Trojaner-Board - Live Security Premium Logfile Malwarebytes

Hallo Markusg,

vielen Dank für Deine Unterstützung.

Eine Frage noch zu Malwarebytes...ich habe nun keine weiteren Häckchen bei Funmoods etc gesetzt alles so gelassen wie es warö. Soll ich den Scan nochmal durchführen und auch die funmoods anklicken und löschen?

Hier nochmal der aktualisierte Bericht...

Malwarebytes Anti-Malware 1.62.0.1300
Malwarebytes : Free anti-malware download

Database version: v2012.07.16.11

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 6.0.2900.5512
FRP :: FRP-LAPTOP [administrator]

22.07.2012 11:33:43
mbam-log-2012-07-22 (11-33-43).txt

Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 234563
Time elapsed: 17 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 27
HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> No action taken.
HKCR\funmoods.funmoodsHlpr.1 (PUP.Funmoods) -> No action taken.
HKCR\funmoods.funmoodsHlpr (PUP.Funmoods) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> No action taken.
HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> No action taken.
HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> No action taken.
HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> No action taken.
HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> No action taken.
HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> No action taken.
HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> No action taken.
HKCR\escort.escortIEPane (PUP.Funmoods) -> No action taken.
HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> No action taken.
HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Funmoods) -> No action taken.
HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> No action taken.
HKCR\funmoods.dskBnd (PUP.Funmoods) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> No action taken.
HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> No action taken.
HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> No action taken.
HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> No action taken.
HKCR\funmoodsApp.appCore (PUP.Funmoods) -> No action taken.
HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> No action taken.
HKCR\f (PUP.Funmoods) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A} (PUP.Funmoods) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\funmoods (PUP.FunMoods) -> No action taken.
HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum (Trojan.Lameshield) -> Quarantined and deleted successfully.

Registry Values Detected: 4
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: Funmoods Toolbar -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\funmoods|UninstallString (PUP.Funmoods) -> Data: "C:\Programme\Funmoods\funmoods\1.5.11.16\uninstall.exe" -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|036DFF980000E4183B5E297D7B07D287 (Trojan.Lameshield) -> Data: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\036DFF980000E4183B5E297D7B07D287\036DFF980000E4183B5E297D7B07D287.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\Programme\Funmoods\funmoods\1.5.11.16 (PUP.Funmoods) -> No action taken.
C:\Programme\Funmoods\funmoods\1.5.11.16\bh (PUP.Funmoods) -> No action taken.

Files Detected: 9
C:\Programme\Funmoods\funmoods\1.5.11.16\bh\funmoods.dll (PUP.Funmoods) -> No action taken.
C:\Programme\Funmoods\funmoods\1.5.11.16\funmoodssrv.exe (PUP.Funmoods) -> No action taken.
C:\Programme\Funmoods\funmoods\1.5.11.16\funmoodsTlbr.dll (PUP.Funmoods) -> No action taken.
C:\Programme\Funmoods\funmoods\1.5.11.16\funmoodsApp.dll (PUP.Funmoods) -> No action taken.
C:\Programme\Funmoods\funmoods\1.5.11.16\funmoodsEng.dll (PUP.Funmoods) -> No action taken.
C:\Programme\Funmoods\funmoods\1.5.11.16\uninstall.exe (PUP.FunMoods) -> No action taken.
C:\Programme\Funmoods\funmoods\1.5.11.16\funmoodsOEM.crx (PUP.Funmoods) -> No action taken.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\036DFF980000E4183B5E297D7B07D287\036DFF980000E4183B5E297D7B07D287.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\FRP\Desktop\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Quarantined and deleted successfully.

(end)

Mache nun deine weiteren Anweisungen!

Vielen Dank!

Habe nun OTL nach Deinen Anweisungen durchgeführt. Bitte finde anbei die beiden txt. Dateien.

OTL txt:OTL Logfile:

Code:

OTL logfile created on: 22.07.2012 12:11:41 - Run 1

OTL by OldTimer - Version 3.2.54.0     Folder = C:\Dokumente und Einstellungen\FRP\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,96 Gb Total Physical Memory | 1,71 Gb Available Physical Memory | 87,24% Memory free

3,81 Gb Paging File | 3,74 Gb Available in Paging File | 98,04% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 24,41 Gb Total Space | 3,93 Gb Free Space | 16,09% Space Free | Partition Type: NTFS

Drive E: | 50,12 Gb Total Space | 49,63 Gb Free Space | 99,04% Space Free | Partition Type: NTFS

 

Computer Name: FRP-LAPTOP | User Name: FRP | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.07.22 12:00:47 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\FRP\Desktop\OTL.exe

PRC - [2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.04.04 07:53:56 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU

MOD - [2008.03.29 08:42:20 | 000,159,744 | ---- | M] () -- C:\Programme\Essentials Codec Pack\Haali\mmfinfo.dll

MOD - [2008.03.29 08:41:52 | 000,023,552 | ---- | M] () -- C:\Programme\Essentials Codec Pack\Haali\mkunicode.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)

SRV - [2012.07.12 16:39:57 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.07.06 21:02:29 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012.05.11 23:03:14 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2012.05.11 23:03:13 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2012.02.29 09:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012.01.22 18:37:17 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Stopped] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)

SRV - [2011.12.01 02:39:00 | 000,292,200 | ---- | M] (Lenovo.) [Auto | Stopped] -- C:\Programme\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc)

SRV - [2011.12.01 02:39:00 | 000,175,168 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe -- (PwmEWSvc)

SRV - [2011.12.01 02:39:00 | 000,069,632 | ---- | M] () [Auto | Stopped] -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)

SRV - [2011.10.24 22:32:00 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2011.10.20 12:21:22 | 000,244,800 | ---- | M] (Lenovo ) [Auto | Stopped] -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)

SRV - [2011.10.20 12:21:20 | 000,105,536 | ---- | M] (Lenovo ) [Auto | Stopped] -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)

SRV - [2011.07.25 23:14:00 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\System Update\SUService.exe -- (SUService)

SRV - [2011.07.12 17:53:48 | 000,131,432 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)

SRV - [2011.07.12 17:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)

SRV - [2011.07.12 17:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)

SRV - [2011.06.22 20:32:36 | 000,882,960 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Programme\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)

SRV - [2011.06.22 19:49:24 | 000,866,576 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)

SRV - [2011.06.22 19:30:38 | 000,481,552 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)

SRV - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Stopped] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)

SRV - [2008.03.04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)

SRV - [2007.09.26 17:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)

SRV - [2006.10.26 20:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] --  -- (Changer)

DRV - [2012.05.11 23:03:15 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2012.05.11 23:03:15 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2011.12.15 16:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)

DRV - [2011.12.01 02:39:00 | 000,025,968 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\DOZEHDD.SYS -- (DozeHDD)

DRV - [2011.12.01 02:39:00 | 000,012,144 | ---- | M] (Lenovo Group Limited) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)

DRV - [2011.08.30 20:52:30 | 000,004,224 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)

DRV - [2011.08.30 20:52:28 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)

DRV - [2011.03.29 20:14:08 | 000,122,992 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsX86.sys -- (Shockprf)

DRV - [2011.03.29 20:12:16 | 000,020,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsHM86.sys -- (TPDIGIMN)

DRV - [2010.10.07 06:11:38 | 006,609,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETwLx32.sys -- (NETwLx32)     Intel(R)

DRV - [2010.09.07 15:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\smiif32.sys -- (lenovo.smi)

DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2010.06.02 15:49:20 | 000,993,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)

DRV - [2010.06.02 15:49:20 | 000,738,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)

DRV - [2010.06.02 15:49:18 | 000,217,016 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)

DRV - [2010.05.19 23:15:04 | 000,013,952 | ---- | M] (Intel Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)

DRV - [2009.11.12 14:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)

DRV - [2007.02.19 07:56:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.funmoods.com/results.php?f=4&a=make&q={searchTerms}

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Funmoods Search

IE - HKCU\..\SearchScopes,DefaultScope = {0D7562AE-8EF6-416d-A838-AB665251703A}

IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.funmoods.com/?a=make&s={searchTerms}&f=4

