurrentControlSet\Services\bProtector#Start
HKLM\System\CurrentControlSet\Services\bProtector#ErrorControl
HKLM\System\CurrentControlSet\Services\bProtector#ImagePath
HKLM\System\CurrentControlSet\Services\bProtector#DisplayName
HKLM\System\CurrentControlSet\Services\bProtector#ObjectName
HKLM\System\CurrentControlSet\Services\bProtector#Description
HKLM\System\CurrentControlSet\Services\bProtector#FailureActions
HKLM\System\CurrentControlSet\Services\bProtector\Security
HKLM\System\CurrentControlSet\Services\bProtector\Security#Security
HKLM\System\CurrentControlSet\Services\bProtector\Enum
HKLM\System\CurrentControlSet\Services\bProtector\Enum#0
HKLM\System\CurrentControlSet\Services\bProtector\Enum#Count
HKLM\System\CurrentControlSet\Services\bProtector\Enum#NextInstance
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}#DisplayName
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}#UninstallString

Adware.Tracking Cookie
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\peter lustig@adx.chip[1].txt [ /adx.chip ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\ZZTTCVUN.txt [ /ad3.adfarm1.adition.com ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\Y8KRQDN0.txt [ /dyntracker.com ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\HFKMKVAD.txt [ /unitymedia.de ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\X3PSHJBN.txt [ /revsci.net ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\1OQI6ERQ.txt [ /ad2.adfarm1.adition.com ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\O47UG7VA.txt [ /adfarm1.adition.com ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\8X55YX91.txt [ /ad.adserver01.de ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\28KY2RFY.txt [ /server.adform.net ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\C8HDJDGX.txt [ /adform.net ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\CV6KNIDI.txt [ /adviva.net ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\Q5NCD9SE.txt [ /atdmt.com ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\2FZ916WP.txt [ /ad.ad-srv.net ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\O3AEJX76.txt [ /webmasterplan.com ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\1111PQIP.txt [ /zanox.com ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\APLOD55B.txt [ /tracking.quisma.com ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\TV92887I.txt [ /tracking.mindshare.de ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\QM870OZ4.txt [ /doubleclick.net ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\8D2327JY.txt [ /www.zanox-affiliate.de ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\8L4TBRPZ.txt [ /de.sitestat.com ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\UKZGPCAI.txt [ /invitemedia.com ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\ZN5XAIXW.txt [ /questionmarket.com ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\2N7L646Z.txt [ /collective-media.net ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\AMI4PHB9.txt [ /tracking.mlsat02.de ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\VHCHT84R.txt [ /imrworldwide.com ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\CZP4GU5Y.txt [ /serving-sys.com ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\A9211FZP.txt [ /ad1.adfarm1.adition.com ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\5I7NNJ94.txt [ /adfarm1.adition.com ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\D5Z9581T.txt [ /smartadserver.com ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\65LJ0Z10.txt [ /fastclick.net ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\W169TMR5.txt [ /ad4.adfarm1.adition.com ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\MAM2G402.txt [ /specificclick.net ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\Y12IRT5U.txt [ /eyewonder.com ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\JGAGWC8N.txt [ /mediaplex.com ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\UROSQ8ME.txt [ /tribalfusion.com ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\MANQKQMJ.txt [ /track.adform.net ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\TWIXEUXI.txt [ /ad.adc-serv.net ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\B1WHSIAR.txt [ /ad2.adfarm1.adition.com ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\24WW66ZP.txt [ /tradedoubler.com ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\7XSH560H.txt [ /bs.serving-sys.com ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\4CT1Y9GN.txt [ /c.atdmt.com ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\Y34JM19M.txt [ /apmebf.com ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\D8Y7554C.txt [ /ad.yieldmanager.com ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\USLFM48I.txt [ /traffictrack.de ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\86IS672L.txt [ /ads.creative-serving.com ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\DICJEA6J.txt [ /adtech.de ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\CBOGKLAI.txt [ /www.traffective-tracking.net ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\AM41019H.txt [ /zanox-affiliate.de ]

Wäre nett, wenn mir jemand weiter helfen könnte .-)

* Hoch! *

21.05 Uhr: Ich habe nun die schädlichen Datein entfernt und neu starten müssen.

Wieder Fehlermeldung beim Starten, das nicht auf den Speicher zugriffen werden konnte.

Der Clou: Ich bekomme nun eine Meldung, das eType fertig installiert ist..

Bitte um hilfe!

Alt 15.04.2012, 20:21   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
eType Virus - Standard

eType Virus



Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________

__________________

Alt 15.04.2012, 21:09   #3
Dittsche182
 
eType Virus - Standard

eType Virus



Hallo Arne,

vielen Dank für deine Unterstützung! Ich melde mich, sobald der Suchlauf durch ist. Zieht sich leider etwas.

Bis später!

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=1dcb8dec78bb494d9df07f6a14101216
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-15 09:25:21
# local_time=2012-04-15 11:25:21 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1792 16777191 100 0 14101068 14101068 0 0
# compatibility_mode=8192 67108863 100 0 254 254 0 0
# scanned=93621
# found=7
# cleaned=0
# scan_time=6056
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\bProtector\bProtect.exe a variant of Win32/bProtector application (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUpdaterService\ibsvc.exe a variant of Win32/InstallBrain application (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\Peter Lustig\Lokale Einstellungen\Temporary Internet Files\Content.IE5\5UTYTPOZ\SetupDataMngr_Searchqu[1].exe a variant of Win32/Toolbar.SearchSuite application (unable to clean) 00000000000000000000000000000000 I
C:\RECYCLER\S-1-5-21-1085031214-1482476501-725345543-1003\Dc20.exe a variant of Win32/InstallBrain application (unable to clean) 00000000000000000000000000000000 I
C:\RECYCLER\S-1-5-21-1085031214-1482476501-725345543-1003\Dc21.exe a variant of Win32/InstallBrain application (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\protector.dll a variant of Win32/bProtector application (unable to clean) 00000000000000000000000000000000 I
${Memory} multiple threats 00000000000000000000000000000000 I

Eingabe: 23.49 Uhr

7.10 Uhr: Beim Neustart wieder die gleichen Probleme. Fehlermedlung beim Starten, dass nicht auf den Speicher zugegriffen werden kann. Außerdem wird mitgeteilt, das eType fertig ist und "downloding extending eType".
__________________

Alt 16.04.2012, 10:54   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
eType Virus - Standard

eType Virus



Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         



CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 16.04.2012, 16:22   #5
Dittsche182
 
eType Virus - Standard

eType Virus



Bitteschön

Code:
ATTFilter
OTL logfile created on: 16.04.2012 17:03:12 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Dokumente und Einstellungen\Peter Lustig\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,50 Gb Available Physical Memory | 83,48% Memory free
4,83 Gb Paging File | 4,12 Gb Available in Paging File | 85,30% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 128,00 Gb Total Space | 100,96 Gb Free Space | 78,88% Space Free | Partition Type: NTFS
Drive Z: | 468,17 Gb Total Space | 362,91 Gb Free Space | 77,52% Space Free | Partition Type: NTFS
 
Computer Name: PETER-6X2VGMUVQ | User Name: Peter Lustig | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.04.16 17:00:24 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\OTL.exe
PRC - [2012.04.15 00:31:07 | 002,167,664 | ---- | M] (DSNR Media Innovations) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype\eTypeUpdate.exe
PRC - [2012.04.15 00:30:39 | 002,927,984 | ---- | M] (DSNR Media Innovations) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype\eType.exe
PRC - [2012.04.15 00:28:51 | 000,342,968 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUpdaterService\ibsvc.exe
PRC - [2012.03.07 23:27:25 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012.02.26 17:01:44 | 000,295,728 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe
PRC - [2012.02.16 16:29:02 | 000,114,992 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Programme\SweetIM\Messenger\SweetIM.exe
PRC - [2012.01.18 15:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2011.10.19 17:56:15 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.19 17:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.19 17:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.19 17:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe
PRC - [2011.07.20 08:55:02 | 000,247,872 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
PRC - [2009.04.30 13:23:26 | 000,090,112 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2009.04.08 21:49:30 | 000,344,064 | R--- | M] (AVerMedia) -- C:\Programme\Gemeinsame Dateien\AVerMedia\Service\AVerRemote.exe
PRC - [2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.07.05 16:05:04 | 000,065,536 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2007.07.05 16:04:18 | 000,114,688 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2007.07.05 16:03:32 | 000,184,320 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2007.07.05 15:58:40 | 000,413,696 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2007.07.05 15:51:48 | 000,126,976 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2007.07.05 12:07:42 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe
PRC - [2007.04.09 20:03:00 | 000,058,416 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2007.03.09 07:49:42 | 000,066,176 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2007.03.08 06:16:48 | 000,073,776 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2007.02.27 18:43:30 | 000,561,213 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe
PRC - [2007.02.27 18:41:50 | 001,409,108 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\BTStackServer.exe
PRC - [2007.02.27 18:35:04 | 000,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2007.01.08 14:48:58 | 000,026,152 | ---- | M] (BVRP) -- C:\Programme\NetWaiting\NetWaiting.exe
PRC - [2006.09.06 09:39:10 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe
PRC - [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.04.16 15:47:29 | 000,065,024 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012.04.16 15:47:29 | 000,052,736 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012.04.15 12:32:49 | 000,117,760 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012.04.15 12:32:49 | 000,052,224 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012.04.15 00:29:23 | 000,793,080 | ---- | M] () -- C:\WINDOWS\system32\protector.dll
MOD - [2012.04.15 00:28:51 | 000,342,968 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUpdaterService\ibsvc.exe
MOD - [2011.10.19 17:56:03 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011.07.20 08:55:02 | 000,247,872 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
MOD - [2010.04.13 18:45:44 | 000,109,464 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype\MyZip.dll
MOD - [2009.09.03 14:25:44 | 000,053,248 | R--- | M] () -- C:\Programme\Gemeinsame Dateien\AVerMedia\dll\MsgLog.dll
MOD - [2009.04.30 13:23:26 | 000,090,112 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
MOD - [2009.03.02 13:02:52 | 000,026,624 | ---- | M] () -- C:\WINDOWS\system32\ssp4ml3.dll
MOD - [2008.04.14 08:52:18 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007.09.05 18:18:00 | 000,073,728 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\PWRMGRIF.DLL
MOD - [2007.09.05 18:18:00 | 000,049,152 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\GR\PWRMGRRT.DLL
MOD - [2007.04.09 20:03:00 | 000,235,056 | ---- | M] () -- C:\Programme\Lenovo\NPDIRECT\tpfnf7.dll
MOD - [2007.02.27 18:48:38 | 002,842,624 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2007.02.27 18:45:10 | 000,053,248 | ---- | M] () -- C:\Programme\ThinkPad\Bluetooth Software\BTKeyInd.dll
MOD - [2007.01.25 08:25:52 | 000,069,720 | ---- | M] () -- C:\Programme\Lenovo\HOTKEY\HKVOLKEY.dll
MOD - [2006.12.14 04:06:42 | 000,028,672 | ---- | M] () -- C:\Programme\Lenovo\HOTKEY\tphklock.dll
MOD - [2006.11.10 06:26:02 | 000,030,256 | ---- | M] () -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012.04.15 00:28:51 | 000,342,968 | ---- | M] () [Auto | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUpdaterService\ibsvc.exe -- (IBUpdaterService)
SRV - [2012.04.14 20:27:10 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011.10.19 17:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.19 17:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011.07.20 08:55:02 | 000,247,872 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009.10.09 21:11:19 | 000,389,120 | R--- | M] () [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\AVerMedia\Service\AVerScheduleService.exe -- (AVerScheduleService)
SRV - [2009.04.30 13:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2009.04.08 21:49:30 | 000,344,064 | R--- | M] (AVerMedia) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\AVerMedia\Service\AVerRemote.exe -- (AVerRemote)
SRV - [2007.07.05 16:05:04 | 000,065,536 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2007.07.05 16:03:32 | 000,184,320 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2007.02.27 18:35:04 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2005.08.24 03:29:52 | 000,118,272 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe -- (TUWinStylerThemeSvc)
SRV - [2003.08.11 12:44:16 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)
SRV - [2003.07.28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\SSPORT.sys -- (SSPORT)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\DgiVecp.sys -- (DgiVecp)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012.02.15 16:36:03 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.11.03 19:38:33 | 000,043,488 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2011.10.19 17:56:15 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.19 17:56:15 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.06.17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.10.19 05:26:06 | 000,474,880 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVerAF35.sys -- (AVerAF35)
DRV - [2008.04.14 01:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008.04.13 23:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C)
DRV - [2008.01.09 13:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
DRV - [2007.11.02 15:22:38 | 000,105,896 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217unic.sys -- (s217unic) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM)
DRV - [2007.11.02 15:22:38 | 000,103,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217mgmt.sys -- (s217mgmt) Sony Ericsson Device 217 USB WMC Device Management Drivers (WDM)
DRV - [2007.11.02 15:22:38 | 000,100,008 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217obex.sys -- (s217obex)
DRV - [2007.11.02 15:22:38 | 000,024,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217nd5.sys -- (s217nd5) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS)
DRV - [2007.11.02 15:22:36 | 000,109,992 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217mdm.sys -- (s217mdm)
DRV - [2007.11.02 15:22:36 | 000,083,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217bus.sys -- (s217bus) Sony Ericsson Device 217 driver (WDM)
DRV - [2007.11.02 15:22:36 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217mdfl.sys -- (s217mdfl)
DRV - [2007.09.28 17:29:00 | 000,103,472 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsX86.sys -- (Shockprf)
DRV - [2007.09.28 17:28:00 | 000,019,504 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsHM86.sys -- (TPDIGIMN)
DRV - [2007.09.05 18:18:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2007.05.02 04:34:32 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007.04.29 23:37:20 | 002,206,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
DRV - [2007.04.09 20:03:00 | 000,012,848 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2007.04.02 12:24:08 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2007.02.27 11:02:00 | 000,868,042 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007.01.24 11:33:00 | 000,530,861 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2007.01.24 11:27:00 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006.12.22 04:56:00 | 000,988,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006.12.22 04:56:00 | 000,209,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006.12.22 04:55:00 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006.10.15 08:01:00 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006.10.09 16:00:00 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2005.11.08 10:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/em/
IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = hxxp://search.etype.com/?smart=1&query={searchTerms}
IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?ch_id=em&q={searchTerms}
IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/em/"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.03.19 15:40:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\specialsavings@superfish.com: C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles/u6r1xior.default\extensions\specialsavings@superfish.com [2012.04.15 00:29:53 | 000,000,000 | ---D | M]
 
