Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   eType Virus (https://www.trojaner-board.de/113673-etype-virus.html)

Dittsche182 15.04.2012 14:43
eType Virus
 
Hallo zusammen,

da ihr mir vor 2 Jahren schon einmal hervorragend geholfen habt, wende ich mich heute (leider) wieder an euch, in der Offnung auf wieder gut support!

Gestern Abend habe ich ein Instalationsprogramm ausgeführt (eType) in der Annahme, es handelt sich um ein Codec Programm. Leider etwas naiv an die Sache heran gegangen..

Nun hab ich den PC heute gestartet und es gab eine Fehlermeldung beim Starten (hab ich leider nicht mehr parat). Es dauerte sehr lange, bis der Rechner mit dem Hochfahren fertig war. Mir kam das etwas spanisch vor. Zunächst habe ich das Programm eType über Windows Software entfernt. Das dauerte ziemlich lang und am Ende waren die Sympole noch auf dem Desktop. Ich wurde stutzig und habe im Netz gelesen, dass mit diesem Programm Viren (allg. Probleme) aufgetreten sind. Einen Neustart habe ich daher erstmal verhindert und wurde gleich aktiv.

Folgende Dinge habe ich bisher getan:

1. Maleware Antibytes herunter geladen und nach der empfohlenen Vorgehensweise ausgeführt (es gab Funde)
2. SuperAntiSpyware herunter geladen und nach der empfohlenen Vorgehensweise ausgeführt (es gab viele Funde, die bisher nur im Ergebnis feststehen; weitere Aktionen habe ich noch nicht durchgeführt).

Ich würde mich freuen, wenn Ihr mir wieder helfen könnt.

Gruß, Dittsche

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.15.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Peter Lustig :: PETER-6X2VGMUVQ [Administrator]

15.04.2012 09:24:45
mbam-log-2012-04-15 (11-19-22).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 288637
Laufzeit: 1 Stunde(n), 53 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUpdaterService\ibsvc.exe (PUP.BundleInstaller.IB) -> 772 -> Keine Aktion durchgeführt.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUpdaterService\ibsvc.exe (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt.
C:\RECYCLER\S-1-5-21-1085031214-1482476501-725345543-1003\Dc20.exe (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt.
C:\RECYCLER\S-1-5-21-1085031214-1482476501-725345543-1003\Dc21.exe (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt.

(Ende)




SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 04/15/2012 at 03:09 PM

Application Version : 5.0.1146

Core Rules Database Version : 8458
Trace Rules Database Version: 6270

Scan type : Complete Scan
Total Scan Time : 02:30:32

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 631
Memory threats detected : 0
Registry items scanned : 34713
Registry threats detected : 20
File items scanned : 98937
File threats detected : 602

PUP.bProtector
HKU\S-1-5-21-1085031214-1482476501-725345543-1003\Software\Microsoft\Internet Explorer\Main#bProtector Start Page [ hxxp://search.etype.com/?smart=1 ]
HKU\S-1-5-21-1085031214-1482476501-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes#bProtectorDefaultScope [ {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} ]
HKLM\System\CurrentControlSet\Services\bProtector
HKLM\System\CurrentControlSet\Services\bProtector#Type
HKLM\System\CurrentControlSet\Services\bProtector#Start
HKLM\System\CurrentControlSet\Services\bProtector#ErrorControl
HKLM\System\CurrentControlSet\Services\bProtector#ImagePath
HKLM\System\CurrentControlSet\Services\bProtector#DisplayName
HKLM\System\CurrentControlSet\Services\bProtector#ObjectName
HKLM\System\CurrentControlSet\Services\bProtector#Description
HKLM\System\CurrentControlSet\Services\bProtector#FailureActions
HKLM\System\CurrentControlSet\Services\bProtector\Security
HKLM\System\CurrentControlSet\Services\bProtector\Security#Security
HKLM\System\CurrentControlSet\Services\bProtector\Enum
HKLM\System\CurrentControlSet\Services\bProtector\Enum#0
HKLM\System\CurrentControlSet\Services\bProtector\Enum#Count
HKLM\System\CurrentControlSet\Services\bProtector\Enum#NextInstance
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}#DisplayName
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}#UninstallString

Adware.Tracking Cookie
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\peter lustig@adx.chip[1].txt [ /adx.chip ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\ZZTTCVUN.txt [ /ad3.adfarm1.adition.com ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\Y8KRQDN0.txt [ /dyntracker.com ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\HFKMKVAD.txt [ /unitymedia.de ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\X3PSHJBN.txt [ /revsci.net ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\1OQI6ERQ.txt [ /ad2.adfarm1.adition.com ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\O47UG7VA.txt [ /adfarm1.adition.com ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\8X55YX91.txt [ /ad.adserver01.de ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\28KY2RFY.txt [ /server.adform.net ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\C8HDJDGX.txt [ /adform.net ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\CV6KNIDI.txt [ /adviva.net ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\Q5NCD9SE.txt [ /atdmt.com ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\2FZ916WP.txt [ /ad.ad-srv.net ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\O3AEJX76.txt [ /webmasterplan.com ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\1111PQIP.txt [ /zanox.com ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\APLOD55B.txt [ /tracking.quisma.com ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\TV92887I.txt [ /tracking.mindshare.de ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\QM870OZ4.txt [ /doubleclick.net ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\8D2327JY.txt [ /www.zanox-affiliate.de ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\8L4TBRPZ.txt [ /de.sitestat.com ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\UKZGPCAI.txt [ /invitemedia.com ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\ZN5XAIXW.txt [ /questionmarket.com ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\2N7L646Z.txt [ /collective-media.net ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\AMI4PHB9.txt [ /tracking.mlsat02.de ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\VHCHT84R.txt [ /imrworldwide.com ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\CZP4GU5Y.txt [ /serving-sys.com ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\A9211FZP.txt [ /ad1.adfarm1.adition.com ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\5I7NNJ94.txt [ /adfarm1.adition.com ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\D5Z9581T.txt [ /smartadserver.com ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\65LJ0Z10.txt [ /fastclick.net ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\W169TMR5.txt [ /ad4.adfarm1.adition.com ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\MAM2G402.txt [ /specificclick.net ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\Y12IRT5U.txt [ /eyewonder.com ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\JGAGWC8N.txt [ /mediaplex.com ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\UROSQ8ME.txt [ /tribalfusion.com ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\MANQKQMJ.txt [ /track.adform.net ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\TWIXEUXI.txt [ /ad.adc-serv.net ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\B1WHSIAR.txt [ /ad2.adfarm1.adition.com ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\24WW66ZP.txt [ /tradedoubler.com ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\7XSH560H.txt [ /bs.serving-sys.com ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\4CT1Y9GN.txt [ /c.atdmt.com ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\Y34JM19M.txt [ /apmebf.com ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\D8Y7554C.txt [ /ad.yieldmanager.com ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\USLFM48I.txt [ /traffictrack.de ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\86IS672L.txt [ /ads.creative-serving.com ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\DICJEA6J.txt [ /adtech.de ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\CBOGKLAI.txt [ /www.traffective-tracking.net ]
C:\Dokumente und Einstellungen\Peter Lustig\Cookies\AM41019H.txt [ /zanox-affiliate.de ]

Wäre nett, wenn mir jemand weiter helfen könnte .-)

* Hoch! * :confused:

21.05 Uhr: Ich habe nun die schädlichen Datein entfernt und neu starten müssen.

Wieder Fehlermeldung beim Starten, das nicht auf den Speicher zugriffen werden konnte.

Der Clou: Ich bekomme nun eine Meldung, das eType fertig installiert ist..

Bitte um hilfe!

cosinus 15.04.2012 20:21
Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Dittsche182 15.04.2012 21:09
Hallo Arne,

vielen Dank für deine Unterstützung! Ich melde mich, sobald der Suchlauf durch ist. Zieht sich leider etwas.

Bis später!

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=1dcb8dec78bb494d9df07f6a14101216
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-15 09:25:21
# local_time=2012-04-15 11:25:21 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1792 16777191 100 0 14101068 14101068 0 0
# compatibility_mode=8192 67108863 100 0 254 254 0 0
# scanned=93621
# found=7
# cleaned=0
# scan_time=6056
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\bProtector\bProtect.exe a variant of Win32/bProtector application (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUpdaterService\ibsvc.exe a variant of Win32/InstallBrain application (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\Peter Lustig\Lokale Einstellungen\Temporary Internet Files\Content.IE5\5UTYTPOZ\SetupDataMngr_Searchqu[1].exe a variant of Win32/Toolbar.SearchSuite application (unable to clean) 00000000000000000000000000000000 I
C:\RECYCLER\S-1-5-21-1085031214-1482476501-725345543-1003\Dc20.exe a variant of Win32/InstallBrain application (unable to clean) 00000000000000000000000000000000 I
C:\RECYCLER\S-1-5-21-1085031214-1482476501-725345543-1003\Dc21.exe a variant of Win32/InstallBrain application (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\protector.dll a variant of Win32/bProtector application (unable to clean) 00000000000000000000000000000000 I
${Memory} multiple threats 00000000000000000000000000000000 I

Eingabe: 23.49 Uhr

7.10 Uhr: Beim Neustart wieder die gleichen Probleme. Fehlermedlung beim Starten, dass nicht auf den Speicher zugegriffen werden kann. Außerdem wird mitgeteilt, das eType fertig ist und "downloding extending eType".:kaffee:

cosinus 16.04.2012 10:54
Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log



CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Dittsche182 16.04.2012 16:22
Bitteschön

Code:
OTL logfile created on: 16.04.2012 17:03:12 - Run 1
OTL by OldTimer - Version 3.2.39.2    Folder = C:\Dokumente und Einstellungen\Peter Lustig\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,50 Gb Available Physical Memory | 83,48% Memory free
4,83 Gb Paging File | 4,12 Gb Available in Paging File | 85,30% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 128,00 Gb Total Space | 100,96 Gb Free Space | 78,88% Space Free | Partition Type: NTFS
Drive Z: | 468,17 Gb Total Space | 362,91 Gb Free Space | 77,52% Space Free | Partition Type: NTFS
 
Computer Name: PETER-6X2VGMUVQ | User Name: Peter Lustig | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.04.16 17:00:24 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\OTL.exe
PRC - [2012.04.15 00:31:07 | 002,167,664 | ---- | M] (DSNR Media Innovations) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype\eTypeUpdate.exe
PRC - [2012.04.15 00:30:39 | 002,927,984 | ---- | M] (DSNR Media Innovations) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype\eType.exe
PRC - [2012.04.15 00:28:51 | 000,342,968 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUpdaterService\ibsvc.exe
PRC - [2012.03.07 23:27:25 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012.02.26 17:01:44 | 000,295,728 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe
PRC - [2012.02.16 16:29:02 | 000,114,992 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Programme\SweetIM\Messenger\SweetIM.exe
PRC - [2012.01.18 15:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2011.10.19 17:56:15 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.19 17:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.19 17:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.19 17:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe
PRC - [2011.07.20 08:55:02 | 000,247,872 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
PRC - [2009.04.30 13:23:26 | 000,090,112 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2009.04.08 21:49:30 | 000,344,064 | R--- | M] (AVerMedia) -- C:\Programme\Gemeinsame Dateien\AVerMedia\Service\AVerRemote.exe
PRC - [2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.07.05 16:05:04 | 000,065,536 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2007.07.05 16:04:18 | 000,114,688 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2007.07.05 16:03:32 | 000,184,320 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2007.07.05 15:58:40 | 000,413,696 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2007.07.05 15:51:48 | 000,126,976 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2007.07.05 12:07:42 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe
PRC - [2007.04.09 20:03:00 | 000,058,416 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2007.03.09 07:49:42 | 000,066,176 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2007.03.08 06:16:48 | 000,073,776 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2007.02.27 18:43:30 | 000,561,213 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe
PRC - [2007.02.27 18:41:50 | 001,409,108 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\BTStackServer.exe
PRC - [2007.02.27 18:35:04 | 000,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2007.01.08 14:48:58 | 000,026,152 | ---- | M] (BVRP) -- C:\Programme\NetWaiting\NetWaiting.exe
PRC - [2006.09.06 09:39:10 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe
PRC - [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.04.16 15:47:29 | 000,065,024 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012.04.16 15:47:29 | 000,052,736 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012.04.15 12:32:49 | 000,117,760 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012.04.15 12:32:49 | 000,052,224 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012.04.15 00:29:23 | 000,793,080 | ---- | M] () -- C:\WINDOWS\system32\protector.dll
MOD - [2012.04.15 00:28:51 | 000,342,968 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUpdaterService\ibsvc.exe
MOD - [2011.10.19 17:56:03 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011.07.20 08:55:02 | 000,247,872 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
MOD - [2010.04.13 18:45:44 | 000,109,464 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype\MyZip.dll
MOD - [2009.09.03 14:25:44 | 000,053,248 | R--- | M] () -- C:\Programme\Gemeinsame Dateien\AVerMedia\dll\MsgLog.dll
MOD - [2009.04.30 13:23:26 | 000,090,112 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
MOD - [2009.03.02 13:02:52 | 000,026,624 | ---- | M] () -- C:\WINDOWS\system32\ssp4ml3.dll
MOD - [2008.04.14 08:52:18 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007.09.05 18:18:00 | 000,073,728 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\PWRMGRIF.DLL
MOD - [2007.09.05 18:18:00 | 000,049,152 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\GR\PWRMGRRT.DLL
MOD - [2007.04.09 20:03:00 | 000,235,056 | ---- | M] () -- C:\Programme\Lenovo\NPDIRECT\tpfnf7.dll
MOD - [2007.02.27 18:48:38 | 002,842,624 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2007.02.27 18:45:10 | 000,053,248 | ---- | M] () -- C:\Programme\ThinkPad\Bluetooth Software\BTKeyInd.dll
MOD - [2007.01.25 08:25:52 | 000,069,720 | ---- | M] () -- C:\Programme\Lenovo\HOTKEY\HKVOLKEY.dll
MOD - [2006.12.14 04:06:42 | 000,028,672 | ---- | M] () -- C:\Programme\Lenovo\HOTKEY\tphklock.dll
MOD - [2006.11.10 06:26:02 | 000,030,256 | ---- | M] () -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012.04.15 00:28:51 | 000,342,968 | ---- | M] () [Auto | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUpdaterService\ibsvc.exe -- (IBUpdaterService)
SRV - [2012.04.14 20:27:10 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011.10.19 17:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.19 17:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011.07.20 08:55:02 | 000,247,872 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009.10.09 21:11:19 | 000,389,120 | R--- | M] () [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\AVerMedia\Service\AVerScheduleService.exe -- (AVerScheduleService)
SRV - [2009.04.30 13:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2009.04.08 21:49:30 | 000,344,064 | R--- | M] (AVerMedia) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\AVerMedia\Service\AVerRemote.exe -- (AVerRemote)
SRV - [2007.07.05 16:05:04 | 000,065,536 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2007.07.05 16:03:32 | 000,184,320 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2007.02.27 18:35:04 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2005.08.24 03:29:52 | 000,118,272 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe -- (TUWinStylerThemeSvc)
SRV - [2003.08.11 12:44:16 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)
SRV - [2003.07.28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\SSPORT.sys -- (SSPORT)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\DgiVecp.sys -- (DgiVecp)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012.02.15 16:36:03 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.11.03 19:38:33 | 000,043,488 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2011.10.19 17:56:15 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.19 17:56:15 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.06.17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.10.19 05:26:06 | 000,474,880 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVerAF35.sys -- (AVerAF35)
DRV - [2008.04.14 01:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008.04.13 23:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C)
DRV - [2008.01.09 13:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
DRV - [2007.11.02 15:22:38 | 000,105,896 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217unic.sys -- (s217unic) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM)
DRV - [2007.11.02 15:22:38 | 000,103,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217mgmt.sys -- (s217mgmt) Sony Ericsson Device 217 USB WMC Device Management Drivers (WDM)
DRV - [2007.11.02 15:22:38 | 000,100,008 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217obex.sys -- (s217obex)
DRV - [2007.11.02 15:22:38 | 000,024,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217nd5.sys -- (s217nd5) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS)
DRV - [2007.11.02 15:22:36 | 000,109,992 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217mdm.sys -- (s217mdm)
DRV - [2007.11.02 15:22:36 | 000,083,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217bus.sys -- (s217bus) Sony Ericsson Device 217 driver (WDM)
DRV - [2007.11.02 15:22:36 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217mdfl.sys -- (s217mdfl)
DRV - [2007.09.28 17:29:00 | 000,103,472 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsX86.sys -- (Shockprf)
DRV - [2007.09.28 17:28:00 | 000,019,504 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsHM86.sys -- (TPDIGIMN)
DRV - [2007.09.05 18:18:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2007.05.02 04:34:32 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007.04.29 23:37:20 | 002,206,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
DRV - [2007.04.09 20:03:00 | 000,012,848 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2007.04.02 12:24:08 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2007.02.27 11:02:00 | 000,868,042 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007.01.24 11:33:00 | 000,530,861 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2007.01.24 11:27:00 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006.12.22 04:56:00 | 000,988,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006.12.22 04:56:00 | 000,209,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006.12.22 04:55:00 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006.10.15 08:01:00 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006.10.09 16:00:00 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2005.11.08 10:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/em/
IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = hxxp://search.etype.com/?smart=1&query={searchTerms}
IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?ch_id=em&q={searchTerms}
IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/em/"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.03.19 15:40:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\specialsavings@superfish.com: C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles/u6r1xior.default\extensions\specialsavings@superfish.com [2012.04.15 00:29:53 | 000,000,000 | ---D | M]
 