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.selectedEngine: "eBay"

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig?hl=de&source=iglk"

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Itunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Programme\Veetle\plugins\npVeetle.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Programme\Veetle\Player\npvlc.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.07.06 21:02:31 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins

 

[2012.01.22 19:37:33 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\FRP\Anwendungsdaten\Mozilla\Extensions

[2012.07.05 10:54:33 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\FRP\Anwendungsdaten\Mozilla\Firefox\Profiles\rtc7bhtm.default\extensions

[2012.06.30 11:06:12 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Dokumente und Einstellungen\FRP\Anwendungsdaten\Mozilla\Firefox\Profiles\rtc7bhtm.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}

[2012.05.17 12:32:45 | 000,000,000 | ---D | M] (WOT) -- C:\Dokumente und Einstellungen\FRP\Anwendungsdaten\Mozilla\Firefox\Profiles\rtc7bhtm.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

[2012.03.17 21:11:30 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Dokumente und Einstellungen\FRP\Anwendungsdaten\Mozilla\Firefox\Profiles\rtc7bhtm.default\extensions\ffxtlbr@funmoods.com

[2012.05.17 12:32:45 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Dokumente und Einstellungen\FRP\Anwendungsdaten\Mozilla\Firefox\Profiles\rtc7bhtm.default\extensions\ich@maltegoetz.de

[2012.03.17 21:11:04 | 000,001,798 | ---- | M] () -- C:\Dokumente und Einstellungen\FRP\Anwendungsdaten\Mozilla\Firefox\Profiles\rtc7bhtm.default\searchplugins\funmoods.xml

[2012.01.22 18:36:51 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012.01.22 20:39:28 | 000,434,392 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\FRP\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\RTC7BHTM.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI

[2012.06.23 08:50:42 | 000,109,964 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\FRP\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\RTC7BHTM.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI

[2012.07.06 21:02:30 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll

[2012.03.14 09:50:11 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.03.14 09:50:11 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml

[2012.03.14 09:50:11 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml

[2012.03.14 09:50:11 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.03.14 09:50:11 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.03.14 09:50:11 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2001.08.18 21:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Programme\Funmoods\funmoods\1.5.11.16\bh\funmoods.dll (Funmoods BHO)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (Funmoods Toolbar) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Programme\Funmoods\funmoods\1.5.11.16\funmoodsTlbr.dll (Funmoods)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )

O4 - HKLM..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )

O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found

O4 - HKLM..\Run: [LenovoAutoScrollUtility] C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [LPMailChecker] C:\Programme\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)

O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)

O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WISO Mein Steuer-Sparbuch heute.lnk = C:\Programme\WISO\Steuersoftware 2012\mshaktuell.exe ()

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect.cab (IASRunner Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)

O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)

O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4BCABEF6-AF06-489A-B838-877C67C5AD32}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\ACNotify: DllName - (ACNotify.dll) - C:\Programme\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2012.01.22 17:36:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site

ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - DOTNETFRAMEWORKS

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung

ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

 

NetSvcs: 6to4 -  File not found

NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found

NetSvcs: Ias -  File not found

NetSvcs: Iprip -  File not found

NetSvcs: Irmon -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: WmdmPmSp -  File not found

 

 

CREATERESTOREPOINT

Unable to start System Restore Service. Error code 10

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.07.22 12:00:34 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\FRP\Desktop\OTL.exe

[2012.07.16 22:06:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\FRP\Anwendungsdaten\Malwarebytes

[2012.07.16 22:06:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware

[2012.07.16 22:06:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2012.07.16 22:06:14 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012.07.16 22:06:14 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2012.07.16 22:04:54 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC

[2012.07.16 22:01:12 | 010,652,120 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\FRP\Desktop\mbam-setup-1[1].62.0.1300.exe

[2012.07.15 19:48:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\FRP\Anwendungsdaten\Funmoods

[2012.07.15 18:33:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\FRP\Startmenü\Programme\Live Security Platinum

[2012.07.15 18:31:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\036DFF980000E4183B5E297D7B07D287

[2012.07.08 12:01:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\FRP\Anwendungsdaten\Buhl Data Service

[2012.07.08 12:01:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\FRP\Lokale Einstellungen\Anwendungsdaten\Buhl Data Service

[2012.07.08 12:00:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\FRP\Eigene Dateien\Steuer-Sparbuch

[2012.07.08 10:15:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\FRP\Eigene Dateien\Mein Steuer-Sparbuch Heute

[2012.07.08 10:15:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\FRP\Lokale Einstellungen\Anwendungsdaten\Buhl

[2012.07.08 10:14:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\WISO Steuer-Sparbuch 2012

[2012.07.08 10:13:07 | 000,000,000 | ---D | C] -- C:\Programme\WISO

[2012.07.08 10:12:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH

[2012.07.01 18:47:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\FRP\Startmenü\Programme\IrfanView

[2012.07.01 18:47:43 | 000,000,000 | ---D | C] -- C:\Programme\IrfanView

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.07.22 12:12:05 | 000,544,064 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2012.07.22 12:12:05 | 000,495,518 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012.07.22 12:12:05 | 000,110,936 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2012.07.22 12:12:05 | 000,084,106 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012.07.22 12:09:34 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012.07.22 12:08:02 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012.07.22 12:07:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012.07.22 12:00:47 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\FRP\Desktop\OTL.exe

[2012.07.18 21:04:45 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job

[2012.07.18 12:01:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job

[2012.07.18 11:39:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012.07.17 22:30:21 | 000,396,651 | ---- | M] () -- C:\Dokumente und Einstellungen\FRP\Desktop\Paschun-Paetke, Petra-Maria - Einkommensteuererklärung - An das Finanzamt.pdf

[2012.07.17 22:30:21 | 000,203,511 | ---- | M] () -- C:\Dokumente und Einstellungen\FRP\Desktop\Paschun-Paetke, Petra-Maria.s12.$$$

[2012.07.17 22:30:21 | 000,203,511 | ---- | M] () -- C:\Dokumente und Einstellungen\FRP\Desktop\Paschun-Paetke, Petra-Maria.s12

[2012.07.17 22:30:21 | 000,000,092 | ---- | M] () -- C:\Dokumente und Einstellungen\FRP\Desktop\Paschun-Paetke, Petra-Maria.s12.lck

[2012.07.17 22:23:40 | 000,000,790 | ---- | M] () -- C:\WINDOWS\wiso.ini

[2012.07.16 22:13:32 | 000,467,726 | ---- | M] () -- C:\Dokumente und Einstellungen\FRP\Desktop\Paschun-Paetke, Petra-Maria - Einkommensteuererklärung - Meine Kopie.pdf

[2012.07.16 22:10:54 | 002,359,350 | ---- | M] () -- C:\Dokumente und Einstellungen\FRP\Desktop\Screensot Elster.bmp

[2012.07.16 22:06:16 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.07.16 22:01:28 | 010,652,120 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\FRP\Desktop\mbam-setup-1[1].62.0.1300.exe

[2012.07.16 21:58:37 | 000,000,335 | ---- | M] () -- C:\Dokumente und Einstellungen\FRP\Desktop\FixExe.reg

[2012.07.08 10:29:05 | 000,000,512 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job

[2012.07.08 10:14:54 | 000,001,724 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WISO Mein Steuer-Sparbuch heute.lnk

[2012.07.08 10:14:54 | 000,001,698 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WISO Steuer-Sparbuch 2012.lnk

[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.07.17 22:22:52 | 000,203,511 | ---- | C] () -- C:\Dokumente und Einstellungen\FRP\Desktop\Paschun-Paetke, Petra-Maria.s12.$$$

[2012.07.17 22:22:52 | 000,000,092 | ---- | C] () -- C:\Dokumente und Einstellungen\FRP\Desktop\Paschun-Paetke, Petra-Maria.s12.lck

[2012.07.17 22:22:48 | 000,203,511 | ---- | C] () -- C:\Dokumente und Einstellungen\FRP\Desktop\Paschun-Paetke, Petra-Maria.s12