[2012.03.13 10:24:56 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Extensions
[2012.04.04 13:41:14 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\igmbdxj9.default\extensions
[2012.03.29 20:55:21 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\igmbdxj9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.02.05 20:48:30 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\igmbdxj9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.04.15 09:11:30 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\u6r1xior.default\extensions
[2012.03.29 21:00:30 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\u6r1xior.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.02.15 22:07:53 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\u6r1xior.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2012.02.05 20:48:30 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\u6r1xior.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.03.29 20:55:47 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\u6r1xior.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.04.15 00:29:53 | 000,000,000 | ---D | M] (SpecialSavings) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\u6r1xior.default\extensions\specialsavings@superfish.com
[2011.07.14 20:19:12 | 000,001,024 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\igmbdxj9.default\searchplugins\icqplugin.xml
[2012.03.19 15:40:24 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.11.04 23:52:21 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.03.19 15:40:16 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.09.29 03:24:37 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.29 03:16:42 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.09.29 03:24:37 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.29 03:24:37 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.11 18:03:55 | 000,002,519 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\Search_Results.xml
[2011.09.29 03:24:37 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.29 03:24:37 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.12.31 17:33:07 | 000,000,867 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (eType Toolbar) - {d0230100-3044-43b1-a44e-70dc12fd418c} - C:\Programme\etype\file2linktemplateX.dll File not found
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (eType Toolbar) - {d0230100-3044-43b1-a44e-70dc12fd418c} - C:\Programme\etype\file2linktemplateX.dll File not found
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BLOG] C:\Programme\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPFNF7] C:\Programme\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKU\S-1-5-21-1085031214-1482476501-725345543-1003..\Run: [eType] C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype\eType.exe (DSNR Media Innovations)
O4 - HKU\S-1-5-21-1085031214-1482476501-725345543-1003..\Run: [ModemOnHold] C:\Programme\NetWaiting\NetWaiting.exe (BVRP)
O4 - HKU\S-1-5-21-1085031214-1482476501-725345543-1003..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Bild in &Microsoft PhotoDraw öffnen - C:\Programme\Microsoft Office\Office\1031\PHDINTL.DLL (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Web-Suche - C:\Programme\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html ()
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63CFF96B-91AA-49FC-AC3D-AB1C6A79D748}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BBB0439-F819-4F19-BEF8-D2F9EA109FD9}: DhcpNameServer = 192.168.3.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (protector.dll) - C:\WINDOWS\System32\protector.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Programme\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\ACNotify: DllName - (ACNotify.dll) - C:\Programme\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O20 - Winlogon\Notify\tpfnf2: DllName - (C:\Programme\Lenovo\HOTKEY\notifyf2.dll) - C:\Programme\Lenovo\HOTKEY\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - (C:\Programme\Lenovo\HOTKEY\tphklock.dll) - C:\Programme\Lenovo\HOTKEY\tphklock.dll ()
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.11.03 17:20:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AVer HID Receiver.lnk - C:\Programme\Gemeinsame Dateien\AVerMedia\AVerQuick\AVerHIDReceiver.exe - ()
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AVerQuick.lnk - C:\Programme\Gemeinsame Dateien\AVerMedia\AVerQuick\AVerQuick.exe - (AVerMedia TECHNOLOGIES, Inc.)
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Digital Imaging Monitor.lnk - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^McAfee Security Scan Plus.lnk -  - File not found
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Programme\HP\HP Software Update\HPWuSchd.exe (Hewlett-Packard)
MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: Samsung PanelMgr - hkey= - key= - C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Programme\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
SafeBootMin: !SASCORE - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: !SASCORE - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.ACM (fccHandler)
Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.at3 - C:\WINDOWS\System32\atrac3.acm ()
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\DivXa32.acm (Packed With Joy !)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codec - C:\WINDOWS\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\LameACM.acm (hxxp://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.3ivx - C:\WINDOWS\System32\3ivxVfWCodec.dll (3ivx.com)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIV3 - C:\WINDOWS\System32\DivXc32.dll (Packed with Joy !)
Drivers32: vidc.DIV4 - C:\WINDOWS\System32\DivXc32f.dll (Packed with Joy !)
Drivers32: vidc.divx - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.dx50 - C:\WINDOWS\System32\divx50.dll (DivXNetworks, Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ffdshow.ax ()
Drivers32: vidc.hfyu - C:\WINDOWS\System32\huffyuv.dll (Disappearing Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: vidc.vp60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.wmv3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.16 17:00:12 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\OTL.exe
[2012.04.15 21:40:11 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.04.15 21:38:50 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\esetsmartinstaller_enu.exe
[2012.04.15 18:39:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\bilder_Lobeda_0412
[2012.04.15 12:32:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\SUPERAntiSpyware.com
[2012.04.15 12:31:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
[2012.04.15 12:31:22 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware
[2012.04.15 09:23:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Malwarebytes
[2012.04.15 09:23:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.04.15 09:23:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.04.15 09:23:32 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.04.15 09:23:32 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.04.15 00:30:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Peter Lustig\Startmenü\Programme\eType
[2012.04.15 00:29:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype
[2012.04.15 00:29:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\bProtector
[2012.04.15 00:29:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUpdaterService
[2012.04.04 13:47:05 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoft
[2012.04.02 13:54:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\SunODFPluginforMicrosoftOffice
[2012.04.02 13:41:15 | 000,000,000 | ---D | C] -- C:\Programme\Sun
[2012.03.20 19:47:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Peter Lustig\Lokale Einstellungen\Anwendungsdaten\Identities
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.16 17:00:24 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\OTL.exe
[2012.04.16 16:27:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.04.16 15:45:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.04.16 14:37:36 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2012.04.15 21:38:51 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\esetsmartinstaller_enu.exe
[2012.04.15 21:16:33 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2012.04.15 12:31:28 | 000,001,642 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.04.15 09:23:36 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.15 00:29:23 | 000,793,080 | ---- | M] () -- C:\WINDOWS\System32\protector.dll
[2012.04.13 18:01:51 | 000,032,768 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter Lustig\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.04.13 17:15:08 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2012.04.11 16:09:40 | 000,562,026 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.04.11 16:09:40 | 000,534,446 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.04.11 16:09:40 | 000,114,052 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.04.11 16:09:40 | 000,095,006 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.04.11 15:59:58 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.04.04 13:47:25 | 000,001,023 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\Free YouTube to MP3 Converter.lnk
[2012.04.04 13:47:25 | 000,000,906 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\DVDVideoSoft Free Studio.lnk
[2012.04.01 14:58:14 | 053,364,412 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\Die stählerne Zeit - Das Reich des Stahlbarons 2_3.mp4
[2012.04.01 14:57:14 | 042,508,024 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\Die stählerne Zeit - Das Reich des Stahlbarons 3_3.mp4
[2012.04.01 14:56:46 | 054,958,069 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\Die stählerne Zeit - Das Reich des Stahlbarons 1_3.mp4
[2012.03.30 22:46:16 | 000,000,064 | ---- | M] () -- C:\WINDOWS\AVerText.ini
[2012.03.28 17:28:08 | 000,002,451 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\Microsoft Office Picture Manager.lnk
[2012.03.26 14:21:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.04.15 12:31:28 | 000,001,642 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.04.15 09:23:36 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.15 00:29:23 | 000,793,080 | ---- | C] () -- C:\WINDOWS\System32\protector.dll
[2012.04.02 13:52:19 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.04.01 14:57:05 | 053,364,412 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\Die stählerne Zeit - Das Reich des Stahlbarons 2_3.mp4
[2012.04.01 14:56:08 | 042,508,024 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\Die stählerne Zeit - Das Reich des Stahlbarons 3_3.mp4
[2012.04.01 14:55:30 | 054,958,069 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\Die stählerne Zeit - Das Reich des Stahlbarons 1_3.mp4
[2012.02.15 07:16:34 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.11.21 18:30:38 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.11.13 14:55:03 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2011.11.04 13:07:59 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4860.dll
[2011.11.04 13:07:58 | 000,910,464 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2011.11.04 13:04:36 | 000,016,384 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE
[2011.11.04 13:04:35 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2011.11.04 13:00:33 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2011.11.04 12:57:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2011.11.03 20:01:21 | 000,000,064 | ---- | C] () -- C:\WINDOWS\AVerText.ini
[2011.11.03 19:53:39 | 000,000,145 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter Lustig\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2011.11.03 19:27:15 | 000,034,480 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat
[2011.11.03 19:27:15 | 000,028,721 | ---- | C] () -- C:\WINDOWS\hpoins03.dat
[2011.11.03 19:04:35 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2011.11.03 19:03:15 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\AVerIO.dll
[2011.11.03 19:03:15 | 000,003,456 | R--- | C] () -- C:\WINDOWS\System32\AVerIO.sys
[2011.11.03 19:03:00 | 000,598,016 | R--- | C] () -- C:\WINDOWS\System32\sptlib21.dll
[2011.11.03 19:03:00 | 000,307,200 | R--- | C] () -- C:\WINDOWS\System32\sptlib01.dll
[2011.11.03 19:03:00 | 000,294,912 | R--- | C] () -- C:\WINDOWS\System32\sptlib11.dll
[2011.11.03 19:03:00 | 000,290,816 | R--- | C] () -- C:\WINDOWS\System32\sptlib22.dll
[2011.11.03 19:03:00 | 000,249,856 | R--- | C] () -- C:\WINDOWS\System32\sptlib03.dll
[2011.11.03 19:03:00 | 000,225,280 | R--- | C] () -- C:\WINDOWS\System32\sptlib02.dll
[2011.11.03 19:03:00 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\sptlib12.dll
[2011.11.03 18:59:24 | 000,482,408 | ---- | C] () -- C:\WINDOWS\ssndii.exe
[2011.11.03 18:58:44 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ssp4ml3.dll
[2011.11.03 18:06:29 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011.11.03 17:54:00 | 000,032,768 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter Lustig\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.03 17:22:14 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011.11.03 17:17:05 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011.11.03 17:10:01 | 000,004,335 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011.11.03 17:08:52 | 000,273,376 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
 
========== LOP Check ==========
 
[2011.11.10 15:54:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avanquest
[2012.02.28 16:41:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVerTV
[2012.03.12 08:47:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\boost_interprocess
[2012.04.15 09:27:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\bProtector
[2011.11.10 00:51:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software
[2012.04.15 00:32:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUpdaterService
[2012.03.29 20:55:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2011.11.15 23:07:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MSScanAppDataDir
[2011.11.19 16:14:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Drivers HeadQuarters
[2012.03.29 20:55:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM
[2011.11.05 15:32:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2012.04.04 13:47:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\DVDVideoSoft
[2012.02.05 20:48:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\DVDVideoSoftIEHelpers
[2012.04.16 15:46:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype
[2012.04.15 17:56:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\ICQ
[2011.11.05 15:36:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\TuneUp Software
[2012.04.13 17:15:08 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job
[2012.04.16 14:37:36 | 000,000,314 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.11.05 15:34:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Adobe
[2011.11.04 21:17:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Avira
[2012.02.09 15:54:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\dvdcss
[2012.04.04 13:47:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\DVDVideoSoft
[2012.02.05 20:48:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\DVDVideoSoftIEHelpers
[2012.04.16 15:46:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype
[2012.04.15 17:56:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\ICQ
[2011.11.03 17:24:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Identities
[2011.11.04 13:02:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\InstallShield
[2011.11.04 18:01:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Macromedia
[2012.04.15 09:23:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Malwarebytes
[2011.11.05 00:22:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Media Player Classic
[2012.03.20 19:47:02 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Microsoft
[2011.11.03 20:54:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Microsoft Web Folders
[2011.11.04 21:23:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla
[2012.04.15 23:23:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Skype
[2011.11.19 17:03:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Sun
[2012.04.02 13:54:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\SunODFPluginforMicrosoftOffice
[2012.04.15 12:32:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\SUPERAntiSpyware.com
[2011.11.05 15:36:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\TuneUp Software
[2011.11.10 22:27:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\vlc
[2011.11.05 15:31:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\WinRAR
 
< %APPDATA%\*.exe /s >
[2012.04.15 00:30:39 | 002,927,984 | ---- | M] (DSNR Media Innovations) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype\eType.exe
[2012.04.15 00:31:07 | 002,167,664 | ---- | M] (DSNR Media Innovations) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype\eTypeUpdate.exe
[2011.11.04 13:06:59 | 000,010,134 | R--- | M] () -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Microsoft\Installer\{BBD6BA59-4593-43CC-BBC8-8E53D354AEA4}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2004.08.04 02:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004.08.04 02:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004.08.04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 02:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004.08.04 02:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 08:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 08:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 01:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: IASTOR.SYS  >
[2007.02.12 06:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\DRIVERS\other\iastor.sys
[2007.02.12 06:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\SWTOOLS\DRIVERS\IMSM\iastor.sys
[2007.02.12 06:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINDOWS\system32\drivers\iaStor.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 08:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 08:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 01:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 08:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 08:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 01:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2004.08.04 01:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2008.04.14 08:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 08:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 08:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 08:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 01:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2004.08.04 01:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 08:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 08:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2001.08.18 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2001.08.18 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2011.11.03 18:07:54 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2011.11.03 18:07:54 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2011.11.03 18:07:54 | 000,421,888 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
<           >

< End of report >
         
Ah. Den hab ich glatt noch übersehen. Sollte nun alles sein.