[2012.03.13 10:24:56 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Extensions
[2012.04.04 13:41:14 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\igmbdxj9.default\extensions
[2012.03.29 20:55:21 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\igmbdxj9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.02.05 20:48:30 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\igmbdxj9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.04.15 09:11:30 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\u6r1xior.default\extensions
[2012.03.29 21:00:30 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\u6r1xior.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.02.15 22:07:53 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\u6r1xior.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2012.02.05 20:48:30 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\u6r1xior.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.03.29 20:55:47 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\u6r1xior.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.04.15 00:29:53 | 000,000,000 | ---D | M] (SpecialSavings) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\u6r1xior.default\extensions\specialsavings@superfish.com
[2011.07.14 20:19:12 | 000,001,024 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\igmbdxj9.default\searchplugins\icqplugin.xml
[2012.03.19 15:40:24 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.11.04 23:52:21 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.03.19 15:40:16 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.09.29 03:24:37 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.29 03:16:42 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.09.29 03:24:37 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.29 03:24:37 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.11 18:03:55 | 000,002,519 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\Search_Results.xml
[2011.09.29 03:24:37 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.29 03:24:37 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.12.31 17:33:07 | 000,000,867 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (eType Toolbar) - {d0230100-3044-43b1-a44e-70dc12fd418c} - C:\Programme\etype\file2linktemplateX.dll File not found
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (eType Toolbar) - {d0230100-3044-43b1-a44e-70dc12fd418c} - C:\Programme\etype\file2linktemplateX.dll File not found
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BLOG] C:\Programme\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPFNF7] C:\Programme\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKU\S-1-5-21-1085031214-1482476501-725345543-1003..\Run: [eType] C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype\eType.exe (DSNR Media Innovations)
O4 - HKU\S-1-5-21-1085031214-1482476501-725345543-1003..\Run: [ModemOnHold] C:\Programme\NetWaiting\NetWaiting.exe (BVRP)
O4 - HKU\S-1-5-21-1085031214-1482476501-725345543-1003..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Bild in &Microsoft PhotoDraw öffnen - C:\Programme\Microsoft Office\Office\1031\PHDINTL.DLL (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Web-Suche - C:\Programme\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html ()
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63CFF96B-91AA-49FC-AC3D-AB1C6A79D748}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BBB0439-F819-4F19-BEF8-D2F9EA109FD9}: DhcpNameServer = 192.168.3.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (protector.dll) - C:\WINDOWS\System32\protector.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Programme\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\ACNotify: DllName - (ACNotify.dll) - C:\Programme\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O20 - Winlogon\Notify\tpfnf2: DllName - (C:\Programme\Lenovo\HOTKEY\notifyf2.dll) - C:\Programme\Lenovo\HOTKEY\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - (C:\Programme\Lenovo\HOTKEY\tphklock.dll) - C:\Programme\Lenovo\HOTKEY\tphklock.dll ()
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.11.03 17:20:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AVer HID Receiver.lnk - C:\Programme\Gemeinsame Dateien\AVerMedia\AVerQuick\AVerHIDReceiver.exe - ()
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AVerQuick.lnk - C:\Programme\Gemeinsame Dateien\AVerMedia\AVerQuick\AVerQuick.exe - (AVerMedia TECHNOLOGIES, Inc.)
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Digital Imaging Monitor.lnk - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^McAfee Security Scan Plus.lnk -  - File not found
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Programme\HP\HP Software Update\HPWuSchd.exe (Hewlett-Packard)
MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: Samsung PanelMgr - hkey= - key= - C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Programme\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
SafeBootMin: !SASCORE - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: !SASCORE - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.ACM (fccHandler)
Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.at3 - C:\WINDOWS\System32\atrac3.acm ()
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\DivXa32.acm (Packed With Joy !)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codec - C:\WINDOWS\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\LameACM.acm (hxxp://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.3ivx - C:\WINDOWS\System32\3ivxVfWCodec.dll (3ivx.com)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIV3 - C:\WINDOWS\System32\DivXc32.dll (Packed with Joy !)
Drivers32: vidc.DIV4 - C:\WINDOWS\System32\DivXc32f.dll (Packed with Joy !)
Drivers32: vidc.divx - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.dx50 - C:\WINDOWS\System32\divx50.dll (DivXNetworks, Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ffdshow.ax ()
Drivers32: vidc.hfyu - C:\WINDOWS\System32\huffyuv.dll (Disappearing Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: vidc.vp60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.wmv3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.16 17:00:12 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\OTL.exe
[2012.04.15 21:40:11 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.04.15 21:38:50 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\esetsmartinstaller_enu.exe
[2012.04.15 18:39:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\bilder_Lobeda_0412
[2012.04.15 12:32:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\SUPERAntiSpyware.com
[2012.04.15 12:31:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
[2012.04.15 12:31:22 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware
[2012.04.15 09:23:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Malwarebytes
[2012.04.15 09:23:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.04.15 09:23:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.04.15 09:23:32 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.04.15 09:23:32 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.04.15 00:30:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Peter Lustig\Startmenü\Programme\eType
[2012.04.15 00:29:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype
[2012.04.15 00:29:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\bProtector
[2012.04.15 00:29:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUpdaterService
[2012.04.04 13:47:05 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoft
[2012.04.02 13:54:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\SunODFPluginforMicrosoftOffice
[2012.04.02 13:41:15 | 000,000,000 | ---D | C] -- C:\Programme\Sun
[2012.03.20 19:47:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Peter Lustig\Lokale Einstellungen\Anwendungsdaten\Identities
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.16 17:00:24 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\OTL.exe
[2012.04.16 16:27:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.04.16 15:45:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.04.16 14:37:36 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2012.04.15 21:38:51 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\esetsmartinstaller_enu.exe
[2012.04.15 21:16:33 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2012.04.15 12:31:28 | 000,001,642 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.04.15 09:23:36 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.04.15 00:29:23 | 000,793,080 | ---- | M] () -- C:\WINDOWS\System32\protector.dll
[2012.04.13 18:01:51 | 000,032,768 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter Lustig\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.04.13 17:15:08 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2012.04.11 16:09:40 | 000,562,026 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.04.11 16:09:40 | 000,534,446 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.04.11 16:09:40 | 000,114,052 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.04.11 16:09:40 | 000,095,006 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.04.11 15:59:58 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.04.04 13:47:25 | 000,001,023 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\Free YouTube to MP3 Converter.lnk
[2012.04.04 13:47:25 | 000,000,906 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\DVDVideoSoft Free Studio.lnk
[2012.04.01 14:58:14 | 053,364,412 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\Die stählerne Zeit - Das Reich des Stahlbarons 2_3.mp4
[2012.04.01 14:57:14 | 042,508,024 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\Die stählerne Zeit - Das Reich des Stahlbarons 3_3.mp4
[2012.04.01 14:56:46 | 054,958,069 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\Die stählerne Zeit - Das Reich des Stahlbarons 1_3.mp4
[2012.03.30 22:46:16 | 000,000,064 | ---- | M] () -- C:\WINDOWS\AVerText.ini
[2012.03.28 17:28:08 | 000,002,451 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\Microsoft Office Picture Manager.lnk
[2012.03.26 14:21:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.04.15 12:31:28 | 000,001,642 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.04.15 09:23:36 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.04.15 00:29:23 | 000,793,080 | ---- | C] () -- C:\WINDOWS\System32\protector.dll
[2012.04.02 13:52:19 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.04.01 14:57:05 | 053,364,412 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\Die stählerne Zeit - Das Reich des Stahlbarons 2_3.mp4
[2012.04.01 14:56:08 | 042,508,024 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\Die stählerne Zeit - Das Reich des Stahlbarons 3_3.mp4
[2012.04.01 14:55:30 | 054,958,069 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\Die stählerne Zeit - Das Reich des Stahlbarons 1_3.mp4
[2012.02.15 07:16:34 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.11.21 18:30:38 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.11.13 14:55:03 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2011.11.04 13:07:59 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4860.dll
[2011.11.04 13:07:58 | 000,910,464 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2011.11.04 13:04:36 | 000,016,384 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE
[2011.11.04 13:04:35 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2011.11.04 13:00:33 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2011.11.04 12:57:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2011.11.03 20:01:21 | 000,000,064 | ---- | C] () -- C:\WINDOWS\AVerText.ini
[2011.11.03 19:53:39 | 000,000,145 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter Lustig\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2011.11.03 19:27:15 | 000,034,480 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat
[2011.11.03 19:27:15 | 000,028,721 | ---- | C] () -- C:\WINDOWS\hpoins03.dat
[2011.11.03 19:04:35 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2011.11.03 19:03:15 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\AVerIO.dll
[2011.11.03 19:03:15 | 000,003,456 | R--- | C] () -- C:\WINDOWS\System32\AVerIO.sys
[2011.11.03 19:03:00 | 000,598,016 | R--- | C] () -- C:\WINDOWS\System32\sptlib21.dll
[2011.11.03 19:03:00 | 000,307,200 | R--- | C] () -- C:\WINDOWS\System32\sptlib01.dll
[2011.11.03 19:03:00 | 000,294,912 | R--- | C] () -- C:\WINDOWS\System32\sptlib11.dll
[2011.11.03 19:03:00 | 000,290,816 | R--- | C] () -- C:\WINDOWS\System32\sptlib22.dll
[2011.11.03 19:03:00 | 000,249,856 | R--- | C] () -- C:\WINDOWS\System32\sptlib03.dll
[2011.11.03 19:03:00 | 000,225,280 | R--- | C] () -- C:\WINDOWS\System32\sptlib02.dll
[2011.11.03 19:03:00 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\sptlib12.dll
[2011.11.03 18:59:24 | 000,482,408 | ---- | C] () -- C:\WINDOWS\ssndii.exe
[2011.11.03 18:58:44 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ssp4ml3.dll
[2011.11.03 18:06:29 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011.11.03 17:54:00 | 000,032,768 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter Lustig\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.03 17:22:14 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011.11.03 17:17:05 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011.11.03 17:10:01 | 000,004,335 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011.11.03 17:08:52 | 000,273,376 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
 
========== LOP Check ==========
 
[2011.11.10 15:54:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avanquest
[2012.02.28 16:41:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVerTV
[2012.03.12 08:47:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\boost_interprocess
[2012.04.15 09:27:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\bProtector
[2011.11.10 00:51:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software
[2012.04.15 00:32:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUpdaterService
[2012.03.29 20:55:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2011.11.15 23:07:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MSScanAppDataDir
[2011.11.19 16:14:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Drivers HeadQuarters
[2012.03.29 20:55:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM
[2011.11.05 15:32:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2012.04.04 13:47:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\DVDVideoSoft
[2012.02.05 20:48:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\DVDVideoSoftIEHelpers
[2012.04.16 15:46:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype
[2012.04.15 17:56:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\ICQ
[2011.11.05 15:36:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\TuneUp Software
[2012.04.13 17:15:08 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job
[2012.04.16 14:37:36 | 000,000,314 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.11.05 15:34:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Adobe
[2011.11.04 21:17:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Avira
[2012.02.09 15:54:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\dvdcss
[2012.04.04 13:47:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\DVDVideoSoft
[2012.02.05 20:48:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\DVDVideoSoftIEHelpers
[2012.04.16 15:46:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype
[2012.04.15 17:56:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\ICQ
[2011.11.03 17:24:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Identities
[2011.11.04 13:02:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\InstallShield
[2011.11.04 18:01:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Macromedia
[2012.04.15 09:23:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Malwarebytes
[2011.11.05 00:22:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Media Player Classic
[2012.03.20 19:47:02 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Microsoft
[2011.11.03 20:54:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Microsoft Web Folders
[2011.11.04 21:23:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla
[2012.04.15 23:23:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Skype
[2011.11.19 17:03:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Sun
[2012.04.02 13:54:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\SunODFPluginforMicrosoftOffice
[2012.04.15 12:32:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\SUPERAntiSpyware.com
[2011.11.05 15:36:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\TuneUp Software
[2011.11.10 22:27:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\vlc
[2011.11.05 15:31:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\WinRAR
 
< %APPDATA%\*.exe /s >
[2012.04.15 00:30:39 | 002,927,984 | ---- | M] (DSNR Media Innovations) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype\eType.exe
[2012.04.15 00:31:07 | 002,167,664 | ---- | M] (DSNR Media Innovations) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype\eTypeUpdate.exe
[2011.11.04 13:06:59 | 000,010,134 | R--- | M] () -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Microsoft\Installer\{BBD6BA59-4593-43CC-BBC8-8E53D354AEA4}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2004.08.04 02:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004.08.04 02:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004.08.04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 02:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004.08.04 02:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 08:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 08:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 01:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: IASTOR.SYS  >
[2007.02.12 06:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\DRIVERS\other\iastor.sys
[2007.02.12 06:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\SWTOOLS\DRIVERS\IMSM\iastor.sys
[2007.02.12 06:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINDOWS\system32\drivers\iaStor.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 08:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 08:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 01:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 08:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 08:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 01:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2004.08.04 01:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2008.04.14 08:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 08:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 08:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 08:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 01:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2004.08.04 01:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 08:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 08:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2001.08.18 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2001.08.18 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2011.11.03 18:07:54 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2011.11.03 18:07:54 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2011.11.03 18:07:54 | 000,421,888 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
<          >

< End of report >
Ah. Den hab ich glatt noch übersehen. Sollte nun alles sein.