[2012.07.16 22:13:31 | 000,467,726 | ---- | C] () -- C:\Dokumente und Einstellungen\FRP\Desktop\Paschun-Paetke, Petra-Maria - Einkommensteuererklärung - Meine Kopie.pdf

[2012.07.16 22:12:08 | 000,396,651 | ---- | C] () -- C:\Dokumente und Einstellungen\FRP\Desktop\Paschun-Paetke, Petra-Maria - Einkommensteuererklärung - An das Finanzamt.pdf

[2012.07.16 22:10:54 | 002,359,350 | ---- | C] () -- C:\Dokumente und Einstellungen\FRP\Desktop\Screensot Elster.bmp

[2012.07.16 22:06:16 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.07.16 21:57:57 | 000,000,335 | ---- | C] () -- C:\Dokumente und Einstellungen\FRP\Desktop\FixExe.reg

[2012.07.08 10:15:16 | 000,000,790 | ---- | C] () -- C:\WINDOWS\wiso.ini

[2012.07.08 10:14:54 | 000,001,724 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WISO Mein Steuer-Sparbuch heute.lnk

[2012.07.08 10:14:54 | 000,001,698 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WISO Steuer-Sparbuch 2012.lnk

[2012.05.18 23:26:50 | 000,520,056 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat

[2012.03.20 23:11:57 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2012.03.17 21:13:42 | 000,198,950 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1960408961-1482476501-839522115-1003-0.dat

[2012.03.17 21:13:41 | 000,198,950 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat

[2012.03.16 22:40:48 | 000,005,120 | ---- | C] () -- C:\Dokumente und Einstellungen\FRP\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.02.12 23:31:43 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll

[2012.02.09 10:48:17 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012.01.22 23:41:16 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys

[2012.01.22 21:36:15 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys

[2012.01.22 19:54:51 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\syndata.bin

[2012.01.22 19:41:45 | 001,498,560 | ---- | C] () -- C:\WINDOWS\System32\igkrng400.bin

[2012.01.22 18:30:12 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2012.01.22 18:29:15 | 000,189,792 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012.01.22 17:37:49 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2012.01.22 17:33:22 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

 
 ========== LOP Check ==========

 

[2012.07.15 18:33:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\036DFF980000E4183B5E297D7B07D287

[2012.07.08 12:25:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH

[2012.03.17 21:34:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Freemake

[2012.03.27 22:19:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lenovo

[2012.01.22 22:20:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCDr

[2012.02.14 22:37:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2012.02.14 23:01:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\FRP\Anwendungsdaten\Amazon

[2012.07.08 12:01:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\FRP\Anwendungsdaten\Buhl Data Service

[2012.07.15 19:48:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\FRP\Anwendungsdaten\Funmoods

[2012.03.27 22:20:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\FRP\Anwendungsdaten\Lenovo

[2012.01.22 23:05:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\FRP\Anwendungsdaten\PCDr

[2012.02.12 23:31:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\FRP\Anwendungsdaten\pdfforge

[2012.01.22 23:06:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\FRP\Anwendungsdaten\PwrMgr

[2012.01.22 18:38:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\FRP\Anwendungsdaten\TeamViewer

[2012.01.22 22:16:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\FRP\Anwendungsdaten\Update

[2012.01.22 21:48:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\FRP\Anwendungsdaten\Windows Desktop Search

[2012.01.22 21:53:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\FRP\Anwendungsdaten\Windows Search

[2012.07.08 10:29:05 | 000,000,512 | ---- | M] () -- C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job

[2012.07.18 21:04:45 | 000,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job

[2012.07.18 12:01:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\SystemToolsDailyTest.job

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %SYSTEMDRIVE%\*. >

[2012.01.22 17:40:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen

[2012.01.22 19:55:30 | 000,000,000 | ---D | M] -- C:\DRIVERS

[2012.01.22 19:41:36 | 000,000,000 | ---D | M] -- C:\Intel

[2012.01.22 21:10:45 | 000,000,000 | RH-D | M] -- C:\MSOCache

[2012.01.22 19:44:30 | 000,000,000 | ---D | M] -- C:\OSFIXES

[2012.07.16 22:06:14 | 000,000,000 | R--D | M] -- C:\Programme

[2012.01.22 18:42:49 | 000,000,000 | -HSD | M] -- C:\RECYCLER

[2012.01.22 20:01:16 | 000,000,000 | ---D | M] -- C:\swtools

[2012.01.22 18:27:27 | 000,000,000 | -HSD | M] -- C:\System Volume Information

[2012.07.16 22:04:54 | 000,000,000 | ---D | M] -- C:\WINDOWS

 
 < %PROGRAMFILES%\*.exe >

Invalid Environment Variable: LOCALAPPDATA

 
 < %systemroot%\*. /mp /s >

 
 < MD5 for: AGP440.SYS  >

[2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

[2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys

[2008.04.14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008.04.14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

 
 < MD5 for: ATAPI.SYS  >

[2002.08.29 03:52:58 | 010,180,476 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys

[2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys

[2002.08.29 01:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

 
 < MD5 for: EVENTLOG.DLL  >

[2008.04.14 08:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008.04.14 08:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll

[2002.08.29 03:43:22 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=B9358A1FB66CF656328FD8B792B2CCC4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

 
 < MD5 for: EXPLORER.EXE  >

[2002.08.29 03:43:36 | 001,007,104 | ---- | M] (Microsoft Corporation) MD5=22B0A56E6C5847292437078B484EC61B -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

[2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe

[2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

 
 < MD5 for: NETLOGON.DLL  >

[2008.04.14 08:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008.04.14 08:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll

[2002.08.29 03:43:26 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=BCA549B21E651111CE7BAD0FC8C45F4B -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

 
 < MD5 for: SCECLI.DLL  >

[2008.04.14 08:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008.04.14 08:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll

[2002.08.29 03:43:30 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=ADD49C10F5DADFA81912D124FE1C9A99 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2008.04.14 08:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll

[2008.04.14 08:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll

[2002.08.29 03:43:32 | 000,561,664 | ---- | M] (Microsoft Corporation) MD5=E3DAFFDB1C86C1AEAC1B205F6CF67009 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.04.14 08:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe

[2008.04.14 08:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe

[2002.08.29 03:43:42 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=BEBD3F08461F9A88E5ABCE0CB9707000 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2002.08.29 03:43:42 | 000,521,728 | ---- | M] (Microsoft Corporation) MD5=616896B708286DA98D6A099293F181D7 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2008.04.14 08:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

[2008.04.14 08:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2001.08.18 21:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys

[2001.08.18 21:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2012.01.22 19:28:25 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav

[2012.01.22 19:28:25 | 000,630,784 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav

[2012.01.22 19:28:25 | 000,421,888 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

 
 < %systemroot%\system32\*.dll /lockedfiles >

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

 
 < %USERPROFILE%\*.* >

[2012.07.22 12:06:51 | 003,145,728 | -H-- | M] () -- C:\Dokumente und Einstellungen\FRP\NTUSER.DAT

[2012.07.22 12:12:30 | 000,126,976 | -H-- | M] () -- C:\Dokumente und Einstellungen\FRP\ntuser.dat.LOG

[2012.07.22 12:06:51 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\FRP\ntuser.ini

 
 < %USERPROFILE%\Local Settings\Temp\*.exe >

 
 < %USERPROFILE%\Local Settings\Temp\*.dll >

 
 < %USERPROFILE%\Application Data\*.exe >

 
 < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2012.04.11 15:51:18 | 001,862,400 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 

< End of report >

--- --- ---

und Extras.txt:OTL Logfile:

Code:

OTL Extras logfile created on: 22.07.2012 12:11:41 - Run 1

OTL by OldTimer - Version 3.2.54.0     Folder = C:\Dokumente und Einstellungen\FRP\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,96 Gb Total Physical Memory | 1,71 Gb Available Physical Memory | 87,24% Memory free

3,81 Gb Paging File | 3,74 Gb Available in Paging File | 98,04% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 24,41 Gb Total Space | 3,93 Gb Free Space | 16,09% Space Free | Partition Type: NTFS