Code:
ATTFilter
OTL Extras logfile created on: 16.04.2012 17:03:12 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Dokumente und Einstellungen\Peter Lustig\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,50 Gb Available Physical Memory | 83,48% Memory free
4,83 Gb Paging File | 4,12 Gb Available in Paging File | 85,30% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 128,00 Gb Total Space | 100,96 Gb Free Space | 78,88% Space Free | Partition Type: NTFS
Drive Z: | 468,17 Gb Total Space | 362,91 Gb Free Space | 77,52% Space Free | Partition Type: NTFS
 
Computer Name: PETER-6X2VGMUVQ | User Name: Peter Lustig | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_USERS\S-1-5-21-1085031214-1482476501-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\ICQ7.6\ICQ.exe" = C:\Programme\ICQ7.6\ICQ.exe:*:Enabled:ICQ7.6 -- (ICQ, LLC.)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\ICQ7.6\ICQ.exe" = C:\Programme\ICQ7.6\ICQ.exe:*:Enabled:ICQ7.6 -- (ICQ, LLC.)
"C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe" = C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe:*:Enabled:SweetPacksUpdateManager -- (SweetIM Technologies Ltd.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{092eeeee-9fdd-4895-a568-0818c96beb6c}" = AiO_Scan
"{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}" = SweetIM for Messenger 3.6
"{0e4a0db5-801d-489e-85c0-6c3f96335d20}" = 1300Trb
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad-Dienstprogramm 'EasyEject'
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
"{2F1FD032-67D1-4569-923F-47EAF132BF0F}" = DocProc
"{2F603A45-D956-496B-81B5-50D782424976}" = SweetPacks Toolbar for Internet Explorer 4.4
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.012.00
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C5EA394-1031-11D2-A2CB-00C04F72F31D}" = Microsoft PhotoDraw 2000 V2
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FB6F304-A91D-4919-98E5-D96E074EA9E5}" = SkinsHP1
"{54e854d5-d5d4-452d-9c75-b39f5625b5fb}" = Readme
"{5ADF6293-D60F-4425-AFA7-CEB820DB872B}" = QuickProjects
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Präsentationsdirektor
"{6dc18d50-8cc3-4dea-a666-ea6f01907663}" = 1300
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{829698DE-9EAC-475E-9A05-B7BA807CA1EF}" = Director
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{868D7896-99D4-4513-BC62-2B3AD3E24926}" = TuneUp Utilities 2006
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{939227BD-19D8-4684-8A04-31AC9F6A564C}" = Scan
"{9F4EEA0C-7174-4BD3-89AF-7AB2F9F6AEDD}" = hpmdtab
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Energie-Manager
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A363B66C-1547-47bf-90F0-3834E70A841A}" = CreativeProjects
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{b17cf867-a4e5-41ba-a646-50f237810eca}" = 1300_Help
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{bb6cac2a-1fa0-471a-bc3c-ade699c39f3c}" = Fax
"{BBD6BA59-4593-43CC-BBC8-8E53D354AEA4}" = Atmel TPM Driver Installer 3.0.3.15
"{BD136CE7-6666-4273-A056-8D92F8625AAB}" = Sun ODF Plugin for Microsoft Office 3.2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{c330461f-c4a9-4fc7-af5d-c158e0b56aa7}" = AiOSoftware
"{C38BC5B7-62D3-4880-82DD-A4803FD81921}" = PhotoGallery
"{c46485b1-6527-4937-9dc0-29bb5d5613fe}" = 1300Tour
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC0A24CB-87C9-4F1C-A1F2-F87D8D4DDCAF}" = HP Software Update
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE4F8FFB-4063-4247-9F14-ECE61AFEFA25}" = TrayApp
"{CFD1B282-555D-494d-8231-4175C2AF08C2}" = PrintScreen
"{D1D8C9C4-89BE-4f37-9EC4-B80E3C239C41}" = Copy
"{D545BB81-DEB0-49f7-BE26-197BC31AAF57}" = SkinsHP2
"{D728E945-256D-4477-B377-6BBA693714AC}" = Ergänzung zu Productivity Center für ThinkPad
"{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"{E4ABB302-9D82-4D18-83D5-AD1DFE786AA8}" = Unload
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{ec7d7a6a-31cb-4810-826f-74171bef44f1}" = AIOMinimal
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}" = HP PSC & OfficeJet 3.0
"{FB697452-8CA4-46B4-98B1-165C922A2EF3}" = Update Manager for SweetPacks 1.0
"{FBBF532A-47AC-457d-AC06-0D3163D8911E}" = WebReg
"09DE32C4F7BD75AFC4FD14FE55D82891A5C397E0" = Windows Driver Package - Intel net  (04/30/2007 11.1.1.11)
"6455D19F3BFC2585EA48D0648505F8DA7DAC3629" = Windows Driver Package - Intel (NETw4x32) net  (04/30/2007 11.1.1.11)
"737C4F107F61FFE46CE45CCA503223FBA5BD00FC" = Windows Driver Package - Intel net  (04/30/2007 11.1.1.11)
"A52334752DB8BF051DEADD0BADDDA32C2255FDC0" = Windows Driver Package - Intel (w29n51) net  (04/04/2007 9.0.4.36)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"audcle" = Plus! MP3 Audio Converter LE
"AVerMedia A835 USB TV Tuner" = AVerMedia A835 USB TV Tuner 8.0.0.43
"Avira AntiVir Desktop" = Avira Free Antivirus
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
"Cole2k Media - Codec Pack" = Cole2k Media - Codec Pack (Advanced)
"drmtool.inf" = Personal License Update Wizard for Windows Media Player
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"ESET Online Scanner" = ESET Online Scanner v3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.17.319
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Photo & Imaging" = HP Photo & Imaging 3.1
"ICQToolbar" = ICQ Toolbar
"ie8" = Windows Internet Explorer 8
"InstallShield_{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"mmmusic" = Movie Maker Background Music Files
"mmsounds" = Movie Maker Sound Effects
"mmtitle" = Movie Maker Title Images
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"mplibwiz.inf" = Media Library Management Wizard
"mpxlswiz.inf" = Windows Media Player Playlist Import to Excel Wizard
"mpxptray.inf" = Windows Media Player Tray Control
"OnScreenDisplay" = Anzeige am Bildschirm
"Power Management Driver" = ThinkPad Power Management Driver
"Samsung ML-191x 252x Series" = Wartung Samsung ML-191x 252x Series
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"Updater Service" = Updater Service
"VLC media player" = VLC media player 1.1.11
"wa2wmp" = Windows Media Player Skin Importer
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"WMBK2" = Windows Media Bonus Pack for Windows XP
"XP Codec Pack" = XP Codec Pack
"xp-AntiSpy" = xp-AntiSpy 3.97-11
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1085031214-1482476501-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ActiveSlide Player" = ActiveSlide Player
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 06.12.2011 13:50:46 | Computer Name = PETER-6X2VGMUVQ | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung wiaacmgr.exe, Version 5.1.2600.5512, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 06.12.2011 16:34:47 | Computer Name = PETER-6X2VGMUVQ | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung _isd6.exe, Version 12.0.0.58849, fehlgeschlagenes
 Modul _isd6.exe, Version 12.0.0.58849, Fehleradresse 0x0001e7b9.
 
Error - 06.12.2011 16:38:22 | Computer Name = PETER-6X2VGMUVQ | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung _isd6.exe, Version 12.0.0.58849, fehlgeschlagenes
 Modul _isd6.exe, Version 12.0.0.58849, Fehleradresse 0x0001e7b9.
 
Error - 07.12.2011 14:27:23 | Computer Name = PETER-6X2VGMUVQ | Source = Microsoft Office 11 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Word.
 
Error - 07.12.2011 14:29:31 | Computer Name = PETER-6X2VGMUVQ | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung WINWORD.EXE, Version 11.0.5604.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 12.12.2011 09:14:43 | Computer Name = PETER-6X2VGMUVQ | Source = Avira Antivirus | ID = 4118
Description = AUSNAHMEFEHLER beim Aufruf der Funktion AVEPROC_InitEngine() für die
 Datei  unknown.   [ACCESS_VIOLATION Exception!! EIP = 0xd461bc]   Bitte Avira informieren
 und die obige Datei übersenden!
 
Error - 11.01.2012 09:38:40 | Computer Name = PETER-6X2VGMUVQ | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
 - Tried to start a service that wasn't the latest version of CLR Optimization service.
 Will shutdown 
 
Error - 14.01.2012 15:52:39 | Computer Name = PETER-6X2VGMUVQ | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung vlc.exe, Version 1.1.11.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 30.01.2012 09:42:09 | Computer Name = PETER-6X2VGMUVQ | Source = Avira Antivirus | ID = 4118
Description = AUSNAHMEFEHLER beim Aufruf der Funktion AVEPROC_InitEngine() für die
 Datei  unknown.   [ACCESS_VIOLATION Exception!! EIP = 0xd461bc]   Bitte Avira informieren
 und die obige Datei übersenden!
 
Error - 09.02.2012 09:02:19 | Computer Name = PETER-6X2VGMUVQ | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung rundll32.exe, Version 5.1.2600.5512, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
[ System Events ]
Error - 16.04.2012 01:05:39 | Computer Name = PETER-6X2VGMUVQ | Source = Service Control Manager | ID = 7022
Description = Der Dienst "AVerScheduleService" wurde nicht ordnungsgemäß gestartet.
 
Error - 16.04.2012 01:05:39 | Computer Name = PETER-6X2VGMUVQ | Source = Service Control Manager | ID = 7034
Description = Dienst "AVerScheduleService" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 16.04.2012 07:08:36 | Computer Name = PETER-6X2VGMUVQ | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 16.04.2012 07:08:36 | Computer Name = PETER-6X2VGMUVQ | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 16.04.2012 07:10:11 | Computer Name = PETER-6X2VGMUVQ | Source = Service Control Manager | ID = 7022
Description = Der Dienst "AVerScheduleService" wurde nicht ordnungsgemäß gestartet.
 
Error - 16.04.2012 07:10:12 | Computer Name = PETER-6X2VGMUVQ | Source = Service Control Manager | ID = 7034
Description = Dienst "AVerScheduleService" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 16.04.2012 09:45:34 | Computer Name = PETER-6X2VGMUVQ | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 16.04.2012 09:45:34 | Computer Name = PETER-6X2VGMUVQ | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 16.04.2012 09:47:07 | Computer Name = PETER-6X2VGMUVQ | Source = Service Control Manager | ID = 7022
Description = Der Dienst "AVerScheduleService" wurde nicht ordnungsgemäß gestartet.
 
Error - 16.04.2012 09:47:08 | Computer Name = PETER-6X2VGMUVQ | Source = Service Control Manager | ID = 7034
Description = Dienst "AVerScheduleService" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
 
< End of report >
         


Alt 16.04.2012, 19:28   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
eType Virus - Standard

eType Virus



Zitat:
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (eType Toolbar) - {d0230100-3044-43b1-a44e-70dc12fd418c} - C:\Programme\etype\file2linktemplateX.dll File not found
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

Deinstalliere über Systemsteuerung unter Software bzw. Programme und Funktionen alles wo Toolbar zu sehen ist. Bei zukünftigen Programminstallation immer die benutzerdefinierte Methode anklicken, damit man bei der Installation mögliche Toolbars abwählen kann.
Deinstalliere bei der Gelegenheit auch alle anderen unnötigen Programme über die Systemsteuerung.

Mach danach bitte wieder ein neues OTL-Log
__________________
--> eType Virus

Alt 16.04.2012, 19:52   #7
Dittsche182
 
eType Virus - Standard

eType Virus



Vielen Dank! OTL läuft nun unter deinem obigen Vorgehen. Ich sende dann alles, sobald es durch ist.

Was mich jedoch noch sehr wundert ist, das eType sich bei jedem Start wieder meldet, obwohl es eigentlich deinstalliert wurde? Evtl. hast du da eine Idee?

Bis später!

21.15 Uhr: Ich hoffe ich habe alles gelöscht! Anbei der neue Suchlauf:

Code:
ATTFilter
OTL logfile created on: 16.04.2012 20:49:47 - Run 2
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Dokumente und Einstellungen\Peter Lustig\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 65,86% Memory free
4,83 Gb Paging File | 3,65 Gb Available in Paging File | 75,47% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 128,00 Gb Total Space | 100,88 Gb Free Space | 78,82% Space Free | Partition Type: NTFS
Drive Z: | 468,17 Gb Total Space | 362,91 Gb Free Space | 77,52% Space Free | Partition Type: NTFS
 