Code:
OTL Extras logfile created on: 16.04.2012 17:03:12 - Run 1
OTL by OldTimer - Version 3.2.39.2    Folder = C:\Dokumente und Einstellungen\Peter Lustig\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,50 Gb Available Physical Memory | 83,48% Memory free
4,83 Gb Paging File | 4,12 Gb Available in Paging File | 85,30% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 128,00 Gb Total Space | 100,96 Gb Free Space | 78,88% Space Free | Partition Type: NTFS
Drive Z: | 468,17 Gb Total Space | 362,91 Gb Free Space | 77,52% Space Free | Partition Type: NTFS
 
Computer Name: PETER-6X2VGMUVQ | User Name: Peter Lustig | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_USERS\S-1-5-21-1085031214-1482476501-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\ICQ7.6\ICQ.exe" = C:\Programme\ICQ7.6\ICQ.exe:*:Enabled:ICQ7.6 -- (ICQ, LLC.)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\ICQ7.6\ICQ.exe" = C:\Programme\ICQ7.6\ICQ.exe:*:Enabled:ICQ7.6 -- (ICQ, LLC.)
"C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe" = C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe:*:Enabled:SweetPacksUpdateManager -- (SweetIM Technologies Ltd.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{092eeeee-9fdd-4895-a568-0818c96beb6c}" = AiO_Scan
"{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}" = SweetIM for Messenger 3.6
"{0e4a0db5-801d-489e-85c0-6c3f96335d20}" = 1300Trb
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad-Dienstprogramm 'EasyEject'
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
"{2F1FD032-67D1-4569-923F-47EAF132BF0F}" = DocProc
"{2F603A45-D956-496B-81B5-50D782424976}" = SweetPacks Toolbar for Internet Explorer 4.4
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.012.00
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C5EA394-1031-11D2-A2CB-00C04F72F31D}" = Microsoft PhotoDraw 2000 V2
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FB6F304-A91D-4919-98E5-D96E074EA9E5}" = SkinsHP1
"{54e854d5-d5d4-452d-9c75-b39f5625b5fb}" = Readme
"{5ADF6293-D60F-4425-AFA7-CEB820DB872B}" = QuickProjects
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Präsentationsdirektor
"{6dc18d50-8cc3-4dea-a666-ea6f01907663}" = 1300
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{829698DE-9EAC-475E-9A05-B7BA807CA1EF}" = Director
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{868D7896-99D4-4513-BC62-2B3AD3E24926}" = TuneUp Utilities 2006
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{939227BD-19D8-4684-8A04-31AC9F6A564C}" = Scan
"{9F4EEA0C-7174-4BD3-89AF-7AB2F9F6AEDD}" = hpmdtab
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Energie-Manager
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A363B66C-1547-47bf-90F0-3834E70A841A}" = CreativeProjects
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{b17cf867-a4e5-41ba-a646-50f237810eca}" = 1300_Help
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{bb6cac2a-1fa0-471a-bc3c-ade699c39f3c}" = Fax
"{BBD6BA59-4593-43CC-BBC8-8E53D354AEA4}" = Atmel TPM Driver Installer 3.0.3.15
"{BD136CE7-6666-4273-A056-8D92F8625AAB}" = Sun ODF Plugin for Microsoft Office 3.2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{c330461f-c4a9-4fc7-af5d-c158e0b56aa7}" = AiOSoftware
"{C38BC5B7-62D3-4880-82DD-A4803FD81921}" = PhotoGallery
"{c46485b1-6527-4937-9dc0-29bb5d5613fe}" = 1300Tour
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC0A24CB-87C9-4F1C-A1F2-F87D8D4DDCAF}" = HP Software Update
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE4F8FFB-4063-4247-9F14-ECE61AFEFA25}" = TrayApp
"{CFD1B282-555D-494d-8231-4175C2AF08C2}" = PrintScreen
"{D1D8C9C4-89BE-4f37-9EC4-B80E3C239C41}" = Copy
"{D545BB81-DEB0-49f7-BE26-197BC31AAF57}" = SkinsHP2
"{D728E945-256D-4477-B377-6BBA693714AC}" = Ergänzung zu Productivity Center für ThinkPad
"{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"{E4ABB302-9D82-4D18-83D5-AD1DFE786AA8}" = Unload
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{ec7d7a6a-31cb-4810-826f-74171bef44f1}" = AIOMinimal
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}" = HP PSC & OfficeJet 3.0
"{FB697452-8CA4-46B4-98B1-165C922A2EF3}" = Update Manager for SweetPacks 1.0
"{FBBF532A-47AC-457d-AC06-0D3163D8911E}" = WebReg
"09DE32C4F7BD75AFC4FD14FE55D82891A5C397E0" = Windows Driver Package - Intel net  (04/30/2007 11.1.1.11)
"6455D19F3BFC2585EA48D0648505F8DA7DAC3629" = Windows Driver Package - Intel (NETw4x32) net  (04/30/2007 11.1.1.11)
"737C4F107F61FFE46CE45CCA503223FBA5BD00FC" = Windows Driver Package - Intel net  (04/30/2007 11.1.1.11)
"A52334752DB8BF051DEADD0BADDDA32C2255FDC0" = Windows Driver Package - Intel (w29n51) net  (04/04/2007 9.0.4.36)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"audcle" = Plus! MP3 Audio Converter LE
"AVerMedia A835 USB TV Tuner" = AVerMedia A835 USB TV Tuner 8.0.0.43
"Avira AntiVir Desktop" = Avira Free Antivirus
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
"Cole2k Media - Codec Pack" = Cole2k Media - Codec Pack (Advanced)
"drmtool.inf" = Personal License Update Wizard for Windows Media Player
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"ESET Online Scanner" = ESET Online Scanner v3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.17.319
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Photo & Imaging" = HP Photo & Imaging 3.1
"ICQToolbar" = ICQ Toolbar
"ie8" = Windows Internet Explorer 8
"InstallShield_{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"mmmusic" = Movie Maker Background Music Files
"mmsounds" = Movie Maker Sound Effects
"mmtitle" = Movie Maker Title Images
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"mplibwiz.inf" = Media Library Management Wizard
"mpxlswiz.inf" = Windows Media Player Playlist Import to Excel Wizard
"mpxptray.inf" = Windows Media Player Tray Control
"OnScreenDisplay" = Anzeige am Bildschirm
"Power Management Driver" = ThinkPad Power Management Driver
"Samsung ML-191x 252x Series" = Wartung Samsung ML-191x 252x Series
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"Updater Service" = Updater Service
"VLC media player" = VLC media player 1.1.11
"wa2wmp" = Windows Media Player Skin Importer
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"WMBK2" = Windows Media Bonus Pack for Windows XP
"XP Codec Pack" = XP Codec Pack
"xp-AntiSpy" = xp-AntiSpy 3.97-11
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1085031214-1482476501-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ActiveSlide Player" = ActiveSlide Player
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 06.12.2011 13:50:46 | Computer Name = PETER-6X2VGMUVQ | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung wiaacmgr.exe, Version 5.1.2600.5512, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 06.12.2011 16:34:47 | Computer Name = PETER-6X2VGMUVQ | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung _isd6.exe, Version 12.0.0.58849, fehlgeschlagenes
 Modul _isd6.exe, Version 12.0.0.58849, Fehleradresse 0x0001e7b9.
 
Error - 06.12.2011 16:38:22 | Computer Name = PETER-6X2VGMUVQ | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung _isd6.exe, Version 12.0.0.58849, fehlgeschlagenes
 Modul _isd6.exe, Version 12.0.0.58849, Fehleradresse 0x0001e7b9.
 
Error - 07.12.2011 14:27:23 | Computer Name = PETER-6X2VGMUVQ | Source = Microsoft Office 11 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Word.
 
Error - 07.12.2011 14:29:31 | Computer Name = PETER-6X2VGMUVQ | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung WINWORD.EXE, Version 11.0.5604.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 12.12.2011 09:14:43 | Computer Name = PETER-6X2VGMUVQ | Source = Avira Antivirus | ID = 4118
Description = AUSNAHMEFEHLER beim Aufruf der Funktion AVEPROC_InitEngine() für die
 Datei  unknown.  [ACCESS_VIOLATION Exception!! EIP = 0xd461bc]  Bitte Avira informieren
 und die obige Datei übersenden!
 
Error - 11.01.2012 09:38:40 | Computer Name = PETER-6X2VGMUVQ | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
 - Tried to start a service that wasn't the latest version of CLR Optimization service.
 Will shutdown
 
Error - 14.01.2012 15:52:39 | Computer Name = PETER-6X2VGMUVQ | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung vlc.exe, Version 1.1.11.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 30.01.2012 09:42:09 | Computer Name = PETER-6X2VGMUVQ | Source = Avira Antivirus | ID = 4118
Description = AUSNAHMEFEHLER beim Aufruf der Funktion AVEPROC_InitEngine() für die
 Datei  unknown.  [ACCESS_VIOLATION Exception!! EIP = 0xd461bc]  Bitte Avira informieren
 und die obige Datei übersenden!
 
Error - 09.02.2012 09:02:19 | Computer Name = PETER-6X2VGMUVQ | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung rundll32.exe, Version 5.1.2600.5512, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
[ System Events ]
Error - 16.04.2012 01:05:39 | Computer Name = PETER-6X2VGMUVQ | Source = Service Control Manager | ID = 7022
Description = Der Dienst "AVerScheduleService" wurde nicht ordnungsgemäß gestartet.
 
Error - 16.04.2012 01:05:39 | Computer Name = PETER-6X2VGMUVQ | Source = Service Control Manager | ID = 7034
Description = Dienst "AVerScheduleService" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 16.04.2012 07:08:36 | Computer Name = PETER-6X2VGMUVQ | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%2
 
Error - 16.04.2012 07:08:36 | Computer Name = PETER-6X2VGMUVQ | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%2
 
Error - 16.04.2012 07:10:11 | Computer Name = PETER-6X2VGMUVQ | Source = Service Control Manager | ID = 7022
Description = Der Dienst "AVerScheduleService" wurde nicht ordnungsgemäß gestartet.
 
Error - 16.04.2012 07:10:12 | Computer Name = PETER-6X2VGMUVQ | Source = Service Control Manager | ID = 7034
Description = Dienst "AVerScheduleService" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 16.04.2012 09:45:34 | Computer Name = PETER-6X2VGMUVQ | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%2
 
Error - 16.04.2012 09:45:34 | Computer Name = PETER-6X2VGMUVQ | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%2
 
Error - 16.04.2012 09:47:07 | Computer Name = PETER-6X2VGMUVQ | Source = Service Control Manager | ID = 7022
Description = Der Dienst "AVerScheduleService" wurde nicht ordnungsgemäß gestartet.
 
Error - 16.04.2012 09:47:08 | Computer Name = PETER-6X2VGMUVQ | Source = Service Control Manager | ID = 7034
Description = Dienst "AVerScheduleService" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
 
< End of report >

cosinus 16.04.2012 19:28
Zitat:
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (eType Toolbar) - {d0230100-3044-43b1-a44e-70dc12fd418c} - C:\Programme\etype\file2linktemplateX.dll File not found
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

Deinstalliere über Systemsteuerung unter Software bzw. Programme und Funktionen alles wo Toolbar zu sehen ist. Bei zukünftigen Programminstallation immer die benutzerdefinierte Methode anklicken, damit man bei der Installation mögliche Toolbars abwählen kann.
Deinstalliere bei der Gelegenheit auch alle anderen unnötigen Programme über die Systemsteuerung.

Mach danach bitte wieder ein neues OTL-Log

Dittsche182 16.04.2012 19:52
Vielen Dank! OTL läuft nun unter deinem obigen Vorgehen. Ich sende dann alles, sobald es durch ist.

Was mich jedoch noch sehr wundert ist, das eType sich bei jedem Start wieder meldet, obwohl es eigentlich deinstalliert wurde? Evtl. hast du da eine Idee? :confused:

Bis später!