Drive E: | 50,12 Gb Total Space | 49,63 Gb Free Space | 99,04% Space Free | Partition Type: NTFS

 

Computer Name: FRP-LAPTOP | User Name: FRP | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Programme\Veetle\Player\VeetleNet.exe" = C:\Programme\Veetle\Player\VeetleNet.exe:*:Enabled:VeetleNet -- ()

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Programme\TeamViewer\Version7\TeamViewer.exe" = C:\Programme\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)

"C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe" = C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)

"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)

"C:\Programme\Veetle\Player\VeetleNet.exe" = C:\Programme\Veetle\Player\VeetleNet.exe:*:Enabled:VeetleNet -- ()

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012

"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{24E92E7A-6848-4747-A3EA-3AAC0576BE52}" = Lenovo Patch Utility

"{26A24AE4-039D-4CA4-87B4-2F83217002FF}" = Java(TM) 7 Update 2

"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3FE3D6A5-2F5E-4870-A3AC-D1D88E0B2797}" = Intel(R) PROSet/Wireless WiFi-Software

"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP

"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections

"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support

"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update

"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007

"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)

"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Energie-Manager

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch

"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU

"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU

"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center

"{D728E945-256D-4477-B377-6BBA693714AC}" = Ergänzung zu Productivity Center für ThinkPad

"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8

"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack

"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9

"Avira AntiVir Desktop" = Avira Free Antivirus

"CCleaner" = CCleaner

"CNXT_MODEM_HDA_HSF" = ThinkPad Modem

"ENTERPRISE" = Microsoft Office Enterprise 2007

"funmoods" = Funmoods on IE and Chrome

"HDMI" = Intel(R) Graphics Media Accelerator Driver

"IrfanView" = IrfanView (remove only)

"LENOVO.SMIIF" = Lenovo System Interface Driver

"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility

"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack

"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"OnScreenDisplay" = Anzeige am Bildschirm

"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox

"Picasa 3" = Picasa 3

"Power Management Driver" = ThinkPad Power Management Driver

"ProInst" = Intel PROSet Wireless

"PROSet" = Intel(R) Network Connections Drivers

"SynTPDeinstKey" = ThinkPad UltraNav Driver

"TeamViewer 7" = TeamViewer 7

"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier

"Veetle TV" = Veetle TV

"VLC media player" = VLC media player 1.1.11

"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 2.3d

"Windows Media Encoder 9" = Windows Media Encoder 9 Series

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinRAR archiver" = WinRAR 4.10 (32-Bit)

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 17.07.2012 16:32:15 | Computer Name = FRP-LAPTOP | Source = Outlook | ID = 35

Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet

 (Fehler=0x8007043c).

 

Error - 17.07.2012 16:32:15 | Computer Name = FRP-LAPTOP | Source = Outlook | ID = 35

Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet

 (Fehler=0x8007043c).

 

Error - 17.07.2012 16:32:16 | Computer Name = FRP-LAPTOP | Source = Outlook | ID = 35

Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet

 (Fehler=0x8007043c).

 

Error - 17.07.2012 16:32:16 | Computer Name = FRP-LAPTOP | Source = Outlook | ID = 35

Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet

 (Fehler=0x8007043c).

 

Error - 18.07.2012 15:14:06 | Computer Name = FRP-LAPTOP | Source = PC-Doctor | ID = 1

Description = (688) Asapi: (21:14:06:7650)(688) libKernelMode.ServiceManager - Error

 -- 641 Error 0x43c starting service 0: (Error#:1084) : Der Dienst kann nicht im

 abgesicherten Modus gestartet werden. 

 

Error - 18.07.2012 15:14:06 | Computer Name = FRP-LAPTOP | Source = PC-Doctor | ID = 1

Description = (688) Asapi: (21:14:06:9210)(688) libKernelMode.ServiceManager - Error

 -- 563 Service must be started before accessing driver 

 

Error - 18.07.2012 15:14:06 | Computer Name = FRP-LAPTOP | Source = PC-Doctor | ID = 1

Description = (688) Asapi: (21:14:06:9210)(688) libKernelMode.MemDriver - Error 

-- 72 Error reading physical memory: 0x0 

 

Error - 18.07.2012 15:14:06 | Computer Name = FRP-LAPTOP | Source = PC-Doctor | ID = 1

Description = (688) Asapi: (21:14:06:9210)(688) libPreEnumOem.SystemEnumerator -

 Error -- 92 SMBIOS total memory size is wrong - accessible physical memory is greater

 than installed memory. Falling back to Microsoft provided memory metric. *** Memory

 Metric Summary *** Total Physical Memory   (Windows) : 2006.22 MB Total Physical 

Memory   (SMBIOS)  : 0.00 MB  

 

Error - 18.07.2012 15:14:07 | Computer Name = FRP-LAPTOP | Source = PC-Doctor | ID = 1

Description = (688) Asapi: (21:14:07:4680)(688) CSPinvoke - Error -- 461 Exception

 in C# layer (asapicsharp_wrap.cxx, line 45000; threadid = 812): License authentication

 result = FAIL; reasons = SMBIOS_CHECK Stack Trace: file: Common.dll   instruction 

offset: 000A75A5  file: Asapi.dll   instruction offset: 000826A9  file: Asapi.dll   instruction

 offset: 000867C1  file: ??????????????????U?    instruction offset: 0000A30B  file: ??????????????????U?
 

  instruction offset: 0000AF75  file: ??????????????????U?    instruction offset: 0000AC57
 

file:

 ??????????????????U?    instruction offset: 0000C0BD  file: ??????????????????U?    instruction

 offset: 00004357  file: ??????????????????U?    instruction offset: 0000417B  file: mscorlib.ni.dll
 

  instruction offset: 0022043F  file: mscorlib.ni.dll   instruction offset: 00216F34
 

file:

 mscorwks.dll   instruction offset: 00001B4C  file: mscorwks.dll   instruction offset:

 0001969E  file: mscorwks.dll   instruction offset: 00026D21  file: mscorwks.dll   instruction

 offset: 00026D54  file: mscorwks.dll   instruction offset: 00026D72  file: mscorwks.dll
 

  instruction offset: 0011834F  file: mscorwks.dll   instruction offset: 0002CB0F  file:

 mscorwks.dll   instruction offset: 0002CAAB  file: mscorwks.dll   instruction offset:

 0002C9D1  file: mscorwks.dll   instruction offset: 0002CB5D  file: mscorwks.dll   instruction

 offset: 00118120  file: mscorwks.dll   instruction offset: 001181FA  file: mscorwks.dll
 

  instruction offset: 0009E235  file: KERNEL32.dll   instruction offset: 0000B729  (end

 stack trace) ***** NOTE *****: Use stacktraceparser.exe to translate the instruction

 offsets into function names.  

 

Error - 18.07.2012 15:14:09 | Computer Name = FRP-LAPTOP | Source = PC-Doctor | ID = 1

Description = (688) Asapi: (21:14:09:3590)(688) CSPinvoke - Error -- 461 Exception

 in C# layer (asapicsharp_wrap.cxx, line 43806; threadid = 812): License authentication

 result = FAIL; reasons = SMBIOS_CHECK Stack Trace: file: Common.dll   instruction 

offset: 000A75A5  file: Asapi.dll   instruction offset: 000826A9  file: asapicsharp.dll
 

  instruction offset: 0007AFF4  file: ??????????????????U?    instruction offset: 0000282F
 

file:

 ??????????????????U?    instruction offset: 00000528  file: ??????????????????U?    instruction

 offset: 000044A2  file: ??????????????????U?    instruction offset: 0000417B  file: mscorlib.ni.dll
 

  instruction offset: 0022043F  file: mscorlib.ni.dll   instruction offset: 00216F34
 

file:

 mscorwks.dll   instruction offset: 00001B4C  file: mscorwks.dll   instruction offset:

 0001969E  file: mscorwks.dll   instruction offset: 00026D21  file: mscorwks.dll   instruction

 offset: 00026D54  file: mscorwks.dll   instruction offset: 00026D72  file: mscorwks.dll
 

  instruction offset: 0011834F  file: mscorwks.dll   instruction offset: 0002CB0F  file:

 mscorwks.dll   instruction offset: 0002CAAB  file: mscorwks.dll   instruction offset:

 0002C9D1  file: mscorwks.dll   instruction offset: 0002CB5D  file: mscorwks.dll   instruction

 offset: 00118120  file: mscorwks.dll   instruction offset: 001181FA  file: mscorwks.dll
 

  instruction offset: 0009E235  file: KERNEL32.dll   instruction offset: 0000B729  (end

 stack trace) ***** NOTE *****: Use stacktraceparser.exe to translate the instruction

 offsets into function names.  