Computer Name: PETER-6X2VGMUVQ | User Name: Peter Lustig | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.04.16 17:00:24 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\OTL.exe
PRC - [2012.04.15 00:31:07 | 002,167,664 | ---- | M] (DSNR Media Innovations) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype\eTypeUpdate.exe
PRC - [2012.04.15 00:30:39 | 002,927,984 | ---- | M] (DSNR Media Innovations) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype\eType.exe
PRC - [2012.04.15 00:28:51 | 000,342,968 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUpdaterService\ibsvc.exe
PRC - [2012.03.19 15:40:16 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.03.07 23:27:25 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012.02.26 17:01:44 | 000,295,728 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe
PRC - [2012.02.16 16:29:02 | 000,114,992 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Programme\SweetIM\Messenger\SweetIM.exe
PRC - [2012.01.18 15:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2011.10.19 17:56:15 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.19 17:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.19 17:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.19 17:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe
PRC - [2009.10.09 21:11:19 | 000,389,120 | R--- | M] () -- C:\Programme\Gemeinsame Dateien\AVerMedia\Service\AVerScheduleService.exe
PRC - [2009.04.30 13:23:26 | 000,090,112 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2009.04.08 21:49:30 | 000,344,064 | R--- | M] (AVerMedia) -- C:\Programme\Gemeinsame Dateien\AVerMedia\Service\AVerRemote.exe
PRC - [2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.07.05 16:05:04 | 000,065,536 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2007.07.05 16:04:18 | 000,114,688 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2007.07.05 16:03:32 | 000,184,320 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2007.07.05 15:58:40 | 000,413,696 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2007.07.05 15:51:48 | 000,126,976 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2007.07.05 12:07:42 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe
PRC - [2007.04.09 20:03:00 | 000,058,416 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2007.03.09 07:49:42 | 000,066,176 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2007.03.08 06:16:48 | 000,073,776 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2007.02.27 18:43:30 | 000,561,213 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe
PRC - [2007.02.27 18:41:50 | 001,409,108 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\BTStackServer.exe
PRC - [2007.02.27 18:35:04 | 000,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2007.01.08 14:48:58 | 000,026,152 | ---- | M] (BVRP) -- C:\Programme\NetWaiting\NetWaiting.exe
PRC - [2006.09.06 09:39:10 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe
PRC - [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.04.16 15:47:29 | 000,065,024 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012.04.16 15:47:29 | 000,052,736 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012.04.15 12:32:49 | 000,117,760 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012.04.15 12:32:49 | 000,052,224 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012.04.15 00:29:23 | 000,793,080 | ---- | M] () -- C:\WINDOWS\system32\protector.dll
MOD - [2012.04.15 00:28:51 | 000,342,968 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUpdaterService\ibsvc.exe
MOD - [2012.04.14 20:27:09 | 008,797,344 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll
MOD - [2012.03.19 15:40:15 | 001,969,080 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.02.14 21:57:36 | 000,085,288 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\u6r1xior.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCoreGecko11.dll
MOD - [2011.10.19 17:56:03 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2010.04.13 18:45:44 | 000,109,464 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype\MyZip.dll
MOD - [2009.10.09 21:11:19 | 000,389,120 | R--- | M] () -- C:\Programme\Gemeinsame Dateien\AVerMedia\Service\AVerScheduleService.exe
MOD - [2009.09.03 14:25:44 | 000,053,248 | R--- | M] () -- C:\Programme\Gemeinsame Dateien\AVerMedia\dll\MsgLog.dll
MOD - [2009.04.30 13:23:26 | 000,090,112 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
MOD - [2009.03.02 13:02:52 | 000,026,624 | ---- | M] () -- C:\WINDOWS\system32\ssp4ml3.dll
MOD - [2008.04.14 08:52:18 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007.09.05 18:18:00 | 000,073,728 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\PWRMGRIF.DLL
MOD - [2007.09.05 18:18:00 | 000,049,152 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\GR\PWRMGRRT.DLL
MOD - [2007.04.09 20:03:00 | 000,235,056 | ---- | M] () -- C:\Programme\Lenovo\NPDIRECT\tpfnf7.dll
MOD - [2007.02.27 18:48:38 | 002,842,624 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2007.02.27 18:45:10 | 000,053,248 | ---- | M] () -- C:\Programme\ThinkPad\Bluetooth Software\BTKeyInd.dll
MOD - [2007.01.25 08:25:52 | 000,069,720 | ---- | M] () -- C:\Programme\Lenovo\HOTKEY\HKVOLKEY.dll
MOD - [2006.12.14 04:06:42 | 000,028,672 | ---- | M] () -- C:\Programme\Lenovo\HOTKEY\tphklock.dll
MOD - [2006.11.10 06:26:02 | 000,030,256 | ---- | M] () -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012.04.15 00:28:51 | 000,342,968 | ---- | M] () [Auto | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUpdaterService\ibsvc.exe -- (IBUpdaterService)
SRV - [2012.04.14 20:27:10 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011.10.19 17:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.19 17:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2009.10.09 21:11:19 | 000,389,120 | R--- | M] () [Auto | Running] -- C:\Programme\Gemeinsame Dateien\AVerMedia\Service\AVerScheduleService.exe -- (AVerScheduleService)
SRV - [2009.04.30 13:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2009.04.08 21:49:30 | 000,344,064 | R--- | M] (AVerMedia) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\AVerMedia\Service\AVerRemote.exe -- (AVerRemote)
SRV - [2007.07.05 16:05:04 | 000,065,536 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2007.07.05 16:03:32 | 000,184,320 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2007.02.27 18:35:04 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2005.08.24 03:29:52 | 000,118,272 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe -- (TUWinStylerThemeSvc)
SRV - [2003.08.11 12:44:16 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)
SRV - [2003.07.28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\SSPORT.sys -- (SSPORT)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\DgiVecp.sys -- (DgiVecp)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012.02.15 16:36:03 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.11.03 19:38:33 | 000,043,488 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2011.10.19 17:56:15 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.19 17:56:15 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.06.17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.10.19 05:26:06 | 000,474,880 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVerAF35.sys -- (AVerAF35)
DRV - [2008.04.14 01:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008.04.13 23:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C)
DRV - [2008.01.09 13:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
DRV - [2007.11.02 15:22:38 | 000,105,896 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217unic.sys -- (s217unic) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM)
DRV - [2007.11.02 15:22:38 | 000,103,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217mgmt.sys -- (s217mgmt) Sony Ericsson Device 217 USB WMC Device Management Drivers (WDM)
DRV - [2007.11.02 15:22:38 | 000,100,008 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217obex.sys -- (s217obex)
DRV - [2007.11.02 15:22:38 | 000,024,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217nd5.sys -- (s217nd5) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS)
DRV - [2007.11.02 15:22:36 | 000,109,992 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217mdm.sys -- (s217mdm)
DRV - [2007.11.02 15:22:36 | 000,083,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217bus.sys -- (s217bus) Sony Ericsson Device 217 driver (WDM)
DRV - [2007.11.02 15:22:36 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217mdfl.sys -- (s217mdfl)
DRV - [2007.09.28 17:29:00 | 000,103,472 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsX86.sys -- (Shockprf)
DRV - [2007.09.28 17:28:00 | 000,019,504 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsHM86.sys -- (TPDIGIMN)
DRV - [2007.09.05 18:18:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2007.05.02 04:34:32 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007.04.29 23:37:20 | 002,206,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
DRV - [2007.04.09 20:03:00 | 000,012,848 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2007.04.02 12:24:08 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2007.02.27 11:02:00 | 000,868,042 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007.01.24 11:33:00 | 000,530,861 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2007.01.24 11:27:00 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006.12.22 04:56:00 | 000,988,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006.12.22 04:56:00 | 000,209,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006.12.22 04:55:00 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006.10.15 08:01:00 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006.10.09 16:00:00 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2005.11.08 10:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/em/
IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\SearchScopes,bProtectorDefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = hxxp://search.etype.com/?smart=1&query={searchTerms}
IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?ch_id=em&q={searchTerms}
IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/em/"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.03.19 15:40:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\specialsavings@superfish.com: C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles/u6r1xior.default\extensions\specialsavings@superfish.com [2012.04.15 00:29:53 | 000,000,000 | ---D | M]
 
[2012.03.13 10:24:56 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Extensions
[2012.04.04 13:41:14 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\igmbdxj9.default\extensions
[2012.03.29 20:55:21 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\igmbdxj9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.02.05 20:48:30 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\igmbdxj9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.04.15 09:11:30 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\u6r1xior.default\extensions
[2012.03.29 21:00:30 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\u6r1xior.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.02.15 22:07:53 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\u6r1xior.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2012.02.05 20:48:30 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\u6r1xior.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.03.29 20:55:47 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\u6r1xior.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.04.15 00:29:53 | 000,000,000 | ---D | M] (SpecialSavings) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\u6r1xior.default\extensions\specialsavings@superfish.com
[2011.07.14 20:19:12 | 000,001,024 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\igmbdxj9.default\searchplugins\icqplugin.xml
[2012.03.19 15:40:24 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.11.04 23:52:21 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.03.19 15:40:16 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.09.29 03:24:37 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.29 03:16:42 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.09.29 03:24:37 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.29 03:24:37 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.11 18:03:55 | 000,002,519 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\Search_Results.xml
[2011.09.29 03:24:37 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.29 03:24:37 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.12.31 17:33:07 | 000,000,867 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (eType Toolbar) - {d0230100-3044-43b1-a44e-70dc12fd418c} - C:\Programme\etype\file2linktemplateX.dll File not found
O3 - HKLM\..\Toolbar: (eType Toolbar) - {d0230100-3044-43b1-a44e-70dc12fd418c} - C:\Programme\etype\file2linktemplateX.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BLOG] C:\Programme\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPFNF7] C:\Programme\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKU\S-1-5-21-1085031214-1482476501-725345543-1003..\Run: [eType] C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype\eType.exe (DSNR Media Innovations)
O4 - HKU\S-1-5-21-1085031214-1482476501-725345543-1003..\Run: [ModemOnHold] C:\Programme\NetWaiting\NetWaiting.exe (BVRP)
O4 - HKU\S-1-5-21-1085031214-1482476501-725345543-1003..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Bild in &Microsoft PhotoDraw öffnen - C:\Programme\Microsoft Office\Office\1031\PHDINTL.DLL (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Web-Suche - C:\Programme\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63CFF96B-91AA-49FC-AC3D-AB1C6A79D748}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BBB0439-F819-4F19-BEF8-D2F9EA109FD9}: DhcpNameServer = 192.168.3.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (protector.dll) - C:\WINDOWS\System32\protector.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Programme\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\ACNotify: DllName - (ACNotify.dll) - C:\Programme\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O20 - Winlogon\Notify\tpfnf2: DllName - (C:\Programme\Lenovo\HOTKEY\notifyf2.dll) - C:\Programme\Lenovo\HOTKEY\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - (C:\Programme\Lenovo\HOTKEY\tphklock.dll) - C:\Programme\Lenovo\HOTKEY\tphklock.dll ()
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.11.03 17:20:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AVer HID Receiver.lnk - C:\Programme\Gemeinsame Dateien\AVerMedia\AVerQuick\AVerHIDReceiver.exe - ()
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AVerQuick.lnk - C:\Programme\Gemeinsame Dateien\AVerMedia\AVerQuick\AVerQuick.exe - (AVerMedia TECHNOLOGIES, Inc.)
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Digital Imaging Monitor.lnk - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^McAfee Security Scan Plus.lnk -  - File not found
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Programme\HP\HP Software Update\HPWuSchd.exe (Hewlett-Packard)
MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: Samsung PanelMgr - hkey= - key= - C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Programme\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
SafeBootMin: !SASCORE - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: !SASCORE - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.ACM (fccHandler)
Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.at3 - C:\WINDOWS\System32\atrac3.acm ()
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\DivXa32.acm (Packed With Joy !)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codec - C:\WINDOWS\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\LameACM.acm (hxxp://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.3ivx - C:\WINDOWS\System32\3ivxVfWCodec.dll (3ivx.com)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIV3 - C:\WINDOWS\System32\DivXc32.dll (Packed with Joy !)
Drivers32: vidc.DIV4 - C:\WINDOWS\System32\DivXc32f.dll (Packed with Joy !)
Drivers32: vidc.divx - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.dx50 - C:\WINDOWS\System32\divx50.dll (DivXNetworks, Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ffdshow.ax ()
Drivers32: vidc.hfyu - C:\WINDOWS\System32\huffyuv.dll (Disappearing Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: vidc.vp60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.wmv3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.16 17:00:12 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\OTL.exe
[2012.04.15 21:40:11 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.04.15 21:38:50 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\esetsmartinstaller_enu.exe
[2012.04.15 18:39:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\bilder_Lobeda_0412
[2012.04.15 12:32:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\SUPERAntiSpyware.com
[2012.04.15 12:31:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
[2012.04.15 12:31:22 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware
[2012.04.15 09:23:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Malwarebytes
[2012.04.15 09:23:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.04.15 09:23:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.04.15 09:23:32 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.04.15 09:23:32 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.04.15 00:30:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Peter Lustig\Startmenü\Programme\eType
[2012.04.15 00:29:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype
[2012.04.15 00:29:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\bProtector
[2012.04.15 00:29:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUpdaterService
[2012.04.04 13:47:05 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoft
[2012.04.02 13:54:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\SunODFPluginforMicrosoftOffice
[2012.04.02 13:41:15 | 000,000,000 | ---D | C] -- C:\Programme\Sun
[2012.03.20 19:47:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Peter Lustig\Lokale Einstellungen\Anwendungsdaten\Identities
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.16 20:27:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.04.16 19:20:39 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2012.04.16 17:00:24 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\OTL.exe
[2012.04.16 15:45:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.04.16 14:37:36 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2012.04.15 21:38:51 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\esetsmartinstaller_enu.exe
[2012.04.15 12:31:28 | 000,001,642 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.04.15 09:23:36 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.15 00:29:23 | 000,793,080 | ---- | M] () -- C:\WINDOWS\System32\protector.dll
[2012.04.13 18:01:51 | 000,032,768 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter Lustig\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.04.13 17:15:08 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2012.04.11 16:09:40 | 000,562,026 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.04.11 16:09:40 | 000,534,446 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.04.11 16:09:40 | 000,114,052 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.04.11 16:09:40 | 000,095,006 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.04.11 15:59:58 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.04.04 13:47:25 | 000,001,023 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\Free YouTube to MP3 Converter.lnk
[2012.04.04 13:47:25 | 000,000,906 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\DVDVideoSoft Free Studio.lnk
[2012.04.01 14:58:14 | 053,364,412 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\Die stählerne Zeit - Das Reich des Stahlbarons 2_3.mp4
[2012.04.01 14:57:14 | 042,508,024 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\Die stählerne Zeit - Das Reich des Stahlbarons 3_3.mp4
[2012.04.01 14:56:46 | 054,958,069 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\Die stählerne Zeit - Das Reich des Stahlbarons 1_3.mp4
[2012.03.30 22:46:16 | 000,000,064 | ---- | M] () -- C:\WINDOWS\AVerText.ini
[2012.03.28 17:28:08 | 000,002,451 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\Microsoft Office Picture Manager.lnk
[2012.03.26 14:21:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.04.15 12:31:28 | 000,001,642 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.04.15 09:23:36 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.15 00:29:23 | 000,793,080 | ---- | C] () -- C:\WINDOWS\System32\protector.dll
[2012.04.02 13:52:19 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.04.01 14:57:05 | 053,364,412 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\Die stählerne Zeit - Das Reich des Stahlbarons 2_3.mp4
[2012.04.01 14:56:08 | 042,508,024 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\Die stählerne Zeit - Das Reich des Stahlbarons 3_3.mp4
[2012.04.01 14:55:30 | 054,958,069 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\Die stählerne Zeit - Das Reich des Stahlbarons 1_3.mp4
[2012.02.15 07:16:34 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.11.21 18:30:38 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.11.13 14:55:03 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2011.11.04 13:07:59 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4860.dll
[2011.11.04 13:07:58 | 000,910,464 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2011.11.04 13:04:36 | 000,016,384 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE
[2011.11.04 13:04:35 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2011.11.04 13:00:33 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2011.11.04 12:57:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2011.11.03 20:01:21 | 000,000,064 | ---- | C] () -- C:\WINDOWS\AVerText.ini
[2011.11.03 19:53:39 | 000,000,145 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter Lustig\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2011.11.03 19:27:15 | 000,034,480 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat
[2011.11.03 19:27:15 | 000,028,721 | ---- | C] () -- C:\WINDOWS\hpoins03.dat
[2011.11.03 19:04:35 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2011.11.03 19:03:15 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\AVerIO.dll
[2011.11.03 19:03:15 | 000,003,456 | R--- | C] () -- C:\WINDOWS\System32\AVerIO.sys
[2011.11.03 19:03:00 | 000,598,016 | R--- | C] () -- C:\WINDOWS\System32\sptlib21.dll
[2011.11.03 19:03:00 | 000,307,200 | R--- | C] () -- C:\WINDOWS\System32\sptlib01.dll
[2011.11.03 19:03:00 | 000,294,912 | R--- | C] () -- C:\WINDOWS\System32\sptlib11.dll
[2011.11.03 19:03:00 | 000,290,816 | R--- | C] () -- C:\WINDOWS\System32\sptlib22.dll
[2011.11.03 19:03:00 | 000,249,856 | R--- | C] () -- C:\WINDOWS\System32\sptlib03.dll
[2011.11.03 19:03:00 | 000,225,280 | R--- | C] () -- C:\WINDOWS\System32\sptlib02.dll
[2011.11.03 19:03:00 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\sptlib12.dll
[2011.11.03 18:59:24 | 000,482,408 | ---- | C] () -- C:\WINDOWS\ssndii.exe
[2011.11.03 18:58:44 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ssp4ml3.dll
[2011.11.03 18:06:29 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011.11.03 17:54:00 | 000,032,768 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter Lustig\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.03 17:22:14 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011.11.03 17:17:05 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011.11.03 17:10:01 | 000,004,335 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011.11.03 17:08:52 | 000,273,376 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
 