21.15 Uhr: Ich hoffe ich habe alles gelöscht! Anbei der neue Suchlauf:

Code:
OTL logfile created on: 16.04.2012 20:49:47 - Run 2
OTL by OldTimer - Version 3.2.39.2    Folder = C:\Dokumente und Einstellungen\Peter Lustig\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 65,86% Memory free
4,83 Gb Paging File | 3,65 Gb Available in Paging File | 75,47% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 128,00 Gb Total Space | 100,88 Gb Free Space | 78,82% Space Free | Partition Type: NTFS
Drive Z: | 468,17 Gb Total Space | 362,91 Gb Free Space | 77,52% Space Free | Partition Type: NTFS
 
Computer Name: PETER-6X2VGMUVQ | User Name: Peter Lustig | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.04.16 17:00:24 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\OTL.exe
PRC - [2012.04.15 00:31:07 | 002,167,664 | ---- | M] (DSNR Media Innovations) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype\eTypeUpdate.exe
PRC - [2012.04.15 00:30:39 | 002,927,984 | ---- | M] (DSNR Media Innovations) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype\eType.exe
PRC - [2012.04.15 00:28:51 | 000,342,968 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUpdaterService\ibsvc.exe
PRC - [2012.03.19 15:40:16 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.03.07 23:27:25 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012.02.26 17:01:44 | 000,295,728 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe
PRC - [2012.02.16 16:29:02 | 000,114,992 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Programme\SweetIM\Messenger\SweetIM.exe
PRC - [2012.01.18 15:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2011.10.19 17:56:15 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.19 17:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.19 17:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.19 17:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe
PRC - [2009.10.09 21:11:19 | 000,389,120 | R--- | M] () -- C:\Programme\Gemeinsame Dateien\AVerMedia\Service\AVerScheduleService.exe
PRC - [2009.04.30 13:23:26 | 000,090,112 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2009.04.08 21:49:30 | 000,344,064 | R--- | M] (AVerMedia) -- C:\Programme\Gemeinsame Dateien\AVerMedia\Service\AVerRemote.exe
PRC - [2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.07.05 16:05:04 | 000,065,536 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2007.07.05 16:04:18 | 000,114,688 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2007.07.05 16:03:32 | 000,184,320 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2007.07.05 15:58:40 | 000,413,696 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2007.07.05 15:51:48 | 000,126,976 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2007.07.05 12:07:42 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe
PRC - [2007.04.09 20:03:00 | 000,058,416 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2007.03.09 07:49:42 | 000,066,176 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2007.03.08 06:16:48 | 000,073,776 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2007.02.27 18:43:30 | 000,561,213 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe
PRC - [2007.02.27 18:41:50 | 001,409,108 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\BTStackServer.exe
PRC - [2007.02.27 18:35:04 | 000,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2007.01.08 14:48:58 | 000,026,152 | ---- | M] (BVRP) -- C:\Programme\NetWaiting\NetWaiting.exe
PRC - [2006.09.06 09:39:10 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe
PRC - [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.04.16 15:47:29 | 000,065,024 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012.04.16 15:47:29 | 000,052,736 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012.04.15 12:32:49 | 000,117,760 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012.04.15 12:32:49 | 000,052,224 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012.04.15 00:29:23 | 000,793,080 | ---- | M] () -- C:\WINDOWS\system32\protector.dll
MOD - [2012.04.15 00:28:51 | 000,342,968 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUpdaterService\ibsvc.exe
MOD - [2012.04.14 20:27:09 | 008,797,344 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll
MOD - [2012.03.19 15:40:15 | 001,969,080 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.02.14 21:57:36 | 000,085,288 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\u6r1xior.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCoreGecko11.dll
MOD - [2011.10.19 17:56:03 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2010.04.13 18:45:44 | 000,109,464 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype\MyZip.dll
MOD - [2009.10.09 21:11:19 | 000,389,120 | R--- | M] () -- C:\Programme\Gemeinsame Dateien\AVerMedia\Service\AVerScheduleService.exe
MOD - [2009.09.03 14:25:44 | 000,053,248 | R--- | M] () -- C:\Programme\Gemeinsame Dateien\AVerMedia\dll\MsgLog.dll
MOD - [2009.04.30 13:23:26 | 000,090,112 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
MOD - [2009.03.02 13:02:52 | 000,026,624 | ---- | M] () -- C:\WINDOWS\system32\ssp4ml3.dll
MOD - [2008.04.14 08:52:18 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007.09.05 18:18:00 | 000,073,728 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\PWRMGRIF.DLL
MOD - [2007.09.05 18:18:00 | 000,049,152 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\GR\PWRMGRRT.DLL
MOD - [2007.04.09 20:03:00 | 000,235,056 | ---- | M] () -- C:\Programme\Lenovo\NPDIRECT\tpfnf7.dll
MOD - [2007.02.27 18:48:38 | 002,842,624 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2007.02.27 18:45:10 | 000,053,248 | ---- | M] () -- C:\Programme\ThinkPad\Bluetooth Software\BTKeyInd.dll
MOD - [2007.01.25 08:25:52 | 000,069,720 | ---- | M] () -- C:\Programme\Lenovo\HOTKEY\HKVOLKEY.dll
MOD - [2006.12.14 04:06:42 | 000,028,672 | ---- | M] () -- C:\Programme\Lenovo\HOTKEY\tphklock.dll
MOD - [2006.11.10 06:26:02 | 000,030,256 | ---- | M] () -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012.04.15 00:28:51 | 000,342,968 | ---- | M] () [Auto | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUpdaterService\ibsvc.exe -- (IBUpdaterService)
SRV - [2012.04.14 20:27:10 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011.10.19 17:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.19 17:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2009.10.09 21:11:19 | 000,389,120 | R--- | M] () [Auto | Running] -- C:\Programme\Gemeinsame Dateien\AVerMedia\Service\AVerScheduleService.exe -- (AVerScheduleService)
SRV - [2009.04.30 13:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2009.04.08 21:49:30 | 000,344,064 | R--- | M] (AVerMedia) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\AVerMedia\Service\AVerRemote.exe -- (AVerRemote)
SRV - [2007.07.05 16:05:04 | 000,065,536 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2007.07.05 16:03:32 | 000,184,320 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2007.02.27 18:35:04 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2005.08.24 03:29:52 | 000,118,272 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe -- (TUWinStylerThemeSvc)
SRV - [2003.08.11 12:44:16 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)
SRV - [2003.07.28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\SSPORT.sys -- (SSPORT)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\DgiVecp.sys -- (DgiVecp)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012.02.15 16:36:03 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.11.03 19:38:33 | 000,043,488 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2011.10.19 17:56:15 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.19 17:56:15 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.06.17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.10.19 05:26:06 | 000,474,880 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVerAF35.sys -- (AVerAF35)
DRV - [2008.04.14 01:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008.04.13 23:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C)
DRV - [2008.01.09 13:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
DRV - [2007.11.02 15:22:38 | 000,105,896 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217unic.sys -- (s217unic) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM)
DRV - [2007.11.02 15:22:38 | 000,103,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217mgmt.sys -- (s217mgmt) Sony Ericsson Device 217 USB WMC Device Management Drivers (WDM)
DRV - [2007.11.02 15:22:38 | 000,100,008 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217obex.sys -- (s217obex)
DRV - [2007.11.02 15:22:38 | 000,024,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217nd5.sys -- (s217nd5) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS)
DRV - [2007.11.02 15:22:36 | 000,109,992 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217mdm.sys -- (s217mdm)
DRV - [2007.11.02 15:22:36 | 000,083,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217bus.sys -- (s217bus) Sony Ericsson Device 217 driver (WDM)
DRV - [2007.11.02 15:22:36 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217mdfl.sys -- (s217mdfl)
DRV - [2007.09.28 17:29:00 | 000,103,472 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsX86.sys -- (Shockprf)
DRV - [2007.09.28 17:28:00 | 000,019,504 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsHM86.sys -- (TPDIGIMN)
DRV - [2007.09.05 18:18:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2007.05.02 04:34:32 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007.04.29 23:37:20 | 002,206,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
DRV - [2007.04.09 20:03:00 | 000,012,848 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2007.04.02 12:24:08 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2007.02.27 11:02:00 | 000,868,042 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007.01.24 11:33:00 | 000,530,861 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2007.01.24 11:27:00 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006.12.22 04:56:00 | 000,988,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006.12.22 04:56:00 | 000,209,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006.12.22 04:55:00 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006.10.15 08:01:00 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006.10.09 16:00:00 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2005.11.08 10:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/em/
IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\SearchScopes,bProtectorDefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = hxxp://search.etype.com/?smart=1&query={searchTerms}
IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?ch_id=em&q={searchTerms}
IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/em/"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.03.19 15:40:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\specialsavings@superfish.com: C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles/u6r1xior.default\extensions\specialsavings@superfish.com [2012.04.15 00:29:53 | 000,000,000 | ---D | M]
 
[2012.03.13 10:24:56 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Extensions
[2012.04.04 13:41:14 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\igmbdxj9.default\extensions
[2012.03.29 20:55:21 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\igmbdxj9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.02.05 20:48:30 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\igmbdxj9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.04.15 09:11:30 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\u6r1xior.default\extensions
[2012.03.29 21:00:30 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\u6r1xior.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.02.15 22:07:53 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\u6r1xior.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2012.02.05 20:48:30 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\u6r1xior.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.03.29 20:55:47 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\u6r1xior.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.04.15 00:29:53 | 000,000,000 | ---D | M] (SpecialSavings) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\u6r1xior.default\extensions\specialsavings@superfish.com
[2011.07.14 20:19:12 | 000,001,024 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\igmbdxj9.default\searchplugins\icqplugin.xml
[2012.03.19 15:40:24 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.11.04 23:52:21 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.03.19 15:40:16 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.09.29 03:24:37 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.29 03:16:42 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.09.29 03:24:37 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.29 03:24:37 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.11 18:03:55 | 000,002,519 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\Search_Results.xml
[2011.09.29 03:24:37 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.29 03:24:37 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.12.31 17:33:07 | 000,000,867 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (eType Toolbar) - {d0230100-3044-43b1-a44e-70dc12fd418c} - C:\Programme\etype\file2linktemplateX.dll File not found
O3 - HKLM\..\Toolbar: (eType Toolbar) - {d0230100-3044-43b1-a44e-70dc12fd418c} - C:\Programme\etype\file2linktemplateX.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BLOG] C:\Programme\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPFNF7] C:\Programme\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKU\S-1-5-21-1085031214-1482476501-725345543-1003..\Run: [eType] C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype\eType.exe (DSNR Media Innovations)
O4 - HKU\S-1-5-21-1085031214-1482476501-725345543-1003..\Run: [ModemOnHold] C:\Programme\NetWaiting\NetWaiting.exe (BVRP)
O4 - HKU\S-1-5-21-1085031214-1482476501-725345543-1003..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Bild in &Microsoft PhotoDraw öffnen - C:\Programme\Microsoft Office\Office\1031\PHDINTL.DLL (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Web-Suche - C:\Programme\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63CFF96B-91AA-49FC-AC3D-AB1C6A79D748}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BBB0439-F819-4F19-BEF8-D2F9EA109FD9}: DhcpNameServer = 192.168.3.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (protector.dll) - C:\WINDOWS\System32\protector.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Programme\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\ACNotify: DllName - (ACNotify.dll) - C:\Programme\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O20 - Winlogon\Notify\tpfnf2: DllName - (C:\Programme\Lenovo\HOTKEY\notifyf2.dll) - C:\Programme\Lenovo\HOTKEY\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - (C:\Programme\Lenovo\HOTKEY\tphklock.dll) - C:\Programme\Lenovo\HOTKEY\tphklock.dll ()
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.11.03 17:20:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AVer HID Receiver.lnk - C:\Programme\Gemeinsame Dateien\AVerMedia\AVerQuick\AVerHIDReceiver.exe - ()
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AVerQuick.lnk - C:\Programme\Gemeinsame Dateien\AVerMedia\AVerQuick\AVerQuick.exe - (AVerMedia TECHNOLOGIES, Inc.)
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Digital Imaging Monitor.lnk - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^McAfee Security Scan Plus.lnk -  - File not found
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Programme\HP\HP Software Update\HPWuSchd.exe (Hewlett-Packard)
MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: Samsung PanelMgr - hkey= - key= - C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Programme\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
SafeBootMin: !SASCORE - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: !SASCORE - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.ACM (fccHandler)
Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.at3 - C:\WINDOWS\System32\atrac3.acm ()
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\DivXa32.acm (Packed With Joy !)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codec - C:\WINDOWS\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\LameACM.acm (hxxp://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.3ivx - C:\WINDOWS\System32\3ivxVfWCodec.dll (3ivx.com)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIV3 - C:\WINDOWS\System32\DivXc32.dll (Packed with Joy !)
Drivers32: vidc.DIV4 - C:\WINDOWS\System32\DivXc32f.dll (Packed with Joy !)
Drivers32: vidc.divx - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.dx50 - C:\WINDOWS\System32\divx50.dll (DivXNetworks, Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ffdshow.ax ()
Drivers32: vidc.hfyu - C:\WINDOWS\System32\huffyuv.dll (Disappearing Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: vidc.vp60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.wmv3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.16 17:00:12 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\OTL.exe
[2012.04.15 21:40:11 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.04.15 21:38:50 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\esetsmartinstaller_enu.exe
[2012.04.15 18:39:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\bilder_Lobeda_0412
[2012.04.15 12:32:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\SUPERAntiSpyware.com
[2012.04.15 12:31:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
[2012.04.15 12:31:22 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware
[2012.04.15 09:23:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Malwarebytes
[2012.04.15 09:23:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.04.15 09:23:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.04.15 09:23:32 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.04.15 09:23:32 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.04.15 00:30:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Peter Lustig\Startmenü\Programme\eType
[2012.04.15 00:29:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype
[2012.04.15 00:29:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\bProtector
[2012.04.15 00:29:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUpdaterService
[2012.04.04 13:47:05 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoft
[2012.04.02 13:54:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\SunODFPluginforMicrosoftOffice
[2012.04.02 13:41:15 | 000,000,000 | ---D | C] -- C:\Programme\Sun
[2012.03.20 19:47:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Peter Lustig\Lokale Einstellungen\Anwendungsdaten\Identities
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.16 20:27:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.04.16 19:20:39 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2012.04.16 17:00:24 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\OTL.exe
[2012.04.16 15:45:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.04.16 14:37:36 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2012.04.15 21:38:51 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\esetsmartinstaller_enu.exe
[2012.04.15 12:31:28 | 000,001,642 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.04.15 09:23:36 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.04.15 00:29:23 | 000,793,080 | ---- | M] () -- C:\WINDOWS\System32\protector.dll
[2012.04.13 18:01:51 | 000,032,768 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter Lustig\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.04.13 17:15:08 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2012.04.11 16:09:40 | 000,562,026 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.04.11 16:09:40 | 000,534,446 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.04.11 16:09:40 | 000,114,052 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.04.11 16:09:40 | 000,095,006 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.04.11 15:59:58 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.04.04 13:47:25 | 000,001,023 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\Free YouTube to MP3 Converter.lnk
[2012.04.04 13:47:25 | 000,000,906 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\DVDVideoSoft Free Studio.lnk
[2012.04.01 14:58:14 | 053,364,412 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\Die stählerne Zeit - Das Reich des Stahlbarons 2_3.mp4
[2012.04.01 14:57:14 | 042,508,024 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\Die stählerne Zeit - Das Reich des Stahlbarons 3_3.mp4
[2012.04.01 14:56:46 | 054,958,069 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\Die stählerne Zeit - Das Reich des Stahlbarons 1_3.mp4
[2012.03.30 22:46:16 | 000,000,064 | ---- | M] () -- C:\WINDOWS\AVerText.ini
[2012.03.28 17:28:08 | 000,002,451 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\Microsoft Office Picture Manager.lnk
[2012.03.26 14:21:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.04.15 12:31:28 | 000,001,642 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.04.15 09:23:36 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.04.15 00:29:23 | 000,793,080 | ---- | C] () -- C:\WINDOWS\System32\protector.dll
[2012.04.02 13:52:19 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.04.01 14:57:05 | 053,364,412 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\Die stählerne Zeit - Das Reich des Stahlbarons 2_3.mp4
[2012.04.01 14:56:08 | 042,508,024 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\Die stählerne Zeit - Das Reich des Stahlbarons 3_3.mp4
[2012.04.01 14:55:30 | 054,958,069 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter Lustig\Desktop\Die stählerne Zeit - Das Reich des Stahlbarons 1_3.mp4
[2012.02.15 07:16:34 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.11.21 18:30:38 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.11.13 14:55:03 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2011.11.04 13:07:59 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4860.dll
[2011.11.04 13:07:58 | 000,910,464 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2011.11.04 13:04:36 | 000,016,384 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE
[2011.11.04 13:04:35 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2011.11.04 13:00:33 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2011.11.04 12:57:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2011.11.03 20:01:21 | 000,000,064 | ---- | C] () -- C:\WINDOWS\AVerText.ini
[2011.11.03 19:53:39 | 000,000,145 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter Lustig\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2011.11.03 19:27:15 | 000,034,480 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat
[2011.11.03 19:27:15 | 000,028,721 | ---- | C] () -- C:\WINDOWS\hpoins03.dat
[2011.11.03 19:04:35 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2011.11.03 19:03:15 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\AVerIO.dll
[2011.11.03 19:03:15 | 000,003,456 | R--- | C] () -- C:\WINDOWS\System32\AVerIO.sys
[2011.11.03 19:03:00 | 000,598,016 | R--- | C] () -- C:\WINDOWS\System32\sptlib21.dll
[2011.11.03 19:03:00 | 000,307,200 | R--- | C] () -- C:\WINDOWS\System32\sptlib01.dll
[2011.11.03 19:03:00 | 000,294,912 | R--- | C] () -- C:\WINDOWS\System32\sptlib11.dll
[2011.11.03 19:03:00 | 000,290,816 | R--- | C] () -- C:\WINDOWS\System32\sptlib22.dll
[2011.11.03 19:03:00 | 000,249,856 | R--- | C] () -- C:\WINDOWS\System32\sptlib03.dll
[2011.11.03 19:03:00 | 000,225,280 | R--- | C] () -- C:\WINDOWS\System32\sptlib02.dll
[2011.11.03 19:03:00 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\sptlib12.dll
[2011.11.03 18:59:24 | 000,482,408 | ---- | C] () -- C:\WINDOWS\ssndii.exe
[2011.11.03 18:58:44 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ssp4ml3.dll
[2011.11.03 18:06:29 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011.11.03 17:54:00 | 000,032,768 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter Lustig\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.03 17:22:14 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011.11.03 17:17:05 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011.11.03 17:10:01 | 000,004,335 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011.11.03 17:08:52 | 000,273,376 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
 