 

[ Lenovo-Lenovo Patch Utility/Admin Events ]

Error - 01.07.2012 12:49:01 | Computer Name = FRP-LAPTOP | Source = Lenovo Patch Utility | ID = 1

Description = HttpFileDownloader failed to download the file "hxxp://download.lenovo.com/ibmdl/pub/pc/pccbbs/lpupatches//PM.manifest.xml".

 Error message: Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht gefunden.

 

[ OSession Events ]

Error - 17.05.2012 03:18:03 | Computer Name = FRP-LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 85

 seconds with 60 seconds of active time.  This session ended with a crash.

 

Error - 17.05.2012 03:19:34 | Computer Name = FRP-LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 20

 seconds with 0 seconds of active time.  This session ended with a crash.

 

[ System Events ]

Error - 18.07.2012 15:09:23 | Computer Name = FRP-LAPTOP | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"

 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {1BE1F766-5536-11D1-B726-00C04FB926AF}

 

Error - 18.07.2012 15:10:34 | Computer Name = FRP-LAPTOP | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   ANC  avipbb  avkmgr  Fips  IBMTPCHK  intelppm  lenovo.smi  ssmdrv  TPHKDRV  TPPWRIF

 

Error - 18.07.2012 15:12:01 | Computer Name = FRP-LAPTOP | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "BITS"

 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {4991D34B-80A1-4291-83B6-3328366B9097}

 

Error - 20.07.2012 11:09:02 | Computer Name = FRP-LAPTOP | Source = Dhcp | ID = 1001

Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server

 für die  Netzwerkkarte mit der Netzwerkadresse 001F3C4BA4CD zugeteilt werden. Der

 folgende Fehler  ist aufgetreten:   %%1223.  Es wird weiterhin im Hintergrund versucht,

 eine Adresse vom  Netzwerkadressserver (DHCP) zugeteilt zu bekommen.

 

Error - 20.07.2012 18:19:12 | Computer Name = FRP-LAPTOP | Source = Dhcp | ID = 1001

Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server

 für die  Netzwerkkarte mit der Netzwerkadresse 001F3C4BA4CD zugeteilt werden. Der

 folgende Fehler  ist aufgetreten:   %%1223.  Es wird weiterhin im Hintergrund versucht,

 eine Adresse vom  Netzwerkadressserver (DHCP) zugeteilt zu bekommen.

 

Error - 20.07.2012 18:25:37 | Computer Name = FRP-LAPTOP | Source = Dhcp | ID = 1001

Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server

 für die  Netzwerkkarte mit der Netzwerkadresse 001F3C4BA4CD zugeteilt werden. Der

 folgende Fehler  ist aufgetreten:   %%1223.  Es wird weiterhin im Hintergrund versucht,

 eine Adresse vom  Netzwerkadressserver (DHCP) zugeteilt zu bekommen.

 

Error - 21.07.2012 00:01:41 | Computer Name = FRP-LAPTOP | Source = Dhcp | ID = 1001

Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server

 für die  Netzwerkkarte mit der Netzwerkadresse 001F3C4BA4CD zugeteilt werden. Der

 folgende Fehler  ist aufgetreten:   %%1223.  Es wird weiterhin im Hintergrund versucht,

 eine Adresse vom  Netzwerkadressserver (DHCP) zugeteilt zu bekommen.

 

Error - 22.07.2012 06:06:50 | Computer Name = FRP-LAPTOP | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"

 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {1BE1F766-5536-11D1-B726-00C04FB926AF}

 

Error - 22.07.2012 06:08:30 | Computer Name = FRP-LAPTOP | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"

 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {1BE1F766-5536-11D1-B726-00C04FB926AF}

 

Error - 22.07.2012 06:09:41 | Computer Name = FRP-LAPTOP | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   ANC  avipbb  avkmgr  Fips  IBMTPCHK  intelppm  lenovo.smi  ssmdrv  TPHKDRV  TPPWRIF

 

 

< End of report >

--- --- ---

Weiss man hierdurch eigentlich auch, wo/wie man sich den Trojaner geholt hat?

Danke für Deine Hilfe!

Viele Grüße,

FRP

Habe nun OTL nach Deinen Anweisungen durchgeführt. Bitte finde anbei die beiden txt. Dateien.

OTL txt:OTL Logfile:

Code:

OTL logfile created on: 22.07.2012 12:11:41 - Run 1

OTL by OldTimer - Version 3.2.54.0     Folder = C:\Dokumente und Einstellungen\FRP\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,96 Gb Total Physical Memory | 1,71 Gb Available Physical Memory | 87,24% Memory free

3,81 Gb Paging File | 3,74 Gb Available in Paging File | 98,04% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 24,41 Gb Total Space | 3,93 Gb Free Space | 16,09% Space Free | Partition Type: NTFS

Drive E: | 50,12 Gb Total Space | 49,63 Gb Free Space | 99,04% Space Free | Partition Type: NTFS

 

Computer Name: FRP-LAPTOP | User Name: FRP | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.07.22 12:00:47 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\FRP\Desktop\OTL.exe

PRC - [2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.04.04 07:53:56 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU

MOD - [2008.03.29 08:42:20 | 000,159,744 | ---- | M] () -- C:\Programme\Essentials Codec Pack\Haali\mmfinfo.dll

MOD - [2008.03.29 08:41:52 | 000,023,552 | ---- | M] () -- C:\Programme\Essentials Codec Pack\Haali\mkunicode.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)

SRV - [2012.07.12 16:39:57 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.07.06 21:02:29 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012.05.11 23:03:14 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2012.05.11 23:03:13 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2012.02.29 09:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012.01.22 18:37:17 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Stopped] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)

SRV - [2011.12.01 02:39:00 | 000,292,200 | ---- | M] (Lenovo.) [Auto | Stopped] -- C:\Programme\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc)

SRV - [2011.12.01 02:39:00 | 000,175,168 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe -- (PwmEWSvc)

SRV - [2011.12.01 02:39:00 | 000,069,632 | ---- | M] () [Auto | Stopped] -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)

SRV - [2011.10.24 22:32:00 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2011.10.20 12:21:22 | 000,244,800 | ---- | M] (Lenovo ) [Auto | Stopped] -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)

SRV - [2011.10.20 12:21:20 | 000,105,536 | ---- | M] (Lenovo ) [Auto | Stopped] -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)

SRV - [2011.07.25 23:14:00 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\System Update\SUService.exe -- (SUService)

SRV - [2011.07.12 17:53:48 | 000,131,432 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)

SRV - [2011.07.12 17:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)

SRV - [2011.07.12 17:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)

SRV - [2011.06.22 20:32:36 | 000,882,960 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Programme\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)

SRV - [2011.06.22 19:49:24 | 000,866,576 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)

SRV - [2011.06.22 19:30:38 | 000,481,552 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)

SRV - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Stopped] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)

SRV - [2008.03.04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)

SRV - [2007.09.26 17:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)

SRV - [2006.10.26 20:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] --  -- (Changer)

DRV - [2012.05.11 23:03:15 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2012.05.11 23:03:15 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2011.12.15 16:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)

DRV - [2011.12.01 02:39:00 | 000,025,968 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\DOZEHDD.SYS -- (DozeHDD)

DRV - [2011.12.01 02:39:00 | 000,012,144 | ---- | M] (Lenovo Group Limited) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)

DRV - [2011.08.30 20:52:30 | 000,004,224 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)