========== LOP Check ==========
 
[2011.11.10 15:54:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avanquest
[2012.02.28 16:41:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVerTV
[2012.03.12 08:47:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\boost_interprocess
[2012.04.15 09:27:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\bProtector
[2011.11.10 00:51:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software
[2012.04.15 00:32:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUpdaterService
[2012.03.29 20:55:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2011.11.15 23:07:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MSScanAppDataDir
[2011.11.19 16:14:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Drivers HeadQuarters
[2012.04.16 20:46:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM
[2011.11.05 15:32:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2012.04.04 13:47:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\DVDVideoSoft
[2012.02.05 20:48:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\DVDVideoSoftIEHelpers
[2012.04.16 15:46:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype
[2012.04.15 17:56:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\ICQ
[2011.11.05 15:36:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\TuneUp Software
[2012.04.13 17:15:08 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job
[2012.04.16 14:37:36 | 000,000,314 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.11.05 15:34:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Adobe
[2011.11.04 21:17:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Avira
[2012.02.09 15:54:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\dvdcss
[2012.04.04 13:47:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\DVDVideoSoft
[2012.02.05 20:48:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\DVDVideoSoftIEHelpers
[2012.04.16 15:46:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype
[2012.04.15 17:56:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\ICQ
[2011.11.03 17:24:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Identities
[2011.11.04 13:02:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\InstallShield
[2011.11.04 18:01:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Macromedia
[2012.04.15 09:23:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Malwarebytes
[2011.11.05 00:22:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Media Player Classic
[2012.03.20 19:47:02 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Microsoft
[2011.11.03 20:54:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Microsoft Web Folders
[2011.11.04 21:23:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla
[2012.04.16 20:56:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Skype
[2011.11.19 17:03:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Sun
[2012.04.02 13:54:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\SunODFPluginforMicrosoftOffice
[2012.04.15 12:32:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\SUPERAntiSpyware.com
[2011.11.05 15:36:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\TuneUp Software
[2011.11.10 22:27:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\vlc
[2011.11.05 15:31:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\WinRAR
 
< %APPDATA%\*.exe /s >
[2012.04.15 00:30:39 | 002,927,984 | ---- | M] (DSNR Media Innovations) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype\eType.exe
[2012.04.15 00:31:07 | 002,167,664 | ---- | M] (DSNR Media Innovations) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype\eTypeUpdate.exe
[2011.11.04 13:06:59 | 000,010,134 | R--- | M] () -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Microsoft\Installer\{BBD6BA59-4593-43CC-BBC8-8E53D354AEA4}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2004.08.04 02:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004.08.04 02:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004.08.04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 02:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004.08.04 02:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 08:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 08:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 01:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: IASTOR.SYS  >
[2007.02.12 06:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\DRIVERS\other\iastor.sys
[2007.02.12 06:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\SWTOOLS\DRIVERS\IMSM\iastor.sys
[2007.02.12 06:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINDOWS\system32\drivers\iaStor.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 08:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 08:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 01:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 08:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 08:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 01:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2004.08.04 01:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2008.04.14 08:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 08:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 08:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 08:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 01:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2004.08.04 01:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 08:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 08:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2001.08.18 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2001.08.18 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2011.11.03 18:07:54 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2011.11.03 18:07:54 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2011.11.03 18:07:54 | 000,421,888 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
<           >

< End of report >
         

Alt 16.04.2012, 20:41   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
eType Virus - Standard

eType Virus



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/em/
IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\SearchScopes,bProtectorDefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://search.etype.com/?smart=1&query={searchTerms}
IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?ch_id=em&q={searchTerms}
IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
FF - prefs.js..browser.startup.homepage: "http://start.icq.com/em/"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - user.js - File not found
[2012.03.29 20:55:21 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\igmbdxj9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.03.29 21:00:30 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\u6r1xior.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.02.15 22:07:53 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\u6r1xior.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2012.04.15 00:29:53 | 000,000,000 | ---D | M] (SpecialSavings) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\u6r1xior.default\extensions\specialsavings@superfish.com
[2011.07.14 20:19:12 | 000,001,024 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\igmbdxj9.default\searchplugins\icqplugin.xml
[2012.03.11 18:03:55 | 000,002,519 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\Search_Results.xml
O2 - BHO: (eType Toolbar) - {d0230100-3044-43b1-a44e-70dc12fd418c} - C:\Programme\etype\file2linktemplateX.dll File not found
O3 - HKLM\..\Toolbar: (eType Toolbar) - {d0230100-3044-43b1-a44e-70dc12fd418c} - C:\Programme\etype\file2linktemplateX.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKU\S-1-5-21-1085031214-1482476501-725345543-1003..\Run: [eType] C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype\eType.exe (DSNR Media Innovations)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.11.03 17:20:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
[2012.04.16 15:46:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype
[2012.04.15 00:30:39 | 002,927,984 | ---- | M] (DSNR Media Innovations) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype\eType.exe
[2012.04.15 00:31:07 | 002,167,664 | ---- | M] (DSNR Media Innovations) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype\eTypeUpdate.exe
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 16.04.2012, 22:25   #9
Dittsche182
 
eType Virus - Standard

eType Virus



23.22 Uhr: OTL ist abgestürzt. Folgende Meldung erschien: "Cannot create file c:\WINDOWS\SYSTEM32\drivers\etc\Hots.

Dennoch: Immerhin kam die Meldung von eType nicht mehr. Am Anfang des Start jedoch immer noch die alte Fehlermeldung.

Alt 17.04.2012, 11:42   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
eType Virus - Standard

eType Virus



Wiederhol den Fix im abgesicherten Modus bitte
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 17.04.2012, 17:21   #11
Dittsche182
 
eType Virus - Standard

eType Virus



Nun hat es geklappt. Beim Neustarten durch OTL kam allerdings leider wieder die Fehlermeldung.

Hier die Log-Datei:

Code:
ATTFilter
 
All processes killed
========== OTL ==========
HKU\S-1-5-21-1085031214-1482476501-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1085031214-1482476501-725345543-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
HKEY_USERS\S-1-5-21-1085031214-1482476501-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-21-1085031214-1482476501-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1085031214-1482476501-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1085031214-1482476501-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ not found.
Registry key HKEY_USERS\S-1-5-21-1085031214-1482476501-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_USERS\S-1-5-21-1085031214-1482476501-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Prefs.js: "hxxp://start.icq.com/em/" removed from browser.startup.homepage
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Folder C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\igmbdxj9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\ not found.
Folder C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\u6r1xior.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\ not found.
Folder C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\u6r1xior.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
Folder C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\u6r1xior.default\extensions\specialsavings@superfish.com\ not found.
File C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\igmbdxj9.default\searchplugins\icqplugin.xml not found.
File C:\Programme\mozilla firefox\searchplugins\Search_Results.xml not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d0230100-3044-43b1-a44e-70dc12fd418c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0230100-3044-43b1-a44e-70dc12fd418c}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{d0230100-3044-43b1-a44e-70dc12fd418c} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0230100-3044-43b1-a44e-70dc12fd418c}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 not found.
Registry value HKEY_USERS\S-1-5-21-1085031214-1482476501-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_USERS\S-1-5-21-1085031214-1482476501-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\eType not found.
File C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype\eType.exe not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\AUTOEXEC.BAT not found.
Folder C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype\ not found.
File C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype\eType.exe not found.
File C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype\eTypeUpdate.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Peter Lustig
->Temp folder emptied: 187856 bytes
->Temporary Internet Files folder emptied: 859602 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 177013301 bytes
->Flash cache emptied: 1358 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 190464 bytes
 
Total Files Cleaned = 170,00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
 
User: All Users
 
User: Default User
 
User: LocalService
 
User: NetworkService
 
User: Peter Lustig
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.39.2 log created on 04172012_181150

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         

Alt 17.04.2012, 18:53   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
eType Virus - Standard

eType Virus



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 17.04.2012, 19:15   #13
Dittsche182
 
eType Virus - Standard

eType Virus



Danke! Anbei die Log-Datei:

Code:
ATTFilter
20:07:22.0781 3552	TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
20:07:22.0859 3552	============================================================
20:07:22.0859 3552	Current date / time: 2012/04/17 20:07:22.0859
20:07:22.0859 3552	SystemInfo:
20:07:22.0859 3552	
20:07:22.0859 3552	OS Version: 5.1.2600 ServicePack: 3.0
20:07:22.0859 3552	Product type: Workstation
20:07:22.0859 3552	ComputerName: PETER-6X2VGMUVQ
20:07:22.0859 3552	UserName: Peter Lustig
20:07:22.0859 3552	Windows directory: C:\WINDOWS
20:07:22.0859 3552	System windows directory: C:\WINDOWS
20:07:22.0859 3552	Processor architecture: Intel x86
20:07:22.0859 3552	Number of processors: 2
20:07:22.0859 3552	Page size: 0x1000
20:07:22.0859 3552	Boot type: Normal boot
20:07:22.0859 3552	============================================================
20:07:24.0687 3552	Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x14301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
20:07:24.0687 3552	\Device\Harddisk0\DR0:
20:07:24.0687 3552	MBR used
20:07:24.0687 3552	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xFFFD851
20:07:24.0687 3552	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xFFFD890, BlocksNum 0x3A859280
20:07:24.0765 3552	Initialize success
20:07:24.0765 3552	============================================================
20:09:01.0250 3984	============================================================
20:09:01.0250 3984	Scan started
20:09:01.0250 3984	Mode: Manual; SigCheck; TDLFS; 
20:09:01.0250 3984	============================================================
20:09:01.0578 3984	!SASCORE        (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Programme\SUPERAntiSpyware\SASCORE.EXE
20:09:01.0828 3984	!SASCORE - ok
20:09:01.0906 3984	Abiosdsk - ok
20:09:01.0921 3984	abp480n5 - ok
20:09:01.0953 3984	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:09:03.0125 3984	ACPI - ok
20:09:03.0234 3984	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
20:09:03.0437 3984	ACPIEC - ok
20:09:03.0546 3984	AcPrfMgrSvc     (ac83da08b02bc2ac4f9920523275bb0f) C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
20:09:03.0578 3984	AcPrfMgrSvc ( UnsignedFile.Multi.Generic ) - warning
20:09:03.0578 3984	AcPrfMgrSvc - detected UnsignedFile.Multi.Generic (1)
20:09:03.0609 3984	AcSvc           (f0dfcab03cc9c71137d00c17feb08873) C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
20:09:03.0625 3984	AcSvc ( UnsignedFile.Multi.Generic ) - warning
20:09:03.0625 3984	AcSvc - detected UnsignedFile.Multi.Generic (1)
20:09:03.0656 3984	ADIHdAudAddService (d537f3d03c6301fefa21f3eee8cc82d8) C:\WINDOWS\system32\drivers\ADIHdAud.sys
20:09:03.0718 3984	ADIHdAudAddService - ok
20:09:03.0765 3984	AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:09:03.0796 3984	AdobeFlashPlayerUpdateSvc - ok
20:09:03.0796 3984	adpu160m - ok
20:09:03.0812 3984	AEAudio         (860df7676869cd8690cb2b23ab6de66a) C:\WINDOWS\system32\drivers\AEAudio.sys
20:09:03.0843 3984	AEAudio - ok
20:09:03.0875 3984	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:09:04.0093 3984	aec - ok
20:09:04.0156 3984	AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:09:04.0187 3984	AFD - ok
20:09:04.0218 3984	AFS2K           (c719341a1cf6afd4fa0808ae3d23d6a3) C:\WINDOWS\system32\drivers\AFS2K.sys
20:09:04.0265 3984	AFS2K - ok
20:09:04.0265 3984	Aha154x - ok
20:09:04.0281 3984	aic78u2 - ok
20:09:04.0296 3984	aic78xx - ok
20:09:04.0328 3984	Alerter         (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
20:09:04.0500 3984	Alerter - ok
20:09:04.0531 3984	ALG             (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
20:09:04.0625 3984	ALG - ok
20:09:04.0625 3984	AliIde - ok
20:09:04.0640 3984	amsint - ok
20:09:04.0671 3984	ANC             (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS
20:09:04.0687 3984	ANC ( UnsignedFile.Multi.Generic ) - warning
20:09:04.0687 3984	ANC - detected UnsignedFile.Multi.Generic (1)
20:09:04.0750 3984	AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Programme\Avira\AntiVir Desktop\sched.exe
20:09:04.0781 3984	AntiVirSchedulerService - ok
20:09:04.0812 3984	AntiVirService  (2fe359edeb34efcf42574752f8aebd3f) C:\Programme\Avira\AntiVir Desktop\avguard.exe
20:09:04.0828 3984	AntiVirService - ok
20:09:04.0875 3984	AppMgmt         (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
20:09:05.0015 3984	AppMgmt - ok
20:09:05.0046 3984	Arp1394         (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:09:05.0234 3984	Arp1394 - ok
20:09:05.0250 3984	asc - ok
20:09:05.0250 3984	asc3350p - ok
20:09:05.0265 3984	asc3550 - ok
20:09:05.0390 3984	aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:09:05.0437 3984	aspnet_state - ok
20:09:05.0468 3984	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:09:05.0656 3984	AsyncMac - ok
20:09:05.0687 3984	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:09:05.0875 3984	atapi - ok
20:09:05.0890 3984	Atdisk - ok
20:09:05.0937 3984	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:09:06.0109 3984	Atmarpc - ok
20:09:06.0140 3984	atmeltpm        (dbf0d7e2df33b469eb55406fea759350) C:\WINDOWS\system32\DRIVERS\atmeltpm.sys
20:09:06.0187 3984	atmeltpm - ok
20:09:06.0218 3984	AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
20:09:06.0390 3984	AudioSrv - ok
20:09:06.0421 3984	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:09:06.0609 3984	audstub - ok
20:09:06.0671 3984	AVerAF35        (c143c69e089c7a13520eaf06175b3a3b) C:\WINDOWS\system32\Drivers\AVerAF35.sys
20:09:06.0765 3984	AVerAF35 - ok
20:09:06.0843 3984	AVerRemote      (a33c07f7527fc4cbc664c3137eb7d744) C:\Programme\Gemeinsame Dateien\AVerMedia\Service\AVerRemote.exe
20:09:06.0890 3984	AVerRemote ( UnsignedFile.Multi.Generic ) - warning
20:09:06.0890 3984	AVerRemote - detected UnsignedFile.Multi.Generic (1)
20:09:06.0906 3984	AVerScheduleService (9aebb2d487d9bf4c0f354899d842edd0) C:\Programme\Gemeinsame Dateien\AVerMedia\Service\AVerScheduleService.exe
20:09:06.0968 3984	AVerScheduleService ( UnsignedFile.Multi.Generic ) - warning
20:09:06.0968 3984	AVerScheduleService - detected UnsignedFile.Multi.Generic (1)
20:09:06.0984 3984	avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
20:09:07.0062 3984	avgntflt - ok
20:09:07.0078 3984	avipbb          (13b02b9b969dde270cd7c351203dad3c) C:\WINDOWS\system32\DRIVERS\avipbb.sys
20:09:07.0109 3984	avipbb - ok
20:09:07.0125 3984	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
20:09:07.0140 3984	avkmgr - ok
20:09:07.0156 3984	b57w2k          (66dd574749c38153c6067ebba929befc) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
20:09:07.0203 3984	b57w2k - ok
20:09:07.0265 3984	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:09:07.0437 3984	Beep - ok
20:09:07.0484 3984	BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
20:09:07.0703 3984	BITS - ok
20:09:07.0734 3984	Browser         (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
20:09:07.0921 3984	Browser - ok
20:09:07.0953 3984	btaudio         (3aa4bf555c00c5b87fd48dd7bdbd4e97) C:\WINDOWS\system32\drivers\btaudio.sys
20:09:08.0062 3984	btaudio - ok
20:09:08.0109 3984	BTDriver        (07f0a66cfa550b13ad0674ae09e3cba0) C:\WINDOWS\system32\DRIVERS\btport.sys
20:09:08.0140 3984	BTDriver - ok
20:09:08.0187 3984	BTKRNL          (9da09b5800b9de8336948664e3b9cc94) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
20:09:08.0265 3984	BTKRNL - ok
20:09:08.0375 3984	btwdins         (d14c346d293e6f83cbb55ac641ff941e) C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
20:09:08.0390 3984	btwdins ( UnsignedFile.Multi.Generic ) - warning
20:09:08.0390 3984	btwdins - detected UnsignedFile.Multi.Generic (1)
20:09:08.0421 3984	BTWDNDIS        (b1d350f3f13cf340fce93912d2ba1ebf) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
20:09:08.0515 3984	BTWDNDIS - ok
20:09:08.0531 3984	BTWUSB          (57e91e9925976bbc98984eebaaf1d84c) C:\WINDOWS\system32\Drivers\btwusb.sys
20:09:08.0562 3984	BTWUSB - ok
20:09:08.0593 3984	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:09:08.0781 3984	cbidf2k - ok
20:09:08.0828 3984	CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:09:08.0984 3984	CCDECODE - ok
20:09:09.0000 3984	cd20xrnt - ok
20:09:09.0031 3984	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:09:09.0218 3984	Cdaudio - ok
20:09:09.0234 3984	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:09:09.0421 3984	Cdfs - ok
20:09:09.0437 3984	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:09:09.0625 3984	Cdrom - ok
20:09:09.0625 3984	Changer - ok
20:09:09.0656 3984	cisvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\System32\cisvc.exe
20:09:10.0328 3984	cisvc - ok
20:09:10.0343 3984	ClipSrv         (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
20:09:10.0515 3984	ClipSrv - ok
20:09:10.0625 3984	clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:09:10.0687 3984	clr_optimization_v2.0.50727_32 - ok
20:09:10.0734 3984	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:09:10.0750 3984	clr_optimization_v4.0.30319_32 - ok
20:09:10.0781 3984	CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:09:10.0953 3984	CmBatt - ok
20:09:10.0953 3984	CmdIde - ok
20:09:10.0968 3984	Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:09:11.0140 3984	Compbatt - ok
20:09:11.0140 3984	COMSysApp - ok
20:09:11.0156 3984	Cpqarray - ok
20:09:11.0203 3984	CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
20:09:11.0375 3984	CryptSvc - ok
20:09:11.0390 3984	dac2w2k - ok
20:09:11.0406 3984	dac960nt - ok
20:09:11.0453 3984	DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
20:09:11.0609 3984	DcomLaunch - ok
20:09:11.0625 3984	DgiVecp - ok
20:09:11.0640 3984	Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
20:09:11.0828 3984	Dhcp - ok
20:09:11.0859 3984	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:09:12.0031 3984	Disk - ok
20:09:12.0046 3984	dmadmin - ok
20:09:12.0109 3984	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
20:09:12.0328 3984	dmboot - ok
20:09:12.0375 3984	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
20:09:12.0562 3984	dmio - ok
20:09:12.0609 3984	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:09:12.0781 3984	dmload - ok
20:09:12.0812 3984	dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
20:09:13.0000 3984	dmserver - ok
20:09:13.0031 3984	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:09:13.0218 3984	DMusic - ok
20:09:13.0250 3984	Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
20:09:13.0312 3984	Dnscache - ok
20:09:13.0343 3984	Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
20:09:13.0515 3984	Dot3svc - ok
20:09:13.0531 3984	dpti2o - ok
20:09:13.0531 3984	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:09:13.0734 3984	drmkaud - ok
20:09:13.0765 3984	EapHost         (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
20:09:13.0937 3984	EapHost - ok
20:09:13.0968 3984	ERSvc           (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
20:09:14.0140 3984	ERSvc - ok
20:09:14.0171 3984	Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
20:09:14.0218 3984	Eventlog - ok
20:09:14.0265 3984	EventSystem     (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\System32\es.dll
20:09:14.0296 3984	EventSystem - ok
20:09:14.0328 3984	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:09:14.0500 3984	Fastfat - ok
20:09:14.0531 3984	FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
20:09:14.0562 3984	FastUserSwitchingCompatibility - ok
20:09:14.0578 3984	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
20:09:14.0750 3984	Fdc - ok
20:09:14.0765 3984	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
20:09:14.0953 3984	Fips - ok
20:09:14.0953 3984	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
20:09:15.0125 3984	Flpydisk - ok
20:09:15.0171 3984	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:09:15.0343 3984	FltMgr - ok
20:09:15.0453 3984	FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:09:15.0484 3984	FontCache3.0.0.0 - ok
20:09:15.0500 3984	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:09:15.0687 3984	Fs_Rec - ok
20:09:15.0703 3984	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:09:15.0875 3984	Ftdisk - ok
20:09:15.0906 3984	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:09:16.0078 3984	Gpc - ok
20:09:16.0109 3984	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:09:16.0265 3984	HDAudBus - ok
20:09:16.0343 3984	helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:09:16.0515 3984	helpsvc - ok
20:09:16.0515 3984	HidServ - ok
20:09:16.0562 3984	hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
20:09:16.0734 3984	hkmsvc - ok
20:09:16.0750 3984	hpn - ok
20:09:16.0750 3984	hpt3xx - ok
20:09:16.0796 3984	HPZid412        (287a63bd8509bd78e7978823b38afa81) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
20:09:16.0906 3984	HPZid412 - ok
20:09:16.0921 3984	HPZipr12        (0b4fda2657c3e0315eaa57f9c6d4fd1f) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
20:09:16.0968 3984	HPZipr12 - ok
20:09:17.0000 3984	HPZius12        (29559db25258b60510a60c4e470fce32) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
20:09:17.0078 3984	HPZius12 - ok
20:09:17.0125 3984	HSFHWAZL        (6a5c4732d6803f84e2987edd8e4359ce) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
20:09:17.0171 3984	HSFHWAZL - ok
20:09:17.0203 3984	HSF_DPV         (21c31273c6cc4826e74be8ae3b09d4a8) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
20:09:17.0265 3984	HSF_DPV - ok
20:09:17.0328 3984	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:09:17.0375 3984	HTTP - ok
20:09:17.0406 3984	HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
20:09:17.0578 3984	HTTPFilter - ok
20:09:17.0578 3984	i2omgmt - ok
20:09:17.0593 3984	i2omp - ok
20:09:17.0625 3984	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:09:17.0796 3984	i8042prt - ok
20:09:17.0968 3984	ialm            (06b71441957b48a4866de2fe27cb79c8) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
20:09:18.0234 3984	ialm - ok
20:09:18.0296 3984	iastor          (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\WINDOWS\system32\Drivers\iaStor.sys
20:09:18.0328 3984	iastor - ok
20:09:18.0359 3984	IBMPMDRV        (bf648877413f6160e480814a24942b65) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
20:09:18.0375 3984	IBMPMDRV - ok
20:09:18.0406 3984	IBMPMSVC        (a75ce11915e4ecc5e1597d6e0f7bb2db) C:\WINDOWS\system32\ibmpmsvc.exe
20:09:18.0421 3984	IBMPMSVC - ok
20:09:18.0453 3984	IBMTPCHK        (083d095fed4b01fff9d501b98d50db68) C:\WINDOWS\system32\Drivers\IBMBLDID.sys
20:09:18.0453 3984	IBMTPCHK ( UnsignedFile.Multi.Generic ) - warning
20:09:18.0453 3984	IBMTPCHK - detected UnsignedFile.Multi.Generic (1)
20:09:18.0515 3984	IBUpdaterService (7e22c5fdca42458b8bc6892fec135258) C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUpdaterService\ibsvc.exe
20:09:18.0546 3984	IBUpdaterService - ok
20:09:18.0687 3984	idsvc           (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:09:18.0750 3984	idsvc - ok
20:09:18.0781 3984	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\drivers\Imapi.sys
20:09:18.0968 3984	Imapi - ok
20:09:19.0000 3984	ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\System32\imapi.exe
20:09:19.0156 3984	ImapiService - ok
20:09:19.0187 3984	ini910u - ok
20:09:19.0203 3984	IntelIde - ok
20:09:19.0234 3984	intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:09:19.0421 3984	intelppm - ok
20:09:19.0453 3984	ip6fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:09:19.0640 3984	ip6fw - ok
20:09:19.0671 3984	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:09:20.0125 3984	IpFilterDriver - ok
20:09:20.0156 3984	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:09:20.0343 3984	IpInIp - ok
20:09:20.0375 3984	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:09:20.0546 3984	IpNat - ok
20:09:20.0562 3984	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:09:20.0750 3984	IPSec - ok
20:09:20.0765 3984	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:09:20.0859 3984	IRENUM - ok
20:09:20.0906 3984	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:09:21.0062 3984	isapnp - ok
20:09:21.0171 3984	JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Programme\Java\jre6\bin\jqs.exe
20:09:21.0187 3984	JavaQuickStarterService - ok
20:09:21.0203 3984	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:09:21.0375 3984	Kbdclass - ok
20:09:21.0406 3984	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:09:21.0578 3984	kmixer - ok
20:09:21.0609 3984	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:09:21.0703 3984	KSecDD - ok
20:09:21.0750 3984	lanmanserver    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
20:09:21.0828 3984	lanmanserver - ok
20:09:21.0859 3984	lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
20:09:21.0890 3984	lanmanworkstation - ok
20:09:21.0906 3984	lbrtfdc - ok
20:09:21.0953 3984	LmHosts         (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
20:09:22.0125 3984	LmHosts - ok
20:09:22.0156 3984	MDM             (11f714f85530a2bd134074dc30e99fca) C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
20:09:22.0187 3984	MDM - ok
20:09:22.0218 3984	mdmxsdk         (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
20:09:22.0234 3984	mdmxsdk - ok
20:09:22.0250 3984	Messenger       (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
20:09:22.0437 3984	Messenger - ok
20:09:22.0468 3984	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:09:22.0656 3984	mnmdd - ok
20:09:22.0687 3984	mnmsrvc         (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\System32\mnmsrvc.exe
20:09:22.0859 3984	mnmsrvc - ok
20:09:22.0890 3984	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
20:09:23.0062 3984	Modem - ok
20:09:23.0062 3984	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:09:23.0234 3984	Mouclass - ok
20:09:23.0265 3984	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:09:23.0437 3984	MountMgr - ok
20:09:23.0453 3984	MPE             (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
20:09:23.0640 3984	MPE - ok
20:09:23.0640 3984	mraid35x - ok
20:09:23.0656 3984	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:09:23.0828 3984	MRxDAV - ok
20:09:23.0875 3984	MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:09:23.0953 3984	MRxSmb - ok
20:09:23.0968 3984	MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\System32\msdtc.exe
20:09:24.0140 3984	MSDTC - ok
20:09:24.0156 3984	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:09:24.0312 3984	Msfs - ok
20:09:24.0328 3984	MSIServer - ok
20:09:24.0343 3984	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:09:24.0515 3984	MSKSSRV - ok
20:09:24.0531 3984	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:09:24.0703 3984	MSPCLOCK - ok
20:09:24.0734 3984	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:09:24.0890 3984	MSPQM - ok
20:09:24.0921 3984	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:09:25.0093 3984	mssmbios - ok
20:09:25.0109 3984	MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
20:09:25.0281 3984	MSTEE - ok
20:09:25.0312 3984	Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:09:25.0328 3984	Mup - ok
20:09:25.0359 3984	NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:09:25.0531 3984	NABTSFEC - ok
20:09:25.0578 3984	napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
20:09:25.0781 3984	napagent - ok
20:09:25.0796 3984	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:09:25.0968 3984	NDIS - ok
20:09:25.0984 3984	NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:09:26.0156 3984	NdisIP - ok