========== LOP Check ==========
 
[2011.11.10 15:54:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avanquest
[2012.02.28 16:41:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVerTV
[2012.03.12 08:47:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\boost_interprocess
[2012.04.15 09:27:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\bProtector
[2011.11.10 00:51:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software
[2012.04.15 00:32:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUpdaterService
[2012.03.29 20:55:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2011.11.15 23:07:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MSScanAppDataDir
[2011.11.19 16:14:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Drivers HeadQuarters
[2012.04.16 20:46:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM
[2011.11.05 15:32:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2012.04.04 13:47:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\DVDVideoSoft
[2012.02.05 20:48:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\DVDVideoSoftIEHelpers
[2012.04.16 15:46:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype
[2012.04.15 17:56:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\ICQ
[2011.11.05 15:36:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\TuneUp Software
[2012.04.13 17:15:08 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job
[2012.04.16 14:37:36 | 000,000,314 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.11.05 15:34:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Adobe
[2011.11.04 21:17:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Avira
[2012.02.09 15:54:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\dvdcss
[2012.04.04 13:47:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\DVDVideoSoft
[2012.02.05 20:48:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\DVDVideoSoftIEHelpers
[2012.04.16 15:46:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype
[2012.04.15 17:56:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\ICQ
[2011.11.03 17:24:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Identities
[2011.11.04 13:02:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\InstallShield
[2011.11.04 18:01:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Macromedia
[2012.04.15 09:23:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Malwarebytes
[2011.11.05 00:22:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Media Player Classic
[2012.03.20 19:47:02 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Microsoft
[2011.11.03 20:54:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Microsoft Web Folders
[2011.11.04 21:23:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla
[2012.04.16 20:56:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Skype
[2011.11.19 17:03:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Sun
[2012.04.02 13:54:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\SunODFPluginforMicrosoftOffice
[2012.04.15 12:32:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\SUPERAntiSpyware.com
[2011.11.05 15:36:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\TuneUp Software
[2011.11.10 22:27:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\vlc
[2011.11.05 15:31:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\WinRAR
 
< %APPDATA%\*.exe /s >
[2012.04.15 00:30:39 | 002,927,984 | ---- | M] (DSNR Media Innovations) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype\eType.exe
[2012.04.15 00:31:07 | 002,167,664 | ---- | M] (DSNR Media Innovations) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype\eTypeUpdate.exe
[2011.11.04 13:06:59 | 000,010,134 | R--- | M] () -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Microsoft\Installer\{BBD6BA59-4593-43CC-BBC8-8E53D354AEA4}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2004.08.04 02:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004.08.04 02:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004.08.04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 02:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004.08.04 02:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 08:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 08:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 01:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: IASTOR.SYS  >
[2007.02.12 06:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\DRIVERS\other\iastor.sys
[2007.02.12 06:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\SWTOOLS\DRIVERS\IMSM\iastor.sys
[2007.02.12 06:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINDOWS\system32\drivers\iaStor.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 08:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 08:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 01:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 08:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 08:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 01:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2004.08.04 01:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2008.04.14 08:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 08:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 08:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 08:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 01:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2004.08.04 01:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 08:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 08:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2001.08.18 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2001.08.18 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2011.11.03 18:07:54 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2011.11.03 18:07:54 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2011.11.03 18:07:54 | 000,421,888 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
<          >

< End of report >

cosinus 16.04.2012 20:41
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/em/
IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\SearchScopes,bProtectorDefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://search.etype.com/?smart=1&query={searchTerms}
IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?ch_id=em&q={searchTerms}
IE - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
FF - prefs.js..browser.startup.homepage: "http://start.icq.com/em/"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - user.js - File not found
[2012.03.29 20:55:21 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\igmbdxj9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.03.29 21:00:30 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\u6r1xior.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.02.15 22:07:53 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\u6r1xior.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2012.04.15 00:29:53 | 000,000,000 | ---D | M] (SpecialSavings) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\u6r1xior.default\extensions\specialsavings@superfish.com
[2011.07.14 20:19:12 | 000,001,024 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\igmbdxj9.default\searchplugins\icqplugin.xml
[2012.03.11 18:03:55 | 000,002,519 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\Search_Results.xml
O2 - BHO: (eType Toolbar) - {d0230100-3044-43b1-a44e-70dc12fd418c} - C:\Programme\etype\file2linktemplateX.dll File not found
O3 - HKLM\..\Toolbar: (eType Toolbar) - {d0230100-3044-43b1-a44e-70dc12fd418c} - C:\Programme\etype\file2linktemplateX.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-1085031214-1482476501-725345543-1003\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKU\S-1-5-21-1085031214-1482476501-725345543-1003..\Run: [eType] C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype\eType.exe (DSNR Media Innovations)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.11.03 17:20:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
[2012.04.16 15:46:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype
[2012.04.15 00:30:39 | 002,927,984 | ---- | M] (DSNR Media Innovations) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype\eType.exe
[2012.04.15 00:31:07 | 002,167,664 | ---- | M] (DSNR Media Innovations) -- C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype\eTypeUpdate.exe
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Dittsche182 16.04.2012 22:25
23.22 Uhr: OTL ist abgestürzt. Folgende Meldung erschien: "Cannot create file c:\WINDOWS\SYSTEM32\drivers\etc\Hots.

Dennoch: Immerhin kam die Meldung von eType nicht mehr. Am Anfang des Start jedoch immer noch die alte Fehlermeldung.

cosinus 17.04.2012 11:42
Wiederhol den Fix im abgesicherten Modus bitte

Dittsche182 17.04.2012 17:21
Nun hat es geklappt. Beim Neustarten durch OTL kam allerdings leider wieder die Fehlermeldung.

Hier die Log-Datei:

Code:

All processes killed
========== OTL ==========
HKU\S-1-5-21-1085031214-1482476501-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1085031214-1482476501-725345543-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
HKEY_USERS\S-1-5-21-1085031214-1482476501-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-21-1085031214-1482476501-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1085031214-1482476501-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1085031214-1482476501-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ not found.
Registry key HKEY_USERS\S-1-5-21-1085031214-1482476501-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_USERS\S-1-5-21-1085031214-1482476501-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Prefs.js: "hxxp://start.icq.com/em/" removed from browser.startup.homepage
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Folder C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\igmbdxj9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\ not found.
Folder C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\u6r1xior.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\ not found.
Folder C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\u6r1xior.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
Folder C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\u6r1xior.default\extensions\specialsavings@superfish.com\ not found.
File C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\igmbdxj9.default\searchplugins\icqplugin.xml not found.
File C:\Programme\mozilla firefox\searchplugins\Search_Results.xml not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d0230100-3044-43b1-a44e-70dc12fd418c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0230100-3044-43b1-a44e-70dc12fd418c}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{d0230100-3044-43b1-a44e-70dc12fd418c} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0230100-3044-43b1-a44e-70dc12fd418c}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 not found.
Registry value HKEY_USERS\S-1-5-21-1085031214-1482476501-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_USERS\S-1-5-21-1085031214-1482476501-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\eType not found.
File C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype\eType.exe not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\AUTOEXEC.BAT not found.
Folder C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype\ not found.
File C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype\eType.exe not found.
File C:\Dokumente und Einstellungen\Peter Lustig\Anwendungsdaten\etype\eTypeUpdate.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Peter Lustig
->Temp folder emptied: 187856 bytes
->Temporary Internet Files folder emptied: 859602 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 177013301 bytes
->Flash cache emptied: 1358 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 190464 bytes
 
Total Files Cleaned = 170,00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
 
User: All Users
 
User: Default User
 
User: LocalService
 
User: NetworkService
 
User: Peter Lustig
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.39.2 log created on 04172012_181150

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus 17.04.2012 18:53
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Dittsche182 17.04.2012 19:15
Danke! Anbei die Log-Datei:

Code:
20:07:22.0781 3552        TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
20:07:22.0859 3552        ============================================================
20:07:22.0859 3552        Current date / time: 2012/04/17 20:07:22.0859
20:07:22.0859 3552        SystemInfo:
20:07:22.0859 3552       
20:07:22.0859 3552        OS Version: 5.1.2600 ServicePack: 3.0
20:07:22.0859 3552        Product type: Workstation
20:07:22.0859 3552        ComputerName: PETER-6X2VGMUVQ
20:07:22.0859 3552        UserName: Peter Lustig
20:07:22.0859 3552        Windows directory: C:\WINDOWS
20:07:22.0859 3552        System windows directory: C:\WINDOWS
20:07:22.0859 3552        Processor architecture: Intel x86
20:07:22.0859 3552        Number of processors: 2
20:07:22.0859 3552        Page size: 0x1000
20:07:22.0859 3552        Boot type: Normal boot
20:07:22.0859 3552        ============================================================
20:07:24.0687 3552        Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x14301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
20:07:24.0687 3552        \Device\Harddisk0\DR0:
20:07:24.0687 3552        MBR used
20:07:24.0687 3552        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xFFFD851
20:07:24.0687 3552        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xFFFD890, BlocksNum 0x3A859280
20:07:24.0765 3552        Initialize success
20:07:24.0765 3552        ============================================================
20:09:01.0250 3984        ============================================================
20:09:01.0250 3984        Scan started
20:09:01.0250 3984        Mode: Manual; SigCheck; TDLFS;
20:09:01.0250 3984        ============================================================
20:09:01.0578 3984        !SASCORE        (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Programme\SUPERAntiSpyware\SASCORE.EXE
20:09:01.0828 3984        !SASCORE - ok
20:09:01.0906 3984        Abiosdsk - ok
20:09:01.0921 3984        abp480n5 - ok
20:09:01.0953 3984        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:09:03.0125 3984        ACPI - ok
20:09:03.0234 3984        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
20:09:03.0437 3984        ACPIEC - ok
20:09:03.0546 3984        AcPrfMgrSvc    (ac83da08b02bc2ac4f9920523275bb0f) C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
20:09:03.0578 3984        AcPrfMgrSvc ( UnsignedFile.Multi.Generic ) - warning
20:09:03.0578 3984        AcPrfMgrSvc - detected UnsignedFile.Multi.Generic (1)
20:09:03.0609 3984        AcSvc          (f0dfcab03cc9c71137d00c17feb08873) C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
20:09:03.0625 3984        AcSvc ( UnsignedFile.Multi.Generic ) - warning
20:09:03.0625 3984        AcSvc - detected UnsignedFile.Multi.Generic (1)
20:09:03.0656 3984        ADIHdAudAddService (d537f3d03c6301fefa21f3eee8cc82d8) C:\WINDOWS\system32\drivers\ADIHdAud.sys
20:09:03.0718 3984        ADIHdAudAddService - ok
20:09:03.0765 3984        AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:09:03.0796 3984        AdobeFlashPlayerUpdateSvc - ok
20:09:03.0796 3984        adpu160m - ok
20:09:03.0812 3984        AEAudio        (860df7676869cd8690cb2b23ab6de66a) C:\WINDOWS\system32\drivers\AEAudio.sys
20:09:03.0843 3984        AEAudio - ok
20:09:03.0875 3984        aec            (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:09:04.0093 3984        aec - ok
20:09:04.0156 3984        AFD            (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:09:04.0187 3984        AFD - ok
20:09:04.0218 3984        AFS2K          (c719341a1cf6afd4fa0808ae3d23d6a3) C:\WINDOWS\system32\drivers\AFS2K.sys
20:09:04.0265 3984        AFS2K - ok
20:09:04.0265 3984        Aha154x - ok
20:09:04.0281 3984        aic78u2 - ok
20:09:04.0296 3984        aic78xx - ok
20:09:04.0328 3984        Alerter        (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
20:09:04.0500 3984        Alerter - ok
20:09:04.0531 3984        ALG            (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
20:09:04.0625 3984        ALG - ok
20:09:04.0625 3984        AliIde - ok
20:09:04.0640 3984        amsint - ok
20:09:04.0671 3984        ANC            (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS
20:09:04.0687 3984        ANC ( UnsignedFile.Multi.Generic ) - warning
20:09:04.0687 3984        ANC - detected UnsignedFile.Multi.Generic (1)
20:09:04.0750 3984        AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Programme\Avira\AntiVir Desktop\sched.exe
20:09:04.0781 3984        AntiVirSchedulerService - ok
20:09:04.0812 3984        AntiVirService  (2fe359edeb34efcf42574752f8aebd3f) C:\Programme\Avira\AntiVir Desktop\avguard.exe
20:09:04.0828 3984        AntiVirService - ok
20:09:04.0875 3984        AppMgmt        (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
20:09:05.0015 3984        AppMgmt - ok
20:09:05.0046 3984        Arp1394        (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:09:05.0234 3984        Arp1394 - ok
20:09:05.0250 3984        asc - ok
20:09:05.0250 3984        asc3350p - ok
20:09:05.0265 3984        asc3550 - ok
20:09:05.0390 3984        aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:09:05.0437 3984        aspnet_state - ok
20:09:05.0468 3984        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:09:05.0656 3984        AsyncMac - ok
20:09:05.0687 3984        atapi          (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:09:05.0875 3984        atapi - ok
20:09:05.0890 3984        Atdisk - ok
20:09:05.0937 3984        Atmarpc        (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:09:06.0109 3984        Atmarpc - ok
20:09:06.0140 3984        atmeltpm        (dbf0d7e2df33b469eb55406fea759350) C:\WINDOWS\system32\DRIVERS\atmeltpm.sys
20:09:06.0187 3984        atmeltpm - ok
20:09:06.0218 3984        AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
20:09:06.0390 3984        AudioSrv - ok
20:09:06.0421 3984        audstub        (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:09:06.0609 3984        audstub - ok
20:09:06.0671 3984        AVerAF35        (c143c69e089c7a13520eaf06175b3a3b) C:\WINDOWS\system32\Drivers\AVerAF35.sys
20:09:06.0765 3984        AVerAF35 - ok
20:09:06.0843 3984        AVerRemote      (a33c07f7527fc4cbc664c3137eb7d744) C:\Programme\Gemeinsame Dateien\AVerMedia\Service\AVerRemote.exe
20:09:06.0890 3984        AVerRemote ( UnsignedFile.Multi.Generic ) - warning
20:09:06.0890 3984        AVerRemote - detected UnsignedFile.Multi.Generic (1)
20:09:06.0906 3984        AVerScheduleService (9aebb2d487d9bf4c0f354899d842edd0) C:\Programme\Gemeinsame Dateien\AVerMedia\Service\AVerScheduleService.exe
20:09:06.0968 3984        AVerScheduleService ( UnsignedFile.Multi.Generic ) - warning
20:09:06.0968 3984        AVerScheduleService - detected UnsignedFile.Multi.Generic (1)
20:09:06.0984 3984        avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
20:09:07.0062 3984        avgntflt - ok
20:09:07.0078 3984        avipbb          (13b02b9b969dde270cd7c351203dad3c) C:\WINDOWS\system32\DRIVERS\avipbb.sys
20:09:07.0109 3984        avipbb - ok
20:09:07.0125 3984        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
20:09:07.0140 3984        avkmgr - ok
20:09:07.0156 3984        b57w2k          (66dd574749c38153c6067ebba929befc) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
20:09:07.0203 3984        b57w2k - ok
20:09:07.0265 3984        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:09:07.0437 3984        Beep - ok
20:09:07.0484 3984        BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
20:09:07.0703 3984        BITS - ok
20:09:07.0734 3984        Browser        (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
20:09:07.0921 3984        Browser - ok
20:09:07.0953 3984        btaudio        (3aa4bf555c00c5b87fd48dd7bdbd4e97) C:\WINDOWS\system32\drivers\btaudio.sys
20:09:08.0062 3984        btaudio - ok
20:09:08.0109 3984        BTDriver        (07f0a66cfa550b13ad0674ae09e3cba0) C:\WINDOWS\system32\DRIVERS\btport.sys
20:09:08.0140 3984        BTDriver - ok
20:09:08.0187 3984        BTKRNL          (9da09b5800b9de8336948664e3b9cc94) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
20:09:08.0265 3984        BTKRNL - ok
20:09:08.0375 3984        btwdins        (d14c346d293e6f83cbb55ac641ff941e) C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
20:09:08.0390 3984        btwdins ( UnsignedFile.Multi.Generic ) - warning
20:09:08.0390 3984        btwdins - detected UnsignedFile.Multi.Generic (1)
20:09:08.0421 3984        BTWDNDIS        (b1d350f3f13cf340fce93912d2ba1ebf) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
20:09:08.0515 3984        BTWDNDIS - ok
20:09:08.0531 3984        BTWUSB          (57e91e9925976bbc98984eebaaf1d84c) C:\WINDOWS\system32\Drivers\btwusb.sys
20:09:08.0562 3984        BTWUSB - ok
20:09:08.0593 3984        cbidf2k        (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:09:08.0781 3984        cbidf2k - ok
20:09:08.0828 3984        CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:09:08.0984 3984        CCDECODE - ok
20:09:09.0000 3984        cd20xrnt - ok
20:09:09.0031 3984        Cdaudio        (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:09:09.0218 3984        Cdaudio - ok
20:09:09.0234 3984        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:09:09.0421 3984        Cdfs - ok
20:09:09.0437 3984        Cdrom          (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:09:09.0625 3984        Cdrom - ok
20:09:09.0625 3984        Changer - ok
20:09:09.0656 3984        cisvc          (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\System32\cisvc.exe
20:09:10.0328 3984        cisvc - ok
20:09:10.0343 3984        ClipSrv        (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
20:09:10.0515 3984        ClipSrv - ok
20:09:10.0625 3984        clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:09:10.0687 3984        clr_optimization_v2.0.50727_32 - ok
20:09:10.0734 3984        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:09:10.0750 3984        clr_optimization_v4.0.30319_32 - ok
20:09:10.0781 3984        CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:09:10.0953 3984        CmBatt - ok
20:09:10.0953 3984        CmdIde - ok
20:09:10.0968 3984        Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:09:11.0140 3984        Compbatt - ok
20:09:11.0140 3984        COMSysApp - ok
20:09:11.0156 3984        Cpqarray - ok
20:09:11.0203 3984        CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
20:09:11.0375 3984        CryptSvc - ok
20:09:11.0390 3984        dac2w2k - ok
20:09:11.0406 3984        dac960nt - ok
20:09:11.0453 3984        DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
20:09:11.0609 3984        DcomLaunch - ok
20:09:11.0625 3984        DgiVecp - ok
20:09:11.0640 3984        Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
20:09:11.0828 3984        Dhcp - ok
20:09:11.0859 3984        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:09:12.0031 3984        Disk - ok
20:09:12.0046 3984        dmadmin - ok
20:09:12.0109 3984        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
20:09:12.0328 3984        dmboot - ok
20:09:12.0375 3984        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
20:09:12.0562 3984        dmio - ok
20:09:12.0609 3984        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:09:12.0781 3984        dmload - ok
20:09:12.0812 3984        dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
20:09:13.0000 3984        dmserver - ok
20:09:13.0031 3984        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:09:13.0218 3984        DMusic - ok
20:09:13.0250 3984        Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
20:09:13.0312 3984        Dnscache - ok
20:09:13.0343 3984        Dot3svc        (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
20:09:13.0515 3984        Dot3svc - ok
20:09:13.0531 3984        dpti2o - ok
20:09:13.0531 3984        drmkaud        (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:09:13.0734 3984        drmkaud - ok
20:09:13.0765 3984        EapHost        (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
20:09:13.0937 3984        EapHost - ok
20:09:13.0968 3984        ERSvc          (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
20:09:14.0140 3984        ERSvc - ok
20:09:14.0171 3984        Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
20:09:14.0218 3984        Eventlog - ok
20:09:14.0265 3984        EventSystem    (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\System32\es.dll
20:09:14.0296 3984        EventSystem - ok
20:09:14.0328 3984        Fastfat        (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:09:14.0500 3984        Fastfat - ok
20:09:14.0531 3984        FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
20:09:14.0562 3984        FastUserSwitchingCompatibility - ok
20:09:14.0578 3984        Fdc            (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
20:09:14.0750 3984        Fdc - ok
20:09:14.0765 3984        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
20:09:14.0953 3984        Fips - ok
20:09:14.0953 3984        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
20:09:15.0125 3984        Flpydisk - ok
20:09:15.0171 3984        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:09:15.0343 3984        FltMgr - ok
20:09:15.0453 3984        FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:09:15.0484 3984        FontCache3.0.0.0 - ok
20:09:15.0500 3984        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:09:15.0687 3984        Fs_Rec - ok
20:09:15.0703 3984        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:09:15.0875 3984        Ftdisk - ok
20:09:15.0906 3984        Gpc            (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:09:16.0078 3984        Gpc - ok
20:09:16.0109 3984        HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:09:16.0265 3984        HDAudBus - ok
20:09:16.0343 3984        helpsvc        (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:09:16.0515 3984        helpsvc - ok
20:09:16.0515 3984        HidServ - ok
20:09:16.0562 3984        hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
20:09:16.0734 3984        hkmsvc - ok
20:09:16.0750 3984        hpn - ok
20:09:16.0750 3984        hpt3xx - ok
20:09:16.0796 3984        HPZid412        (287a63bd8509bd78e7978823b38afa81) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
20:09:16.0906 3984        HPZid412 - ok
20:09:16.0921 3984        HPZipr12        (0b4fda2657c3e0315eaa57f9c6d4fd1f) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
20:09:16.0968 3984        HPZipr12 - ok
20:09:17.0000 3984        HPZius12        (29559db25258b60510a60c4e470fce32) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
20:09:17.0078 3984        HPZius12 - ok
20:09:17.0125 3984        HSFHWAZL        (6a5c4732d6803f84e2987edd8e4359ce) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
20:09:17.0171 3984        HSFHWAZL - ok
20:09:17.0203 3984        HSF_DPV        (21c31273c6cc4826e74be8ae3b09d4a8) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
20:09:17.0265 3984        HSF_DPV - ok
20:09:17.0328 3984        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:09:17.0375 3984        HTTP - ok
20:09:17.0406 3984        HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
20:09:17.0578 3984        HTTPFilter - ok
20:09:17.0578 3984        i2omgmt - ok
20:09:17.0593 3984        i2omp - ok
20:09:17.0625 3984        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:09:17.0796 3984        i8042prt - ok
20:09:17.0968 3984        ialm            (06b71441957b48a4866de2fe27cb79c8) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
20:09:18.0234 3984        ialm - ok
20:09:18.0296 3984        iastor          (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\WINDOWS\system32\Drivers\iaStor.sys
20:09:18.0328 3984        iastor - ok
20:09:18.0359 3984        IBMPMDRV        (bf648877413f6160e480814a24942b65) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
20:09:18.0375 3984        IBMPMDRV - ok
20:09:18.0406 3984        IBMPMSVC        (a75ce11915e4ecc5e1597d6e0f7bb2db) C:\WINDOWS\system32\ibmpmsvc.exe
20:09:18.0421 3984        IBMPMSVC - ok
20:09:18.0453 3984        IBMTPCHK        (083d095fed4b01fff9d501b98d50db68) C:\WINDOWS\system32\Drivers\IBMBLDID.sys
20:09:18.0453 3984        IBMTPCHK ( UnsignedFile.Multi.Generic ) - warning
20:09:18.0453 3984        IBMTPCHK - detected UnsignedFile.Multi.Generic (1)
20:09:18.0515 3984        IBUpdaterService (7e22c5fdca42458b8bc6892fec135258) C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUpdaterService\ibsvc.exe
20:09:18.0546 3984        IBUpdaterService - ok
20:09:18.0687 3984        idsvc          (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:09:18.0750 3984        idsvc - ok
20:09:18.0781 3984        Imapi          (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\drivers\Imapi.sys
20:09:18.0968 3984        Imapi - ok
20:09:19.0000 3984        ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\System32\imapi.exe
20:09:19.0156 3984        ImapiService - ok
20:09:19.0187 3984        ini910u - ok
20:09:19.0203 3984        IntelIde - ok
20:09:19.0234 3984        intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:09:19.0421 3984        intelppm - ok
20:09:19.0453 3984        ip6fw          (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:09:19.0640 3984        ip6fw - ok
20:09:19.0671 3984        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:09:20.0125 3984        IpFilterDriver - ok
20:09:20.0156 3984        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:09:20.0343 3984        IpInIp - ok
20:09:20.0375 3984        IpNat          (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:09:20.0546 3984        IpNat - ok
20:09:20.0562 3984        IPSec          (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:09:20.0750 3984        IPSec - ok
20:09:20.0765 3984        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:09:20.0859 3984        IRENUM - ok
20:09:20.0906 3984        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:09:21.0062 3984        isapnp - ok
20:09:21.0171 3984        JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Programme\Java\jre6\bin\jqs.exe
20:09:21.0187 3984        JavaQuickStarterService - ok
20:09:21.0203 3984        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:09:21.0375 3984        Kbdclass - ok
20:09:21.0406 3984        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:09:21.0578 3984        kmixer - ok
20:09:21.0609 3984        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:09:21.0703 3984        KSecDD - ok
20:09:21.0750 3984        lanmanserver    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
20:09:21.0828 3984        lanmanserver - ok
20:09:21.0859 3984        lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
20:09:21.0890 3984        lanmanworkstation - ok
20:09:21.0906 3984        lbrtfdc - ok
20:09:21.0953 3984        LmHosts        (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
20:09:22.0125 3984        LmHosts - ok
20:09:22.0156 3984        MDM            (11f714f85530a2bd134074dc30e99fca) C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
20:09:22.0187 3984        MDM - ok
20:09:22.0218 3984        mdmxsdk        (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
20:09:22.0234 3984        mdmxsdk - ok
20:09:22.0250 3984        Messenger      (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
20:09:22.0437 3984        Messenger - ok
20:09:22.0468 3984        mnmdd          (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:09:22.0656 3984        mnmdd - ok
20:09:22.0687 3984        mnmsrvc        (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\System32\mnmsrvc.exe
20:09:22.0859 3984        mnmsrvc - ok
20:09:22.0890 3984        Modem          (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
20:09:23.0062 3984        Modem - ok
20:09:23.0062 3984        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:09:23.0234 3984        Mouclass - ok
20:09:23.0265 3984        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:09:23.0437 3984        MountMgr - ok
20:09:23.0453 3984        MPE            (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
20:09:23.0640 3984        MPE - ok
20:09:23.0640 3984        mraid35x - ok
20:09:23.0656 3984        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:09:23.0828 3984        MRxDAV - ok
20:09:23.0875 3984        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:09:23.0953 3984        MRxSmb - ok
20:09:23.0968 3984        MSDTC          (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\System32\msdtc.exe
20:09:24.0140 3984        MSDTC - ok
20:09:24.0156 3984        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:09:24.0312 3984        Msfs - ok
20:09:24.0328 3984        MSIServer - ok
20:09:24.0343 3984        MSKSSRV        (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:09:24.0515 3984        MSKSSRV - ok
20:09:24.0531 3984        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:09:24.0703 3984        MSPCLOCK - ok
20:09:24.0734 3984        MSPQM          (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:09:24.0890 3984        MSPQM - ok
20:09:24.0921 3984        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:09:25.0093 3984        mssmbios - ok
20:09:25.0109 3984        MSTEE          (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
20:09:25.0281 3984        MSTEE - ok
20:09:25.0312 3984        Mup            (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:09:25.0328 3984        Mup - ok
20:09:25.0359 3984        NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:09:25.0531 3984        NABTSFEC - ok
20:09:25.0578 3984        napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
20:09:25.0781 3984        napagent - ok
20:09:25.0796 3984        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:09:25.0968 3984        NDIS - ok
20:09:25.0984 3984        NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:09:26.0156 3984        NdisIP - ok