DRV - [2011.08.30 20:52:28 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)

DRV - [2011.03.29 20:14:08 | 000,122,992 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsX86.sys -- (Shockprf)

DRV - [2011.03.29 20:12:16 | 000,020,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsHM86.sys -- (TPDIGIMN)

DRV - [2010.10.07 06:11:38 | 006,609,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETwLx32.sys -- (NETwLx32)     Intel(R)

DRV - [2010.09.07 15:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\smiif32.sys -- (lenovo.smi)

DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2010.06.02 15:49:20 | 000,993,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)

DRV - [2010.06.02 15:49:20 | 000,738,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)

DRV - [2010.06.02 15:49:18 | 000,217,016 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)

DRV - [2010.05.19 23:15:04 | 000,013,952 | ---- | M] (Intel Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)

DRV - [2009.11.12 14:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)

DRV - [2007.02.19 07:56:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.funmoods.com/results.php?f=4&a=make&q={searchTerms}

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Funmoods Search

IE - HKCU\..\SearchScopes,DefaultScope = {0D7562AE-8EF6-416d-A838-AB665251703A}

IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.funmoods.com/?a=make&s={searchTerms}&f=4

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.selectedEngine: "eBay"

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig?hl=de&source=iglk"

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Itunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Programme\Veetle\plugins\npVeetle.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Programme\Veetle\Player\npvlc.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.07.06 21:02:31 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins

 

[2012.01.22 19:37:33 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\FRP\Anwendungsdaten\Mozilla\Extensions

[2012.07.05 10:54:33 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\FRP\Anwendungsdaten\Mozilla\Firefox\Profiles\rtc7bhtm.default\extensions

[2012.06.30 11:06:12 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Dokumente und Einstellungen\FRP\Anwendungsdaten\Mozilla\Firefox\Profiles\rtc7bhtm.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}

[2012.05.17 12:32:45 | 000,000,000 | ---D | M] (WOT) -- C:\Dokumente und Einstellungen\FRP\Anwendungsdaten\Mozilla\Firefox\Profiles\rtc7bhtm.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

[2012.03.17 21:11:30 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Dokumente und Einstellungen\FRP\Anwendungsdaten\Mozilla\Firefox\Profiles\rtc7bhtm.default\extensions\ffxtlbr@funmoods.com

[2012.05.17 12:32:45 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Dokumente und Einstellungen\FRP\Anwendungsdaten\Mozilla\Firefox\Profiles\rtc7bhtm.default\extensions\ich@maltegoetz.de

[2012.03.17 21:11:04 | 000,001,798 | ---- | M] () -- C:\Dokumente und Einstellungen\FRP\Anwendungsdaten\Mozilla\Firefox\Profiles\rtc7bhtm.default\searchplugins\funmoods.xml

[2012.01.22 18:36:51 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012.01.22 20:39:28 | 000,434,392 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\FRP\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\RTC7BHTM.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI

[2012.06.23 08:50:42 | 000,109,964 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\FRP\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\RTC7BHTM.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI

[2012.07.06 21:02:30 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll

[2012.03.14 09:50:11 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.03.14 09:50:11 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml

[2012.03.14 09:50:11 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml

[2012.03.14 09:50:11 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.03.14 09:50:11 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.03.14 09:50:11 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2001.08.18 21:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Programme\Funmoods\funmoods\1.5.11.16\bh\funmoods.dll (Funmoods BHO)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (Funmoods Toolbar) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Programme\Funmoods\funmoods\1.5.11.16\funmoodsTlbr.dll (Funmoods)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )

O4 - HKLM..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )

O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found

O4 - HKLM..\Run: [LenovoAutoScrollUtility] C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [LPMailChecker] C:\Programme\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)

O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)

O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WISO Mein Steuer-Sparbuch heute.lnk = C:\Programme\WISO\Steuersoftware 2012\mshaktuell.exe ()

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect.cab (IASRunner Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)

O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)

O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4BCABEF6-AF06-489A-B838-877C67C5AD32}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\ACNotify: DllName - (ACNotify.dll) - C:\Programme\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2012.01.22 17:36:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site

ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - DOTNETFRAMEWORKS

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung

ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

 

NetSvcs: 6to4 -  File not found

NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found

NetSvcs: Ias -  File not found

NetSvcs: Iprip -  File not found

NetSvcs: Irmon -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: WmdmPmSp -  File not found

 

 

CREATERESTOREPOINT

Unable to start System Restore Service. Error code 10

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.07.22 12:00:34 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\FRP\Desktop\OTL.exe

[2012.07.16 22:06:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\FRP\Anwendungsdaten\Malwarebytes

[2012.07.16 22:06:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware

[2012.07.16 22:06:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2012.07.16 22:06:14 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012.07.16 22:06:14 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2012.07.16 22:04:54 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC

[2012.07.16 22:01:12 | 010,652,120 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\FRP\Desktop\mbam-setup-1[1].62.0.1300.exe

[2012.07.15 19:48:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\FRP\Anwendungsdaten\Funmoods

[2012.07.15 18:33:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\FRP\Startmenü\Programme\Live Security Platinum

[2012.07.15 18:31:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\036DFF980000E4183B5E297D7B07D287

[2012.07.08 12:01:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\FRP\Anwendungsdaten\Buhl Data Service

[2012.07.08 12:01:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\FRP\Lokale Einstellungen\Anwendungsdaten\Buhl Data Service

[2012.07.08 12:00:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\FRP\Eigene Dateien\Steuer-Sparbuch

[2012.07.08 10:15:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\FRP\Eigene Dateien\Mein Steuer-Sparbuch Heute

[2012.07.08 10:15:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\FRP\Lokale Einstellungen\Anwendungsdaten\Buhl

[2012.07.08 10:14:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\WISO Steuer-Sparbuch 2012

[2012.07.08 10:13:07 | 000,000,000 | ---D | C] -- C:\Programme\WISO

[2012.07.08 10:12:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH

[2012.07.01 18:47:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\FRP\Startmenü\Programme\IrfanView

[2012.07.01 18:47:43 | 000,000,000 | ---D | C] -- C:\Programme\IrfanView

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.07.22 12:12:05 | 000,544,064 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2012.07.22 12:12:05 | 000,495,518 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012.07.22 12:12:05 | 000,110,936 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2012.07.22 12:12:05 | 000,084,106 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012.07.22 12:09:34 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012.07.22 12:08:02 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012.07.22 12:07:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012.07.22 12:00:47 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\FRP\Desktop\OTL.exe

[2012.07.18 21:04:45 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job

[2012.07.18 12:01:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job

[2012.07.18 11:39:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012.07.17 22:30:21 | 000,396,651 | ---- | M] () -- C:\Dokumente und Einstellungen\FRP\Desktop\Paschun-Paetke, Petra-Maria - Einkommensteuererklärung - An das Finanzamt.pdf

[2012.07.17 22:30:21 | 000,203,511 | ---- | M] () -- C:\Dokumente und Einstellungen\FRP\Desktop\Paschun-Paetke, Petra-Maria.s12.$$$

[2012.07.17 22:30:21 | 000,203,511 | ---- | M] () -- C:\Dokumente und Einstellungen\FRP\Desktop\Paschun-Paetke, Petra-Maria.s12

[2012.07.17 22:30:21 | 000,000,092 | ---- | M] () -- C:\Dokumente und Einstellungen\FRP\Desktop\Paschun-Paetke, Petra-Maria.s12.lck

[2012.07.17 22:23:40 | 000,000,790 | ---- | M] () -- C:\WINDOWS\wiso.ini

[2012.07.16 22:13:32 | 000,467,726 | ---- | M] () -- C:\Dokumente und Einstellungen\FRP\Desktop\Paschun-Paetke, Petra-Maria - Einkommensteuererklärung - Meine Kopie.pdf

[2012.07.16 22:10:54 | 002,359,350 | ---- | M] () -- C:\Dokumente und Einstellungen\FRP\Desktop\Screensot Elster.bmp

[2012.07.16 22:06:16 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.07.16 22:01:28 | 010,652,120 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\FRP\Desktop\mbam-setup-1[1].62.0.1300.exe