20:09:26.0218 3984	NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:09:26.0265 3984	NdisTapi - ok
20:09:26.0281 3984	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:09:26.0453 3984	Ndisuio - ok
20:09:26.0468 3984	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:09:26.0625 3984	NdisWan - ok
20:09:26.0671 3984	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:09:26.0734 3984	NDProxy - ok
20:09:26.0750 3984	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:09:26.0921 3984	NetBIOS - ok
20:09:26.0953 3984	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:09:27.0109 3984	NetBT - ok
20:09:27.0156 3984	NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
20:09:27.0328 3984	NetDDE - ok
20:09:27.0343 3984	NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
20:09:27.0515 3984	NetDDEdsdm - ok
20:09:27.0531 3984	Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\System32\lsass.exe
20:09:27.0703 3984	Netlogon - ok
20:09:27.0734 3984	Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
20:09:27.0921 3984	Netman - ok
20:09:27.0984 3984	NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:09:28.0015 3984	NetTcpPortSharing - ok
20:09:28.0093 3984	NETw4x32        (18b2d3e11ed7a3c898ade6a6692b6929) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
20:09:28.0312 3984	NETw4x32 - ok
20:09:28.0328 3984	NIC1394         (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:09:28.0500 3984	NIC1394 - ok
20:09:28.0546 3984	Nla             (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
20:09:28.0578 3984	Nla - ok
20:09:28.0609 3984	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:09:28.0781 3984	Npfs - ok
20:09:28.0812 3984	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:09:29.0031 3984	Ntfs - ok
20:09:29.0078 3984	NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\System32\lsass.exe
20:09:29.0234 3984	NtLmSsp - ok
20:09:29.0328 3984	NtmsSvc         (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
20:09:29.0515 3984	NtmsSvc - ok
20:09:29.0562 3984	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:09:29.0953 3984	Null - ok
20:09:30.0000 3984	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:09:30.0171 3984	NwlnkFlt - ok
20:09:30.0171 3984	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:09:30.0343 3984	NwlnkFwd - ok
20:09:30.0375 3984	ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:09:30.0546 3984	ohci1394 - ok
20:09:30.0578 3984	OMSI download service (da345de3b450e9e1691e7b9956d8ffc3) C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
20:09:30.0609 3984	OMSI download service ( UnsignedFile.Multi.Generic ) - warning
20:09:30.0609 3984	OMSI download service - detected UnsignedFile.Multi.Generic (1)
20:09:30.0625 3984	ose             (7a56cf3e3f12e8af599963b16f50fb6a) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
20:09:30.0656 3984	ose - ok
20:09:30.0687 3984	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
20:09:30.0890 3984	Parport - ok
20:09:30.0890 3984	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:09:31.0062 3984	PartMgr - ok
20:09:31.0093 3984	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
20:09:31.0265 3984	ParVdm - ok
20:09:31.0296 3984	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
20:09:31.0468 3984	PCI - ok
20:09:31.0484 3984	PCIDump - ok
20:09:31.0484 3984	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:09:31.0656 3984	PCIIde - ok
20:09:31.0671 3984	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
20:09:31.0828 3984	Pcmcia - ok
20:09:31.0843 3984	PDCOMP - ok
20:09:31.0859 3984	PDFRAME - ok
20:09:31.0859 3984	PDRELI - ok
20:09:31.0875 3984	PDRFRAME - ok
20:09:31.0890 3984	perc2 - ok
20:09:31.0906 3984	perc2hib - ok
20:09:31.0968 3984	PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
20:09:31.0984 3984	PlugPlay - ok
20:09:32.0031 3984	Pml Driver HPZ12 (5c1cadd1cb67c0b9d8a84ec6e4d6b5cc) C:\WINDOWS\system32\HPZipm12.exe
20:09:32.0062 3984	Pml Driver HPZ12 - ok
20:09:32.0125 3984	PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\System32\lsass.exe
20:09:32.0281 3984	PolicyAgent - ok
20:09:32.0312 3984	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:09:32.0468 3984	PptpMiniport - ok
20:09:32.0484 3984	Processor       (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
20:09:32.0671 3984	Processor - ok
20:09:32.0671 3984	ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
20:09:32.0843 3984	ProtectedStorage - ok
20:09:32.0859 3984	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:09:33.0046 3984	PSched - ok
20:09:33.0046 3984	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:09:33.0218 3984	Ptilink - ok
20:09:33.0234 3984	ql1080 - ok
20:09:33.0250 3984	Ql10wnt - ok
20:09:33.0265 3984	ql12160 - ok
20:09:33.0281 3984	ql1240 - ok
20:09:33.0296 3984	ql1280 - ok
20:09:33.0296 3984	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:09:33.0468 3984	RasAcd - ok
20:09:33.0515 3984	RasAuto         (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
20:09:33.0687 3984	RasAuto - ok
20:09:33.0703 3984	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:09:33.0890 3984	Rasl2tp - ok
20:09:33.0921 3984	RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
20:09:34.0093 3984	RasMan - ok
20:09:34.0109 3984	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:09:34.0265 3984	RasPppoe - ok
20:09:34.0281 3984	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:09:34.0453 3984	Raspti - ok
20:09:34.0484 3984	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:09:34.0656 3984	Rdbss - ok
20:09:34.0671 3984	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:09:34.0828 3984	RDPCDD - ok
20:09:34.0859 3984	rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:09:35.0015 3984	rdpdr - ok
20:09:35.0062 3984	RDPWD           (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
20:09:35.0125 3984	RDPWD - ok
20:09:35.0156 3984	RDSessMgr       (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
20:09:35.0328 3984	RDSessMgr - ok
20:09:35.0343 3984	redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:09:35.0515 3984	redbook - ok
20:09:35.0546 3984	RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
20:09:35.0718 3984	RemoteAccess - ok
20:09:35.0750 3984	RemoteRegistry  (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
20:09:35.0906 3984	RemoteRegistry - ok
20:09:35.0921 3984	RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\System32\locator.exe
20:09:36.0093 3984	RpcLocator - ok
20:09:36.0125 3984	RpcSs           (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
20:09:36.0156 3984	RpcSs - ok
20:09:36.0203 3984	RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\System32\rsvp.exe
20:09:36.0375 3984	RSVP - ok
20:09:36.0421 3984	rtl8139         (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
20:09:36.0593 3984	rtl8139 - ok
20:09:36.0625 3984	s217bus         (0266151de3f36429f6ac3c4b28085061) C:\WINDOWS\system32\DRIVERS\s217bus.sys
20:09:36.0656 3984	s217bus - ok
20:09:36.0687 3984	s217mdfl        (a43c0af0e46be7ef0c7e8ccf0f058600) C:\WINDOWS\system32\DRIVERS\s217mdfl.sys
20:09:36.0703 3984	s217mdfl - ok
20:09:36.0734 3984	s217mdm         (005f5ded1ed8f8a9d2399d765ead20f1) C:\WINDOWS\system32\DRIVERS\s217mdm.sys
20:09:36.0750 3984	s217mdm - ok
20:09:36.0781 3984	s217mgmt        (de9562ad0c91e1857d11f65a91ee1a47) C:\WINDOWS\system32\DRIVERS\s217mgmt.sys
20:09:36.0796 3984	s217mgmt - ok
20:09:36.0812 3984	s217nd5         (11cc5d7f992799e7e75d018e9c018563) C:\WINDOWS\system32\DRIVERS\s217nd5.sys
20:09:36.0843 3984	s217nd5 - ok
20:09:36.0859 3984	s217obex        (0f9f4045799afb66b85eef999d0609ec) C:\WINDOWS\system32\DRIVERS\s217obex.sys
20:09:36.0890 3984	s217obex - ok
20:09:36.0890 3984	s217unic        (1c91e1023f07b6407d84b5a43537d984) C:\WINDOWS\system32\DRIVERS\s217unic.sys
20:09:36.0921 3984	s217unic - ok
20:09:36.0937 3984	SamSs           (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
20:09:37.0109 3984	SamSs - ok
20:09:37.0187 3984	SASDIFSV        (39763504067962108505bff25f024345) C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
20:09:37.0203 3984	SASDIFSV - ok
20:09:37.0203 3984	SASKUTIL        (77b9fc20084b48408ad3e87570eb4a85) C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
20:09:37.0234 3984	SASKUTIL - ok
20:09:37.0250 3984	SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
20:09:37.0437 3984	SCardSvr - ok
20:09:37.0468 3984	Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
20:09:37.0640 3984	Schedule - ok
20:09:37.0687 3984	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:09:37.0781 3984	Secdrv - ok
20:09:37.0796 3984	seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
20:09:37.0968 3984	seclogon - ok
20:09:38.0000 3984	seehcri         (e5b56569a9f79b70314fede6c953641e) C:\WINDOWS\system32\DRIVERS\seehcri.sys
20:09:38.0078 3984	seehcri - ok
20:09:38.0093 3984	SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
20:09:38.0281 3984	SENS - ok
20:09:38.0312 3984	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
20:09:38.0484 3984	Serial - ok
20:09:38.0515 3984	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:09:38.0687 3984	Sfloppy - ok
20:09:38.0734 3984	SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
20:09:38.0906 3984	SharedAccess - ok
20:09:38.0953 3984	ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
20:09:38.0968 3984	ShellHWDetection - ok
20:09:39.0000 3984	Shockprf        (e22ef09693396bfeda7edc47b6c16e26) C:\WINDOWS\system32\DRIVERS\Apsx86.sys
20:09:39.0015 3984	Shockprf - ok
20:09:39.0031 3984	Simbad - ok
20:09:39.0046 3984	SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:09:39.0234 3984	SLIP - ok
20:09:39.0250 3984	Sparrow - ok
20:09:39.0328 3984	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:09:39.0484 3984	splitter - ok
20:09:39.0515 3984	Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
20:09:39.0578 3984	Spooler - ok
20:09:39.0593 3984	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
20:09:39.0687 3984	sr - ok
20:09:39.0703 3984	srservice       (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\System32\srsvc.dll
20:09:39.0968 3984	srservice - ok
20:09:40.0000 3984	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:09:40.0062 3984	Srv - ok
20:09:40.0078 3984	SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
20:09:40.0171 3984	SSDPSRV - ok
20:09:40.0203 3984	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
20:09:40.0234 3984	ssmdrv - ok
20:09:40.0234 3984	SSPORT - ok
20:09:40.0265 3984	stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
20:09:40.0453 3984	stisvc - ok
20:09:40.0484 3984	streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:09:40.0656 3984	streamip - ok
20:09:40.0671 3984	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:09:40.0843 3984	swenum - ok
20:09:40.0859 3984	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:09:41.0031 3984	swmidi - ok
20:09:41.0031 3984	SwPrv - ok
20:09:41.0046 3984	symc810 - ok
20:09:41.0062 3984	symc8xx - ok
20:09:41.0078 3984	sym_hi - ok
20:09:41.0093 3984	sym_u3 - ok
20:09:41.0125 3984	SynTP           (b248b5fe80b285b91cb1e6f85b0ae1d7) C:\WINDOWS\system32\DRIVERS\SynTP.sys
20:09:41.0203 3984	SynTP - ok
20:09:41.0234 3984	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:09:41.0406 3984	sysaudio - ok
20:09:41.0437 3984	SysmonLog       (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
20:09:41.0609 3984	SysmonLog - ok
20:09:41.0640 3984	TapiSrv         (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
20:09:41.0812 3984	TapiSrv - ok
20:09:41.0875 3984	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:09:41.0937 3984	Tcpip - ok
20:09:41.0953 3984	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:09:42.0109 3984	TDPIPE - ok
20:09:42.0156 3984	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:09:42.0328 3984	TDTCP - ok
20:09:42.0343 3984	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:09:42.0500 3984	TermDD - ok
20:09:42.0531 3984	TermService     (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
20:09:42.0718 3984	TermService - ok
20:09:42.0750 3984	Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
20:09:42.0781 3984	Themes - ok
20:09:42.0796 3984	TlntSvr         (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\System32\tlntsvr.exe
20:09:42.0890 3984	TlntSvr - ok
20:09:42.0906 3984	TosIde - ok
20:09:42.0953 3984	TPDIGIMN        (a44928f04032d49a6c2e151f869fb152) C:\WINDOWS\system32\DRIVERS\ApsHM86.sys
20:09:42.0968 3984	TPDIGIMN - ok
20:09:42.0984 3984	TPHDEXLGSVC     (33d918574810b910de2cc18874d51c97) C:\WINDOWS\system32\TPHDEXLG.exe
20:09:43.0015 3984	TPHDEXLGSVC - ok
20:09:43.0046 3984	TPHKDRV         (542770c8925e13b29b1ba63f05898058) C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys
20:09:43.0093 3984	TPHKDRV - ok
20:09:43.0109 3984	TPPWRIF         (44672de6cea9569c21c4b7a8d2560750) C:\WINDOWS\system32\drivers\Tppwrif.sys
20:09:43.0125 3984	TPPWRIF ( UnsignedFile.Multi.Generic ) - warning
20:09:43.0125 3984	TPPWRIF - detected UnsignedFile.Multi.Generic (1)
20:09:43.0140 3984	TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
20:09:43.0296 3984	TrkWks - ok
20:09:43.0328 3984	TSMAPIP         (ea856d91b3c088ce331e7740c72f43a3) C:\WINDOWS\system32\drivers\TSMAPIP.SYS
20:09:43.0343 3984	TSMAPIP - ok
20:09:43.0421 3984	TUWinStylerThemeSvc (8f5d673617d0101fc85dd30a27fc20c4) C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
20:09:43.0453 3984	TUWinStylerThemeSvc ( UnsignedFile.Multi.Generic ) - warning
20:09:43.0453 3984	TUWinStylerThemeSvc - detected UnsignedFile.Multi.Generic (1)
20:09:43.0468 3984	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:09:43.0656 3984	Udfs - ok
20:09:43.0656 3984	UIUSys - ok
20:09:43.0671 3984	ultra - ok
20:09:43.0687 3984	UMWdf           (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\system32\wdfmgr.exe
20:09:43.0765 3984	UMWdf - ok
20:09:43.0796 3984	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:09:44.0000 3984	Update - ok
20:09:44.0031 3984	upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
20:09:44.0140 3984	upnphost - ok
20:09:44.0156 3984	UPS             (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
20:09:44.0343 3984	UPS - ok
20:09:44.0359 3984	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:09:44.0515 3984	usbccgp - ok
20:09:44.0562 3984	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:09:44.0734 3984	usbehci - ok
20:09:44.0781 3984	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:09:44.0937 3984	usbhub - ok
20:09:44.0953 3984	usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:09:45.0125 3984	usbprint - ok
20:09:45.0156 3984	usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:09:45.0312 3984	usbscan - ok
20:09:45.0343 3984	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:09:45.0500 3984	USBSTOR - ok
20:09:45.0531 3984	usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:09:45.0687 3984	usbuhci - ok
20:09:45.0703 3984	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:09:45.0859 3984	VgaSave - ok
20:09:45.0875 3984	ViaIde - ok
20:09:45.0890 3984	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
20:09:46.0062 3984	VolSnap - ok
20:09:46.0093 3984	VSS             (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
20:09:46.0187 3984	VSS - ok
20:09:46.0218 3984	W32Time         (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\System32\w32time.dll
20:09:46.0390 3984	W32Time - ok
20:09:46.0421 3984	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:09:46.0593 3984	Wanarp - ok
20:09:46.0593 3984	WDICA - ok
20:09:46.0625 3984	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:09:46.0796 3984	wdmaud - ok
20:09:46.0828 3984	WebClient       (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
20:09:46.0984 3984	WebClient - ok
20:09:47.0046 3984	winachsf        (307d248f97835b6879bdd361086924fe) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
20:09:47.0093 3984	winachsf - ok
20:09:47.0156 3984	winmgmt         (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
20:09:47.0328 3984	winmgmt - ok
20:09:47.0390 3984	WmdmPmSN        (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\MsPMSNSv.dll
20:09:47.0437 3984	WmdmPmSN - ok
20:09:47.0484 3984	Wmi             (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
20:09:47.0531 3984	Wmi - ok
20:09:47.0578 3984	WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\System32\wbem\wmiapsrv.exe
20:09:47.0734 3984	WmiApSrv - ok
20:09:47.0765 3984	WpdUsb          (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
20:09:47.0796 3984	WpdUsb - ok
20:09:47.0921 3984	WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:09:47.0968 3984	WPFFontCache_v0400 - ok
20:09:48.0031 3984	wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
20:09:48.0203 3984	wscsvc - ok
20:09:48.0234 3984	WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:09:48.0406 3984	WSTCODEC - ok
20:09:48.0421 3984	wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
20:09:48.0609 3984	wuauserv - ok
20:09:48.0656 3984	WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
20:09:48.0875 3984	WZCSVC - ok
20:09:48.0906 3984	xmlprov         (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
20:09:49.0093 3984	xmlprov - ok
20:09:49.0125 3984	MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
20:09:49.0359 3984	\Device\Harddisk0\DR0 - ok
20:09:49.0359 3984	Boot (0x1200)   (3d31d5bc0e6e03e30ce042d04bd4f953) \Device\Harddisk0\DR0\Partition0
20:09:49.0359 3984	\Device\Harddisk0\DR0\Partition0 - ok
20:09:49.0406 3984	Boot (0x1200)   (1f70e1be3945d5cc3fd28bd642382d80) \Device\Harddisk0\DR0\Partition1
20:09:49.0421 3984	\Device\Harddisk0\DR0\Partition1 - ok
20:09:49.0421 3984	============================================================
20:09:49.0421 3984	Scan finished
20:09:49.0421 3984	============================================================
20:09:49.0531 3612	Detected object count: 10
20:09:49.0531 3612	Actual detected object count: 10
20:12:14.0000 3612	AcPrfMgrSvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:14.0000 3612	AcPrfMgrSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:12:14.0000 3612	AcSvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:14.0000 3612	AcSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:12:14.0015 3612	ANC ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:14.0015 3612	ANC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:12:14.0015 3612	AVerRemote ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:14.0015 3612	AVerRemote ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:12:14.0015 3612	AVerScheduleService ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:14.0015 3612	AVerScheduleService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:12:14.0015 3612	btwdins ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:14.0015 3612	btwdins ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:12:14.0015 3612	IBMTPCHK ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:14.0015 3612	IBMTPCHK ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:12:14.0015 3612	OMSI download service ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:14.0015 3612	OMSI download service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:12:14.0015 3612	TPPWRIF ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:14.0015 3612	TPPWRIF ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:12:14.0015 3612	TUWinStylerThemeSvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:14.0015 3612	TUWinStylerThemeSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 17.04.2012, 19:54   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
eType Virus - Standard