20:09:26.0218 3984        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:09:26.0265 3984        NdisTapi - ok
20:09:26.0281 3984        Ndisuio        (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:09:26.0453 3984        Ndisuio - ok
20:09:26.0468 3984        NdisWan        (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:09:26.0625 3984        NdisWan - ok
20:09:26.0671 3984        NDProxy        (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:09:26.0734 3984        NDProxy - ok
20:09:26.0750 3984        NetBIOS        (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:09:26.0921 3984        NetBIOS - ok
20:09:26.0953 3984        NetBT          (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:09:27.0109 3984        NetBT - ok
20:09:27.0156 3984        NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
20:09:27.0328 3984        NetDDE - ok
20:09:27.0343 3984        NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
20:09:27.0515 3984        NetDDEdsdm - ok
20:09:27.0531 3984        Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\System32\lsass.exe
20:09:27.0703 3984        Netlogon - ok
20:09:27.0734 3984        Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
20:09:27.0921 3984        Netman - ok
20:09:27.0984 3984        NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:09:28.0015 3984        NetTcpPortSharing - ok
20:09:28.0093 3984        NETw4x32        (18b2d3e11ed7a3c898ade6a6692b6929) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
20:09:28.0312 3984        NETw4x32 - ok
20:09:28.0328 3984        NIC1394        (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:09:28.0500 3984        NIC1394 - ok
20:09:28.0546 3984        Nla            (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
20:09:28.0578 3984        Nla - ok
20:09:28.0609 3984        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:09:28.0781 3984        Npfs - ok
20:09:28.0812 3984        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:09:29.0031 3984        Ntfs - ok
20:09:29.0078 3984        NtLmSsp        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\System32\lsass.exe
20:09:29.0234 3984        NtLmSsp - ok
20:09:29.0328 3984        NtmsSvc        (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
20:09:29.0515 3984        NtmsSvc - ok
20:09:29.0562 3984        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:09:29.0953 3984        Null - ok
20:09:30.0000 3984        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:09:30.0171 3984        NwlnkFlt - ok
20:09:30.0171 3984        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:09:30.0343 3984        NwlnkFwd - ok
20:09:30.0375 3984        ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:09:30.0546 3984        ohci1394 - ok
20:09:30.0578 3984        OMSI download service (da345de3b450e9e1691e7b9956d8ffc3) C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
20:09:30.0609 3984        OMSI download service ( UnsignedFile.Multi.Generic ) - warning
20:09:30.0609 3984        OMSI download service - detected UnsignedFile.Multi.Generic (1)
20:09:30.0625 3984        ose            (7a56cf3e3f12e8af599963b16f50fb6a) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
20:09:30.0656 3984        ose - ok
20:09:30.0687 3984        Parport        (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
20:09:30.0890 3984        Parport - ok
20:09:30.0890 3984        PartMgr        (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:09:31.0062 3984        PartMgr - ok
20:09:31.0093 3984        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
20:09:31.0265 3984        ParVdm - ok
20:09:31.0296 3984        PCI            (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
20:09:31.0468 3984        PCI - ok
20:09:31.0484 3984        PCIDump - ok
20:09:31.0484 3984        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:09:31.0656 3984        PCIIde - ok
20:09:31.0671 3984        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
20:09:31.0828 3984        Pcmcia - ok
20:09:31.0843 3984        PDCOMP - ok
20:09:31.0859 3984        PDFRAME - ok
20:09:31.0859 3984        PDRELI - ok
20:09:31.0875 3984        PDRFRAME - ok
20:09:31.0890 3984        perc2 - ok
20:09:31.0906 3984        perc2hib - ok
20:09:31.0968 3984        PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
20:09:31.0984 3984        PlugPlay - ok
20:09:32.0031 3984        Pml Driver HPZ12 (5c1cadd1cb67c0b9d8a84ec6e4d6b5cc) C:\WINDOWS\system32\HPZipm12.exe
20:09:32.0062 3984        Pml Driver HPZ12 - ok
20:09:32.0125 3984        PolicyAgent    (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\System32\lsass.exe
20:09:32.0281 3984        PolicyAgent - ok
20:09:32.0312 3984        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:09:32.0468 3984        PptpMiniport - ok
20:09:32.0484 3984        Processor      (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
20:09:32.0671 3984        Processor - ok
20:09:32.0671 3984        ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
20:09:32.0843 3984        ProtectedStorage - ok
20:09:32.0859 3984        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:09:33.0046 3984        PSched - ok
20:09:33.0046 3984        Ptilink        (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:09:33.0218 3984        Ptilink - ok
20:09:33.0234 3984        ql1080 - ok
20:09:33.0250 3984        Ql10wnt - ok
20:09:33.0265 3984        ql12160 - ok
20:09:33.0281 3984        ql1240 - ok
20:09:33.0296 3984        ql1280 - ok
20:09:33.0296 3984        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:09:33.0468 3984        RasAcd - ok
20:09:33.0515 3984        RasAuto        (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
20:09:33.0687 3984        RasAuto - ok
20:09:33.0703 3984        Rasl2tp        (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:09:33.0890 3984        Rasl2tp - ok
20:09:33.0921 3984        RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
20:09:34.0093 3984        RasMan - ok
20:09:34.0109 3984        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:09:34.0265 3984        RasPppoe - ok
20:09:34.0281 3984        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:09:34.0453 3984        Raspti - ok
20:09:34.0484 3984        Rdbss          (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:09:34.0656 3984        Rdbss - ok
20:09:34.0671 3984        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:09:34.0828 3984        RDPCDD - ok
20:09:34.0859 3984        rdpdr          (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:09:35.0015 3984        rdpdr - ok
20:09:35.0062 3984        RDPWD          (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
20:09:35.0125 3984        RDPWD - ok
20:09:35.0156 3984        RDSessMgr      (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
20:09:35.0328 3984        RDSessMgr - ok
20:09:35.0343 3984        redbook        (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:09:35.0515 3984        redbook - ok
20:09:35.0546 3984        RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
20:09:35.0718 3984        RemoteAccess - ok
20:09:35.0750 3984        RemoteRegistry  (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
20:09:35.0906 3984        RemoteRegistry - ok
20:09:35.0921 3984        RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\System32\locator.exe
20:09:36.0093 3984        RpcLocator - ok
20:09:36.0125 3984        RpcSs          (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
20:09:36.0156 3984        RpcSs - ok
20:09:36.0203 3984        RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\System32\rsvp.exe
20:09:36.0375 3984        RSVP - ok
20:09:36.0421 3984        rtl8139        (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
20:09:36.0593 3984        rtl8139 - ok
20:09:36.0625 3984        s217bus        (0266151de3f36429f6ac3c4b28085061) C:\WINDOWS\system32\DRIVERS\s217bus.sys
20:09:36.0656 3984        s217bus - ok
20:09:36.0687 3984        s217mdfl        (a43c0af0e46be7ef0c7e8ccf0f058600) C:\WINDOWS\system32\DRIVERS\s217mdfl.sys
20:09:36.0703 3984        s217mdfl - ok
20:09:36.0734 3984        s217mdm        (005f5ded1ed8f8a9d2399d765ead20f1) C:\WINDOWS\system32\DRIVERS\s217mdm.sys
20:09:36.0750 3984        s217mdm - ok
20:09:36.0781 3984        s217mgmt        (de9562ad0c91e1857d11f65a91ee1a47) C:\WINDOWS\system32\DRIVERS\s217mgmt.sys
20:09:36.0796 3984        s217mgmt - ok
20:09:36.0812 3984        s217nd5        (11cc5d7f992799e7e75d018e9c018563) C:\WINDOWS\system32\DRIVERS\s217nd5.sys
20:09:36.0843 3984        s217nd5 - ok
20:09:36.0859 3984        s217obex        (0f9f4045799afb66b85eef999d0609ec) C:\WINDOWS\system32\DRIVERS\s217obex.sys
20:09:36.0890 3984        s217obex - ok
20:09:36.0890 3984        s217unic        (1c91e1023f07b6407d84b5a43537d984) C:\WINDOWS\system32\DRIVERS\s217unic.sys
20:09:36.0921 3984        s217unic - ok
20:09:36.0937 3984        SamSs          (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
20:09:37.0109 3984        SamSs - ok
20:09:37.0187 3984        SASDIFSV        (39763504067962108505bff25f024345) C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
20:09:37.0203 3984        SASDIFSV - ok
20:09:37.0203 3984        SASKUTIL        (77b9fc20084b48408ad3e87570eb4a85) C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
20:09:37.0234 3984        SASKUTIL - ok
20:09:37.0250 3984        SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
20:09:37.0437 3984        SCardSvr - ok
20:09:37.0468 3984        Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
20:09:37.0640 3984        Schedule - ok
20:09:37.0687 3984        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:09:37.0781 3984        Secdrv - ok
20:09:37.0796 3984        seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
20:09:37.0968 3984        seclogon - ok
20:09:38.0000 3984        seehcri        (e5b56569a9f79b70314fede6c953641e) C:\WINDOWS\system32\DRIVERS\seehcri.sys
20:09:38.0078 3984        seehcri - ok
20:09:38.0093 3984        SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
20:09:38.0281 3984        SENS - ok
20:09:38.0312 3984        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
20:09:38.0484 3984        Serial - ok
20:09:38.0515 3984        Sfloppy        (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:09:38.0687 3984        Sfloppy - ok
20:09:38.0734 3984        SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
20:09:38.0906 3984        SharedAccess - ok
20:09:38.0953 3984        ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
20:09:38.0968 3984        ShellHWDetection - ok
20:09:39.0000 3984        Shockprf        (e22ef09693396bfeda7edc47b6c16e26) C:\WINDOWS\system32\DRIVERS\Apsx86.sys
20:09:39.0015 3984        Shockprf - ok
20:09:39.0031 3984        Simbad - ok
20:09:39.0046 3984        SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:09:39.0234 3984        SLIP - ok
20:09:39.0250 3984        Sparrow - ok
20:09:39.0328 3984        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:09:39.0484 3984        splitter - ok
20:09:39.0515 3984        Spooler        (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
20:09:39.0578 3984        Spooler - ok
20:09:39.0593 3984        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
20:09:39.0687 3984        sr - ok
20:09:39.0703 3984        srservice      (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\System32\srsvc.dll
20:09:39.0968 3984        srservice - ok
20:09:40.0000 3984        Srv            (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:09:40.0062 3984        Srv - ok
20:09:40.0078 3984        SSDPSRV        (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
20:09:40.0171 3984        SSDPSRV - ok
20:09:40.0203 3984        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
20:09:40.0234 3984        ssmdrv - ok
20:09:40.0234 3984        SSPORT - ok
20:09:40.0265 3984        stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
20:09:40.0453 3984        stisvc - ok
20:09:40.0484 3984        streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:09:40.0656 3984        streamip - ok
20:09:40.0671 3984        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:09:40.0843 3984        swenum - ok
20:09:40.0859 3984        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:09:41.0031 3984        swmidi - ok
20:09:41.0031 3984        SwPrv - ok
20:09:41.0046 3984        symc810 - ok
20:09:41.0062 3984        symc8xx - ok
20:09:41.0078 3984        sym_hi - ok
20:09:41.0093 3984        sym_u3 - ok
20:09:41.0125 3984        SynTP          (b248b5fe80b285b91cb1e6f85b0ae1d7) C:\WINDOWS\system32\DRIVERS\SynTP.sys
20:09:41.0203 3984        SynTP - ok
20:09:41.0234 3984        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:09:41.0406 3984        sysaudio - ok
20:09:41.0437 3984        SysmonLog      (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
20:09:41.0609 3984        SysmonLog - ok
20:09:41.0640 3984        TapiSrv        (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
20:09:41.0812 3984        TapiSrv - ok
20:09:41.0875 3984        Tcpip          (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:09:41.0937 3984        Tcpip - ok
20:09:41.0953 3984        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:09:42.0109 3984        TDPIPE - ok
20:09:42.0156 3984        TDTCP          (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:09:42.0328 3984        TDTCP - ok
20:09:42.0343 3984        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:09:42.0500 3984        TermDD - ok
20:09:42.0531 3984        TermService    (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
20:09:42.0718 3984        TermService - ok
20:09:42.0750 3984        Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
20:09:42.0781 3984        Themes - ok
20:09:42.0796 3984        TlntSvr        (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\System32\tlntsvr.exe
20:09:42.0890 3984        TlntSvr - ok
20:09:42.0906 3984        TosIde - ok
20:09:42.0953 3984        TPDIGIMN        (a44928f04032d49a6c2e151f869fb152) C:\WINDOWS\system32\DRIVERS\ApsHM86.sys
20:09:42.0968 3984        TPDIGIMN - ok
20:09:42.0984 3984        TPHDEXLGSVC    (33d918574810b910de2cc18874d51c97) C:\WINDOWS\system32\TPHDEXLG.exe
20:09:43.0015 3984        TPHDEXLGSVC - ok
20:09:43.0046 3984        TPHKDRV        (542770c8925e13b29b1ba63f05898058) C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys
20:09:43.0093 3984        TPHKDRV - ok
20:09:43.0109 3984        TPPWRIF        (44672de6cea9569c21c4b7a8d2560750) C:\WINDOWS\system32\drivers\Tppwrif.sys
20:09:43.0125 3984        TPPWRIF ( UnsignedFile.Multi.Generic ) - warning
20:09:43.0125 3984        TPPWRIF - detected UnsignedFile.Multi.Generic (1)
20:09:43.0140 3984        TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
20:09:43.0296 3984        TrkWks - ok
20:09:43.0328 3984        TSMAPIP        (ea856d91b3c088ce331e7740c72f43a3) C:\WINDOWS\system32\drivers\TSMAPIP.SYS
20:09:43.0343 3984        TSMAPIP - ok
20:09:43.0421 3984        TUWinStylerThemeSvc (8f5d673617d0101fc85dd30a27fc20c4) C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
20:09:43.0453 3984        TUWinStylerThemeSvc ( UnsignedFile.Multi.Generic ) - warning
20:09:43.0453 3984        TUWinStylerThemeSvc - detected UnsignedFile.Multi.Generic (1)
20:09:43.0468 3984        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:09:43.0656 3984        Udfs - ok
20:09:43.0656 3984        UIUSys - ok
20:09:43.0671 3984        ultra - ok
20:09:43.0687 3984        UMWdf          (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\system32\wdfmgr.exe
20:09:43.0765 3984        UMWdf - ok
20:09:43.0796 3984        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:09:44.0000 3984        Update - ok
20:09:44.0031 3984        upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
20:09:44.0140 3984        upnphost - ok
20:09:44.0156 3984        UPS            (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
20:09:44.0343 3984        UPS - ok
20:09:44.0359 3984        usbccgp        (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:09:44.0515 3984        usbccgp - ok
20:09:44.0562 3984        usbehci        (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:09:44.0734 3984        usbehci - ok
20:09:44.0781 3984        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:09:44.0937 3984        usbhub - ok
20:09:44.0953 3984        usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:09:45.0125 3984        usbprint - ok
20:09:45.0156 3984        usbscan        (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:09:45.0312 3984        usbscan - ok
20:09:45.0343 3984        USBSTOR        (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:09:45.0500 3984        USBSTOR - ok
20:09:45.0531 3984        usbuhci        (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:09:45.0687 3984        usbuhci - ok
20:09:45.0703 3984        VgaSave        (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:09:45.0859 3984        VgaSave - ok
20:09:45.0875 3984        ViaIde - ok
20:09:45.0890 3984        VolSnap        (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
20:09:46.0062 3984        VolSnap - ok
20:09:46.0093 3984        VSS            (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
20:09:46.0187 3984        VSS - ok
20:09:46.0218 3984        W32Time        (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\System32\w32time.dll
20:09:46.0390 3984        W32Time - ok
20:09:46.0421 3984        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:09:46.0593 3984        Wanarp - ok
20:09:46.0593 3984        WDICA - ok
20:09:46.0625 3984        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:09:46.0796 3984        wdmaud - ok
20:09:46.0828 3984        WebClient      (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
20:09:46.0984 3984        WebClient - ok
20:09:47.0046 3984        winachsf        (307d248f97835b6879bdd361086924fe) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
20:09:47.0093 3984        winachsf - ok
20:09:47.0156 3984        winmgmt        (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
20:09:47.0328 3984        winmgmt - ok
20:09:47.0390 3984        WmdmPmSN        (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\MsPMSNSv.dll
20:09:47.0437 3984        WmdmPmSN - ok
20:09:47.0484 3984        Wmi            (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
20:09:47.0531 3984        Wmi - ok
20:09:47.0578 3984        WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\System32\wbem\wmiapsrv.exe
20:09:47.0734 3984        WmiApSrv - ok
20:09:47.0765 3984        WpdUsb          (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
20:09:47.0796 3984        WpdUsb - ok
20:09:47.0921 3984        WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:09:47.0968 3984        WPFFontCache_v0400 - ok
20:09:48.0031 3984        wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
20:09:48.0203 3984        wscsvc - ok
20:09:48.0234 3984        WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:09:48.0406 3984        WSTCODEC - ok
20:09:48.0421 3984        wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
20:09:48.0609 3984        wuauserv - ok
20:09:48.0656 3984        WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
20:09:48.0875 3984        WZCSVC - ok
20:09:48.0906 3984        xmlprov        (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
20:09:49.0093 3984        xmlprov - ok
20:09:49.0125 3984        MBR (0x1B8)    (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
20:09:49.0359 3984        \Device\Harddisk0\DR0 - ok
20:09:49.0359 3984        Boot (0x1200)  (3d31d5bc0e6e03e30ce042d04bd4f953) \Device\Harddisk0\DR0\Partition0
20:09:49.0359 3984        \Device\Harddisk0\DR0\Partition0 - ok
20:09:49.0406 3984        Boot (0x1200)  (1f70e1be3945d5cc3fd28bd642382d80) \Device\Harddisk0\DR0\Partition1
20:09:49.0421 3984        \Device\Harddisk0\DR0\Partition1 - ok
20:09:49.0421 3984        ============================================================
20:09:49.0421 3984        Scan finished
20:09:49.0421 3984        ============================================================
20:09:49.0531 3612        Detected object count: 10
20:09:49.0531 3612        Actual detected object count: 10
20:12:14.0000 3612        AcPrfMgrSvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:14.0000 3612        AcPrfMgrSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:14.0000 3612        AcSvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:14.0000 3612        AcSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:14.0015 3612        ANC ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:14.0015 3612        ANC ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:14.0015 3612        AVerRemote ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:14.0015 3612        AVerRemote ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:14.0015 3612        AVerScheduleService ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:14.0015 3612        AVerScheduleService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:14.0015 3612        btwdins ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:14.0015 3612        btwdins ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:14.0015 3612        IBMTPCHK ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:14.0015 3612        IBMTPCHK ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:14.0015 3612        OMSI download service ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:14.0015 3612        OMSI download service ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:14.0015 3612        TPPWRIF ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:14.0015 3612        TPPWRIF ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:14.0015 3612        TUWinStylerThemeSvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:14.0015 3612        TUWinStylerThemeSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 17.04.2012 19:54
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Dittsche182 17.04.2012 20:28
Anbei die Log-Datei:


Combofix Logfile:
Code:
ComboFix 12-04-16.04 - Peter Lustig 17.04.2012  21:14:02.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.3062.2558 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Peter Lustig\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programme\xp-AntiSpy
c:\programme\xp-AntiSpy\Uninstall.exe
c:\programme\xp-AntiSpy\xp-AntiSpy.chm
c:\programme\xp-AntiSpy\xp-AntiSpy.exe
c:\programme\xp-AntiSpy\xp-AntiSpy.url
c:\windows\system32\pthreadVC.dll
c:\windows\system32\TPHDLOG0.LOG
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-03-17 bis 2012-04-17  ))))))))))))))))))))))))))))))
.
.
2012-04-17 16:07 . 2012-04-17 16:07        --------        d-----w-        c:\dokumente und einstellungen\Administrator
2012-04-16 19:45 . 2012-04-16 19:45        --------        d-----w-        C:\_OTL
2012-04-15 19:40 . 2012-04-15 19:40        --------        d-----w-        c:\programme\ESET
2012-04-15 10:32 . 2012-04-15 10:32        --------        d-----w-        c:\dokumente und einstellungen\Peter Lustig\Anwendungsdaten\SUPERAntiSpyware.com
2012-04-15 10:31 . 2012-04-15 10:32        --------        d-----w-        c:\programme\SUPERAntiSpyware
2012-04-15 10:31 . 2012-04-15 10:31        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
2012-04-15 07:23 . 2012-04-15 07:23        --------        d-----w-        c:\dokumente und einstellungen\Peter Lustig\Anwendungsdaten\Malwarebytes
2012-04-15 07:23 . 2012-04-15 07:23        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-04-15 07:23 . 2012-04-15 07:23        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware
2012-04-15 07:23 . 2012-04-04 13:56        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-04-14 22:29 . 2012-04-15 07:27        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\bProtector
2012-04-14 22:29 . 2012-04-14 22:29        793080        ----a-w-        c:\windows\system32\protector.dll
2012-04-14 22:29 . 2012-04-14 22:32        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\IBUpdaterService
2012-04-04 11:47 . 2012-04-04 11:47        --------        d-----w-        c:\programme\DVDVideoSoft
2012-04-02 11:54 . 2012-04-02 11:54        --------        d-----w-        c:\dokumente und einstellungen\Peter Lustig\Anwendungsdaten\SunODFPluginforMicrosoftOffice
2012-04-02 11:52 . 2012-04-14 18:27        418464        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-04-02 11:41 . 2012-04-02 12:10        --------        d-----w-        c:\programme\Sun
2012-03-20 17:47 . 2012-03-20 17:47        --------        d-----w-        c:\dokumente und einstellungen\Peter Lustig\Lokale Einstellungen\Anwendungsdaten\Identities
2012-03-19 13:40 . 2012-03-19 13:40        592824        ----a-w-        c:\programme\Mozilla Firefox\gkmedias.dll
2012-03-19 13:40 . 2012-03-19 13:40        44472        ----a-w-        c:\programme\Mozilla Firefox\mozglue.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 18:27 . 2011-11-04 20:44        70304        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-02 06:46 . 2012-03-02 06:46        73728        ----a-w-        c:\windows\system32\javacpl.cpl
2012-03-02 06:46 . 2011-11-19 15:03        472808        ----a-w-        c:\windows\system32\deployJava1.dll
2012-03-01 11:00 . 2001-08-18 12:00        916992        ----a-w-        c:\windows\system32\wininet.dll
2012-03-01 11:00 . 2001-08-18 12:00        43520        ------w-        c:\windows\system32\licmgr10.dll
2012-03-01 11:00 . 2001-08-18 12:00        1469440        ------w-        c:\windows\system32\inetcpl.cpl
2012-02-29 14:09 . 2001-08-18 12:00        177664        ----a-w-        c:\windows\system32\wintrust.dll
2012-02-29 14:09 . 2001-08-18 12:00        148480        ----a-w-        c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2011-11-03 15:42        385024        ------w-        c:\windows\system32\html.iec
2012-02-15 14:36 . 2011-11-04 19:11        137416        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-02-03 09:57 . 2001-08-18 12:00        1860224        ----a-w-        c:\windows\system32\win32k.sys
2012-03-19 13:40 . 2011-11-04 19:23        97208        ----a-w-        c:\programme\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\programme\NetWaiting\NetWaiting.exe" [2007-01-08 26152]
"SUPERAntiSpyware"="c:\programme\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\programme\Synaptics\SynTP\SynTPLpr.exe" [2007-07-05 110592]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2007-07-05 512000]
"TPFNF7"="c:\progra~1\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-04-09 58416]
"SoundMAXPnP"="c:\programme\Analog Devices\Core\smax4pnp.exe" [2007-04-09 1015808]
"ACTray"="c:\programme\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 413696]
"ACWLIcon"="c:\programme\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 126976]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-28 243248]
"TPHOTKEY"="c:\programme\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176]
"TpShocks"="TpShocks.exe" [2007-09-28 181544]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-09-05 200704]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-09-05 208896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-07 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-07 162328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-07 137752]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2011-10-19 258512]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-01-18 254696]
"SweetIM"="c:\programme\SweetIM\Messenger\SweetIM.exe" [2012-02-16 114992]
"Sweetpacks Communicator"="c:\programme\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-02-26 295728]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
BTTray.lnk - c:\programme\ThinkPad\Bluetooth Software\BTTray.exe [2007-2-27 561213]
Digital Line Detect.lnk - c:\programme\Digital Line Detect\DLG.exe [2011-11-4 50688]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programme\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54        551296        ----a-w-        c:\programme\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 07:37        34344        ----a-w-        c:\programme\Lenovo\HOTKEY\notifyf2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2006-12-14 02:06        28672        ----a-w-        c:\programme\Lenovo\HOTKEY\tphklock.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=protector.dll
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AVer HID Receiver.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\AVer HID Receiver.lnk
backup=c:\windows\pss\AVer HID Receiver.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AVerQuick.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\AVerQuick.lnk
backup=c:\windows\pss\AVerQuick.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Digital Imaging Monitor.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^McAfee Security Scan Plus.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 21:16        39792        ----a-w-        c:\programme\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2003-06-25 10:24        49152        ----a-w-        c:\programme\HP\HP Software Update\hpwuSchd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-11-04 20:34        127040        ----a-w-        c:\programme\ICQ7.6\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 06:52        1695232        ------w-        c:\programme\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr]
2009-08-14 08:10        614400        ----a-w-        c:\windows\Samsung\PanelMgr\SSMMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 08:27        17351304        ----a-r-        c:\programme\Skype\Phone\Skype.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\ICQ7.6\\ICQ.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Programme\\SweetIM\\Communicator\\SweetPacksUpdateManager.exe"=
.
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [28.09.2007 17:28 19504]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [04.11.2011 21:11 36000]
R1 SASDIFSV;SASDIFSV;c:\programme\SUPERAntiSpyware\sasdifsv.sys [22.07.2011 18:27 12880]
R1 SASKUTIL;SASKUTIL;c:\programme\SUPERAntiSpyware\SASKUTIL.SYS [12.07.2011 23:55 67664]
R2 !SASCORE;SAS Core Service;c:\programme\SUPERAntiSpyware\SASCore.exe [12.08.2011 01:38 116608]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [04.11.2011 21:11 86224]
R2 AVerRemote;AVerRemote;c:\programme\Gemeinsame Dateien\AVerMedia\Service\AVerRemote.exe [03.11.2011 19:02 344064]
R2 AVerScheduleService;AVerScheduleService;c:\programme\Gemeinsame Dateien\AVerMedia\Service\AVerScheduleService.exe [03.11.2011 19:02 389120]
R2 IBUpdaterService;Updater Service;c:\dokumente und einstellungen\All Users\Anwendungsdaten\IBUpdaterService\ibsvc.exe [15.04.2012 00:29 342968]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [13.11.2011 16:30 90112]
R3 AVerAF35;AVerMedia A835 USB DVB-T;c:\windows\system32\drivers\AVerAF35.sys [03.11.2011 19:04 474880]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [13.11.2011 16:31 27632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.03.2010 14:16 130384]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [02.04.2012 13:52 253088]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.03.2010 14:16 753504]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-13 c:\windows\Tasks\1-Klick-Wartung.job
- c:\programme\TuneUp Utilities 2006\SystemOptimizer.exe [2005-08-24 01:29]
.
2012-04-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 18:27]
.
2012-04-17 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2011-11-04 16:18]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
IE: Bild in &Microsoft PhotoDraw öffnen - c:\progra~1\MICROS~2\Office\1031\phdintl.dll/phdContext.htm
IE: Free YouTube to MP3 Converter - c:\dokumente und einstellungen\Peter Lustig\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Senden an &Bluetooth-Gerät... - c:\programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Web-Suche - c:\programme\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\programme\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\dokumente und einstellungen\Peter Lustig\Anwendungsdaten\Mozilla\Firefox\Profiles\u6r1xior.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/resultsext.aspx?ctid=ct2269050&searchsource=3&q={searchterms}
FF - prefs.js: browser.search.selectedengine - google
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/em/
FF - prefs.js: keyword.url - hxxp://dts.search-results.com/sr?src=ffb&appid=286&systemid=406&sr=0&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{d0230100-3044-43b1-a44e-70dc12fd418c} - (no file)
Toolbar-{d0230100-3044-43b1-a44e-70dc12fd418c} - (no file)
Notify-ACNotify - ACNotify.dll
AddRemove-xp-AntiSpy - c:\programme\xp-AntiSpy\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-04-17 21:22
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(976)
c:\programme\SUPERAntiSpyware\SASWINLO.DLL
c:\programme\ThinkPad\ConnectUtilities\ACNotify.dll
c:\programme\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\programme\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\programme\ThinkPad\ConnectUtilities\ACHelper.dll
c:\programme\Lenovo\HOTKEY\tphklock.dll
.
- - - - - - - > 'explorer.exe'(2428)
c:\windows\system32\btmmhook.dll
c:\windows\system32\webcheck.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\System32\TPHDEXLG.exe
c:\windows\system32\wdfmgr.exe
c:\programme\ThinkPad\ConnectUtilities\AcSvc.exe
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\TpShocks.exe
c:\windows\system32\rundll32.exe
c:\programme\Lenovo\HOTKEY\TPONSCR.exe
c:\windows\system32\igfxsrvc.exe
c:\programme\Lenovo\Zoom\TpScrex.exe
c:\progra~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-04-17  21:25:59 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-04-17 19:25
.
Vor Suchlauf: 10 Verzeichnis(se), 110.822.125.568 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 110.696.505.344 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - C5BE54E6C021F37F63153A9DEA4D1182
--- --- ---

10.45 Uhr: Die Fehlermeldung erscheint nun auch nicht mehr beim Starten! :daumenhoc


Alle Zeitangaben in WEZ +1. Es ist jetzt 05:23 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55