[2012.07.16 21:58:37 | 000,000,335 | ---- | M] () -- C:\Dokumente und Einstellungen\FRP\Desktop\FixExe.reg

[2012.07.08 10:29:05 | 000,000,512 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job

[2012.07.08 10:14:54 | 000,001,724 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WISO Mein Steuer-Sparbuch heute.lnk

[2012.07.08 10:14:54 | 000,001,698 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WISO Steuer-Sparbuch 2012.lnk

[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.07.17 22:22:52 | 000,203,511 | ---- | C] () -- C:\Dokumente und Einstellungen\FRP\Desktop\Paschun-Paetke, Petra-Maria.s12.$$$

[2012.07.17 22:22:52 | 000,000,092 | ---- | C] () -- C:\Dokumente und Einstellungen\FRP\Desktop\Paschun-Paetke, Petra-Maria.s12.lck

[2012.07.17 22:22:48 | 000,203,511 | ---- | C] () -- C:\Dokumente und Einstellungen\FRP\Desktop\Paschun-Paetke, Petra-Maria.s12

[2012.07.16 22:13:31 | 000,467,726 | ---- | C] () -- C:\Dokumente und Einstellungen\FRP\Desktop\Paschun-Paetke, Petra-Maria - Einkommensteuererklärung - Meine Kopie.pdf

[2012.07.16 22:12:08 | 000,396,651 | ---- | C] () -- C:\Dokumente und Einstellungen\FRP\Desktop\Paschun-Paetke, Petra-Maria - Einkommensteuererklärung - An das Finanzamt.pdf

[2012.07.16 22:10:54 | 002,359,350 | ---- | C] () -- C:\Dokumente und Einstellungen\FRP\Desktop\Screensot Elster.bmp

[2012.07.16 22:06:16 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.07.16 21:57:57 | 000,000,335 | ---- | C] () -- C:\Dokumente und Einstellungen\FRP\Desktop\FixExe.reg

[2012.07.08 10:15:16 | 000,000,790 | ---- | C] () -- C:\WINDOWS\wiso.ini

[2012.07.08 10:14:54 | 000,001,724 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WISO Mein Steuer-Sparbuch heute.lnk

[2012.07.08 10:14:54 | 000,001,698 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WISO Steuer-Sparbuch 2012.lnk

[2012.05.18 23:26:50 | 000,520,056 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat

[2012.03.20 23:11:57 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2012.03.17 21:13:42 | 000,198,950 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1960408961-1482476501-839522115-1003-0.dat

[2012.03.17 21:13:41 | 000,198,950 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat

[2012.03.16 22:40:48 | 000,005,120 | ---- | C] () -- C:\Dokumente und Einstellungen\FRP\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.02.12 23:31:43 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll

[2012.02.09 10:48:17 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012.01.22 23:41:16 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys

[2012.01.22 21:36:15 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys

[2012.01.22 19:54:51 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\syndata.bin

[2012.01.22 19:41:45 | 001,498,560 | ---- | C] () -- C:\WINDOWS\System32\igkrng400.bin

[2012.01.22 18:30:12 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2012.01.22 18:29:15 | 000,189,792 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012.01.22 17:37:49 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2012.01.22 17:33:22 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

 
 ========== LOP Check ==========

 

[2012.07.15 18:33:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\036DFF980000E4183B5E297D7B07D287

[2012.07.08 12:25:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH

[2012.03.17 21:34:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Freemake

[2012.03.27 22:19:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lenovo

[2012.01.22 22:20:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCDr

[2012.02.14 22:37:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2012.02.14 23:01:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\FRP\Anwendungsdaten\Amazon

[2012.07.08 12:01:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\FRP\Anwendungsdaten\Buhl Data Service

[2012.07.15 19:48:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\FRP\Anwendungsdaten\Funmoods

[2012.03.27 22:20:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\FRP\Anwendungsdaten\Lenovo

[2012.01.22 23:05:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\FRP\Anwendungsdaten\PCDr

[2012.02.12 23:31:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\FRP\Anwendungsdaten\pdfforge

[2012.01.22 23:06:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\FRP\Anwendungsdaten\PwrMgr

[2012.01.22 18:38:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\FRP\Anwendungsdaten\TeamViewer

[2012.01.22 22:16:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\FRP\Anwendungsdaten\Update

[2012.01.22 21:48:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\FRP\Anwendungsdaten\Windows Desktop Search

[2012.01.22 21:53:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\FRP\Anwendungsdaten\Windows Search

[2012.07.08 10:29:05 | 000,000,512 | ---- | M] () -- C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job

[2012.07.18 21:04:45 | 000,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job

[2012.07.18 12:01:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\SystemToolsDailyTest.job

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %SYSTEMDRIVE%\*. >

[2012.01.22 17:40:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen

[2012.01.22 19:55:30 | 000,000,000 | ---D | M] -- C:\DRIVERS

[2012.01.22 19:41:36 | 000,000,000 | ---D | M] -- C:\Intel

[2012.01.22 21:10:45 | 000,000,000 | RH-D | M] -- C:\MSOCache

[2012.01.22 19:44:30 | 000,000,000 | ---D | M] -- C:\OSFIXES

[2012.07.16 22:06:14 | 000,000,000 | R--D | M] -- C:\Programme

[2012.01.22 18:42:49 | 000,000,000 | -HSD | M] -- C:\RECYCLER

[2012.01.22 20:01:16 | 000,000,000 | ---D | M] -- C:\swtools

[2012.01.22 18:27:27 | 000,000,000 | -HSD | M] -- C:\System Volume Information

[2012.07.16 22:04:54 | 000,000,000 | ---D | M] -- C:\WINDOWS

 
 < %PROGRAMFILES%\*.exe >

Invalid Environment Variable: LOCALAPPDATA

 
 < %systemroot%\*. /mp /s >

 
 < MD5 for: AGP440.SYS  >

[2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

[2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys

[2008.04.14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008.04.14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

 
 < MD5 for: ATAPI.SYS  >

[2002.08.29 03:52:58 | 010,180,476 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys

[2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys

[2002.08.29 01:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

 
 < MD5 for: EVENTLOG.DLL  >

[2008.04.14 08:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008.04.14 08:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll

[2002.08.29 03:43:22 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=B9358A1FB66CF656328FD8B792B2CCC4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

 
 < MD5 for: EXPLORER.EXE  >

[2002.08.29 03:43:36 | 001,007,104 | ---- | M] (Microsoft Corporation) MD5=22B0A56E6C5847292437078B484EC61B -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

[2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe

[2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

 
 < MD5 for: NETLOGON.DLL  >

[2008.04.14 08:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008.04.14 08:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll

[2002.08.29 03:43:26 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=BCA549B21E651111CE7BAD0FC8C45F4B -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

 
 < MD5 for: SCECLI.DLL  >

[2008.04.14 08:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008.04.14 08:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll

[2002.08.29 03:43:30 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=ADD49C10F5DADFA81912D124FE1C9A99 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2008.04.14 08:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll

[2008.04.14 08:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll

[2002.08.29 03:43:32 | 000,561,664 | ---- | M] (Microsoft Corporation) MD5=E3DAFFDB1C86C1AEAC1B205F6CF67009 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.04.14 08:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe

[2008.04.14 08:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe

[2002.08.29 03:43:42 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=BEBD3F08461F9A88E5ABCE0CB9707000 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2002.08.29 03:43:42 | 000,521,728 | ---- | M] (Microsoft Corporation) MD5=616896B708286DA98D6A099293F181D7 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2008.04.14 08:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

[2008.04.14 08:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2001.08.18 21:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys

[2001.08.18 21:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2012.01.22 19:28:25 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav

[2012.01.22 19:28:25 | 000,630,784 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav

[2012.01.22 19:28:25 | 000,421,888 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

 
 < %systemroot%\system32\*.dll /lockedfiles >

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

 
 < %USERPROFILE%\*.* >

[2012.07.22 12:06:51 | 003,145,728 | -H-- | M] () -- C:\Dokumente und Einstellungen\FRP\NTUSER.DAT