eType Virus



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 17.04.2012, 20:28   #15
Dittsche182
 
eType Virus - Standard

eType Virus



Anbei die Log-Datei:


Combofix Logfile:
Code:
ATTFilter
ComboFix 12-04-16.04 - Peter Lustig 17.04.2012  21:14:02.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.3062.2558 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Peter Lustig\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programme\xp-AntiSpy
c:\programme\xp-AntiSpy\Uninstall.exe
c:\programme\xp-AntiSpy\xp-AntiSpy.chm
c:\programme\xp-AntiSpy\xp-AntiSpy.exe
c:\programme\xp-AntiSpy\xp-AntiSpy.url
c:\windows\system32\pthreadVC.dll
c:\windows\system32\TPHDLOG0.LOG
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-03-17 bis 2012-04-17  ))))))))))))))))))))))))))))))
.
.
2012-04-17 16:07 . 2012-04-17 16:07	--------	d-----w-	c:\dokumente und einstellungen\Administrator
2012-04-16 19:45 . 2012-04-16 19:45	--------	d-----w-	C:\_OTL
2012-04-15 19:40 . 2012-04-15 19:40	--------	d-----w-	c:\programme\ESET
2012-04-15 10:32 . 2012-04-15 10:32	--------	d-----w-	c:\dokumente und einstellungen\Peter Lustig\Anwendungsdaten\SUPERAntiSpyware.com
2012-04-15 10:31 . 2012-04-15 10:32	--------	d-----w-	c:\programme\SUPERAntiSpyware
2012-04-15 10:31 . 2012-04-15 10:31	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
2012-04-15 07:23 . 2012-04-15 07:23	--------	d-----w-	c:\dokumente und einstellungen\Peter Lustig\Anwendungsdaten\Malwarebytes
2012-04-15 07:23 . 2012-04-15 07:23	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-04-15 07:23 . 2012-04-15 07:23	--------	d-----w-	c:\programme\Malwarebytes' Anti-Malware
2012-04-15 07:23 . 2012-04-04 13:56	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-04-14 22:29 . 2012-04-15 07:27	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\bProtector
2012-04-14 22:29 . 2012-04-14 22:29	793080	----a-w-	c:\windows\system32\protector.dll
2012-04-14 22:29 . 2012-04-14 22:32	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\IBUpdaterService
2012-04-04 11:47 . 2012-04-04 11:47	--------	d-----w-	c:\programme\DVDVideoSoft
2012-04-02 11:54 . 2012-04-02 11:54	--------	d-----w-	c:\dokumente und einstellungen\Peter Lustig\Anwendungsdaten\SunODFPluginforMicrosoftOffice
2012-04-02 11:52 . 2012-04-14 18:27	418464	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-04-02 11:41 . 2012-04-02 12:10	--------	d-----w-	c:\programme\Sun
2012-03-20 17:47 . 2012-03-20 17:47	--------	d-----w-	c:\dokumente und einstellungen\Peter Lustig\Lokale Einstellungen\Anwendungsdaten\Identities
2012-03-19 13:40 . 2012-03-19 13:40	592824	----a-w-	c:\programme\Mozilla Firefox\gkmedias.dll
2012-03-19 13:40 . 2012-03-19 13:40	44472	----a-w-	c:\programme\Mozilla Firefox\mozglue.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 18:27 . 2011-11-04 20:44	70304	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-02 06:46 . 2012-03-02 06:46	73728	----a-w-	c:\windows\system32\javacpl.cpl
2012-03-02 06:46 . 2011-11-19 15:03	472808	----a-w-	c:\windows\system32\deployJava1.dll
2012-03-01 11:00 . 2001-08-18 12:00	916992	----a-w-	c:\windows\system32\wininet.dll
2012-03-01 11:00 . 2001-08-18 12:00	43520	------w-	c:\windows\system32\licmgr10.dll
2012-03-01 11:00 . 2001-08-18 12:00	1469440	------w-	c:\windows\system32\inetcpl.cpl
2012-02-29 14:09 . 2001-08-18 12:00	177664	----a-w-	c:\windows\system32\wintrust.dll
2012-02-29 14:09 . 2001-08-18 12:00	148480	----a-w-	c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2011-11-03 15:42	385024	------w-	c:\windows\system32\html.iec
2012-02-15 14:36 . 2011-11-04 19:11	137416	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-02-03 09:57 . 2001-08-18 12:00	1860224	----a-w-	c:\windows\system32\win32k.sys
2012-03-19 13:40 . 2011-11-04 19:23	97208	----a-w-	c:\programme\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\programme\NetWaiting\NetWaiting.exe" [2007-01-08 26152]
"SUPERAntiSpyware"="c:\programme\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\programme\Synaptics\SynTP\SynTPLpr.exe" [2007-07-05 110592]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2007-07-05 512000]
"TPFNF7"="c:\progra~1\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-04-09 58416]
"SoundMAXPnP"="c:\programme\Analog Devices\Core\smax4pnp.exe" [2007-04-09 1015808]
"ACTray"="c:\programme\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 413696]
"ACWLIcon"="c:\programme\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 126976]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-28 243248]
"TPHOTKEY"="c:\programme\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176]
"TpShocks"="TpShocks.exe" [2007-09-28 181544]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-09-05 200704]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-09-05 208896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-07 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-07 162328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-07 137752]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2011-10-19 258512]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-01-18 254696]
"SweetIM"="c:\programme\SweetIM\Messenger\SweetIM.exe" [2012-02-16 114992]
"Sweetpacks Communicator"="c:\programme\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-02-26 295728]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
BTTray.lnk - c:\programme\ThinkPad\Bluetooth Software\BTTray.exe [2007-2-27 561213]
Digital Line Detect.lnk - c:\programme\Digital Line Detect\DLG.exe [2011-11-4 50688]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programme\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54	551296	----a-w-	c:\programme\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 07:37	34344	----a-w-	c:\programme\Lenovo\HOTKEY\notifyf2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2006-12-14 02:06	28672	----a-w-	c:\programme\Lenovo\HOTKEY\tphklock.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=protector.dll
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AVer HID Receiver.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\AVer HID Receiver.lnk
backup=c:\windows\pss\AVer HID Receiver.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AVerQuick.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\AVerQuick.lnk
backup=c:\windows\pss\AVerQuick.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Digital Imaging Monitor.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^McAfee Security Scan Plus.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 21:16	39792	----a-w-	c:\programme\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2003-06-25 10:24	49152	----a-w-	c:\programme\HP\HP Software Update\hpwuSchd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-11-04 20:34	127040	----a-w-	c:\programme\ICQ7.6\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 06:52	1695232	------w-	c:\programme\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr]
2009-08-14 08:10	614400	----a-w-	c:\windows\Samsung\PanelMgr\SSMMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 08:27	17351304	----a-r-	c:\programme\Skype\Phone\Skype.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\ICQ7.6\\ICQ.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Programme\\SweetIM\\Communicator\\SweetPacksUpdateManager.exe"=
.
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [28.09.2007 17:28 19504]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [04.11.2011 21:11 36000]
R1 SASDIFSV;SASDIFSV;c:\programme\SUPERAntiSpyware\sasdifsv.sys [22.07.2011 18:27 12880]
R1 SASKUTIL;SASKUTIL;c:\programme\SUPERAntiSpyware\SASKUTIL.SYS [12.07.2011 23:55 67664]
R2 !SASCORE;SAS Core Service;c:\programme\SUPERAntiSpyware\SASCore.exe [12.08.2011 01:38 116608]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [04.11.2011 21:11 86224]
R2 AVerRemote;AVerRemote;c:\programme\Gemeinsame Dateien\AVerMedia\Service\AVerRemote.exe [03.11.2011 19:02 344064]
R2 AVerScheduleService;AVerScheduleService;c:\programme\Gemeinsame Dateien\AVerMedia\Service\AVerScheduleService.exe [03.11.2011 19:02 389120]
R2 IBUpdaterService;Updater Service;c:\dokumente und einstellungen\All Users\Anwendungsdaten\IBUpdaterService\ibsvc.exe [15.04.2012 00:29 342968]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [13.11.2011 16:30 90112]
R3 AVerAF35;AVerMedia A835 USB DVB-T;c:\windows\system32\drivers\AVerAF35.sys [03.11.2011 19:04 474880]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [13.11.2011 16:31 27632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.03.2010 14:16 130384]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [02.04.2012 13:52 253088]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.03.2010 14:16 753504]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-13 c:\windows\Tasks\1-Klick-Wartung.job
- c:\programme\TuneUp Utilities 2006\SystemOptimizer.exe [2005-08-24 01:29]
.
2012-04-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 18:27]
.
2012-04-17 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2011-11-04 16:18]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
IE: Bild in &Microsoft PhotoDraw öffnen - c:\progra~1\MICROS~2\Office\1031\phdintl.dll/phdContext.htm
IE: Free YouTube to MP3 Converter - c:\dokumente und einstellungen\Peter Lustig\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Senden an &Bluetooth-Gerät... - c:\programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Web-Suche - c:\programme\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\programme\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\dokumente und einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\u6r1xior.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/resultsext.aspx?ctid=ct2269050&searchsource=3&q={searchterms}
FF - prefs.js: browser.search.selectedengine - google
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/em/
FF - prefs.js: keyword.url - hxxp://dts.search-results.com/sr?src=ffb&appid=286&systemid=406&sr=0&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{d0230100-3044-43b1-a44e-70dc12fd418c} - (no file)
Toolbar-{d0230100-3044-43b1-a44e-70dc12fd418c} - (no file)
Notify-ACNotify - ACNotify.dll
AddRemove-xp-AntiSpy - c:\programme\xp-AntiSpy\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-04-17 21:22
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(976)
c:\programme\SUPERAntiSpyware\SASWINLO.DLL
c:\programme\ThinkPad\ConnectUtilities\ACNotify.dll
c:\programme\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\programme\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\programme\ThinkPad\ConnectUtilities\ACHelper.dll
c:\programme\Lenovo\HOTKEY\tphklock.dll
.
- - - - - - - > 'explorer.exe'(2428)
c:\windows\system32\btmmhook.dll
c:\windows\system32\webcheck.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\System32\TPHDEXLG.exe
c:\windows\system32\wdfmgr.exe
c:\programme\ThinkPad\ConnectUtilities\AcSvc.exe
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\TpShocks.exe
c:\windows\system32\rundll32.exe
c:\programme\Lenovo\HOTKEY\TPONSCR.exe
c:\windows\system32\igfxsrvc.exe
c:\programme\Lenovo\Zoom\TpScrex.exe
c:\progra~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-04-17  21:25:59 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-04-17 19:25
.
Vor Suchlauf: 10 Verzeichnis(se), 110.822.125.568 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 110.696.505.344 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - C5BE54E6C021F37F63153A9DEA4D1182
         
--- --- ---

10.45 Uhr: Die Fehlermeldung erscheint nun auch nicht mehr beim Starten!

Antwort

Themen zu eType Virus
administrator, anti-malware, autostart, beim starten, dateien, dateisystem, detected, ergebnis, explorer, fehlermeldung, fehlermeldung beim starten, heuristiks/extra, heuristiks/shuriken, ibsvc.exe, ibupdaterservice, maleware, microsoft, neustart, nicht mehr, object, probleme, pup.bundleinstaller.ib, rechner, recycler, scan, searchscopes, service pack 3, software, starten, superantispyware, viren, virus, windows




Zum Thema eType Virus - Hallo zusammen, da ihr mir vor 2 Jahren schon einmal hervorragend geholfen habt, wende ich mich heute (leider) wieder an euch, in der Offnung auf wieder gut support! Gestern Abend - eType Virus...
Archiv
Du betrachtest: eType Virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.