[2012.07.22 12:12:30 | 000,126,976 | -H-- | M] () -- C:\Dokumente und Einstellungen\FRP\ntuser.dat.LOG

[2012.07.22 12:06:51 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\FRP\ntuser.ini

 
 < %USERPROFILE%\Local Settings\Temp\*.exe >

 
 < %USERPROFILE%\Local Settings\Temp\*.dll >

 
 < %USERPROFILE%\Application Data\*.exe >

 
 < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2012.04.11 15:51:18 | 001,862,400 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 

< End of report >

--- --- ---

und Extras.txt:OTL Logfile:

Code:

OTL Extras logfile created on: 22.07.2012 12:11:41 - Run 1

OTL by OldTimer - Version 3.2.54.0     Folder = C:\Dokumente und Einstellungen\FRP\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,96 Gb Total Physical Memory | 1,71 Gb Available Physical Memory | 87,24% Memory free

3,81 Gb Paging File | 3,74 Gb Available in Paging File | 98,04% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 24,41 Gb Total Space | 3,93 Gb Free Space | 16,09% Space Free | Partition Type: NTFS

Drive E: | 50,12 Gb Total Space | 49,63 Gb Free Space | 99,04% Space Free | Partition Type: NTFS

 

Computer Name: FRP-LAPTOP | User Name: FRP | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Programme\Veetle\Player\VeetleNet.exe" = C:\Programme\Veetle\Player\VeetleNet.exe:*:Enabled:VeetleNet -- ()

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Programme\TeamViewer\Version7\TeamViewer.exe" = C:\Programme\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)

"C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe" = C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)

"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)

"C:\Programme\Veetle\Player\VeetleNet.exe" = C:\Programme\Veetle\Player\VeetleNet.exe:*:Enabled:VeetleNet -- ()

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012

"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{24E92E7A-6848-4747-A3EA-3AAC0576BE52}" = Lenovo Patch Utility

"{26A24AE4-039D-4CA4-87B4-2F83217002FF}" = Java(TM) 7 Update 2

"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3FE3D6A5-2F5E-4870-A3AC-D1D88E0B2797}" = Intel(R) PROSet/Wireless WiFi-Software

"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP

"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections

"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support

"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update

"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007

"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)

"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Energie-Manager

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch

"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU

"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU

"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center

"{D728E945-256D-4477-B377-6BBA693714AC}" = Ergänzung zu Productivity Center für ThinkPad

"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8

"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack

"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9

"Avira AntiVir Desktop" = Avira Free Antivirus

"CCleaner" = CCleaner

"CNXT_MODEM_HDA_HSF" = ThinkPad Modem

"ENTERPRISE" = Microsoft Office Enterprise 2007

"funmoods" = Funmoods on IE and Chrome

"HDMI" = Intel(R) Graphics Media Accelerator Driver

"IrfanView" = IrfanView (remove only)

"LENOVO.SMIIF" = Lenovo System Interface Driver

"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility

"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack

"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"OnScreenDisplay" = Anzeige am Bildschirm

"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox

"Picasa 3" = Picasa 3

"Power Management Driver" = ThinkPad Power Management Driver

"ProInst" = Intel PROSet Wireless

"PROSet" = Intel(R) Network Connections Drivers

"SynTPDeinstKey" = ThinkPad UltraNav Driver

"TeamViewer 7" = TeamViewer 7

"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier

"Veetle TV" = Veetle TV

"VLC media player" = VLC media player 1.1.11

"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 2.3d

"Windows Media Encoder 9" = Windows Media Encoder 9 Series

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinRAR archiver" = WinRAR 4.10 (32-Bit)

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 17.07.2012 16:32:15 | Computer Name = FRP-LAPTOP | Source = Outlook | ID = 35

Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet

 (Fehler=0x8007043c).

 

Error - 17.07.2012 16:32:15 | Computer Name = FRP-LAPTOP | Source = Outlook | ID = 35

Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet

 (Fehler=0x8007043c).

 

Error - 17.07.2012 16:32:16 | Computer Name = FRP-LAPTOP | Source = Outlook | ID = 35

Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet

 (Fehler=0x8007043c).

 

Error - 17.07.2012 16:32:16 | Computer Name = FRP-LAPTOP | Source = Outlook | ID = 35

Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet

 (Fehler=0x8007043c).

 

Error - 18.07.2012 15:14:06 | Computer Name = FRP-LAPTOP | Source = PC-Doctor | ID = 1

Description = (688) Asapi: (21:14:06:7650)(688) libKernelMode.ServiceManager - Error

 -- 641 Error 0x43c starting service 0: (Error#:1084) : Der Dienst kann nicht im

 abgesicherten Modus gestartet werden. 

 

Error - 18.07.2012 15:14:06 | Computer Name = FRP-LAPTOP | Source = PC-Doctor | ID = 1

Description = (688) Asapi: (21:14:06:9210)(688) libKernelMode.ServiceManager - Error

 -- 563 Service must be started before accessing driver 

 

Error - 18.07.2012 15:14:06 | Computer Name = FRP-LAPTOP | Source = PC-Doctor | ID = 1

Description = (688) Asapi: (21:14:06:9210)(688) libKernelMode.MemDriver - Error 

-- 72 Error reading physical memory: 0x0 

 

Error - 18.07.2012 15:14:06 | Computer Name = FRP-LAPTOP | Source = PC-Doctor | ID = 1

Description = (688) Asapi: (21:14:06:9210)(688) libPreEnumOem.SystemEnumerator -

 Error -- 92 SMBIOS total memory size is wrong - accessible physical memory is greater

 than installed memory. Falling back to Microsoft provided memory metric. *** Memory

 Metric Summary *** Total Physical Memory   (Windows) : 2006.22 MB Total Physical 

Memory   (SMBIOS)  : 0.00 MB  

 

Error - 18.07.2012 15:14:07 | Computer Name = FRP-LAPTOP | Source = PC-Doctor | ID = 1

Description = (688) Asapi: (21:14:07:4680)(688) CSPinvoke - Error -- 461 Exception

 in C# layer (asapicsharp_wrap.cxx, line 45000; threadid = 812): License authentication

 result = FAIL; reasons = SMBIOS_CHECK Stack Trace: file: Common.dll   instruction 

offset: 000A75A5  file: Asapi.dll   instruction offset: 000826A9  file: Asapi.dll   instruction

 offset: 000867C1  file: ??????????????????U?    instruction offset: 0000A30B  file: ??????????????????U?
 

  instruction offset: 0000AF75  file: ??????????????????U?    instruction offset: 0000AC57
 

file:

 ??????????????????U?    instruction offset: 0000C0BD  file: ??????????????????U?    instruction

 offset: 00004357  file: ??????????????????U?    instruction offset: 0000417B  file: mscorlib.ni.dll
 

  instruction offset: 0022043F  file: mscorlib.ni.dll   instruction offset: 00216F34
 

file:

 mscorwks.dll   instruction offset: 00001B4C  file: mscorwks.dll   instruction offset:

 0001969E  file: mscorwks.dll   instruction offset: 00026D21  file: mscorwks.dll   instruction

 offset: 00026D54  file: mscorwks.dll   instruction offset: 00026D72  file: mscorwks.dll
 

  instruction offset: 0011834F  file: mscorwks.dll   instruction offset: 0002CB0F  file:

 mscorwks.dll   instruction offset: 0002CAAB  file: mscorwks.dll   instruction offset:

 0002C9D1  file: mscorwks.dll   instruction offset: 0002CB5D  file: mscorwks.dll   instruction

 offset: 00118120  file: mscorwks.dll   instruction offset: 001181FA  file: mscorwks.dll
 

  instruction offset: 0009E235  file: KERNEL32.dll   instruction offset: 0000B729  (end

 stack trace) ***** NOTE *****: Use stacktraceparser.exe to translate the instruction

 offsets into function names.  

 

Error - 18.07.2012 15:14:09 | Computer Name = FRP-LAPTOP | Source = PC-Doctor | ID = 1

Description = (688) Asapi: (21:14:09:3590)(688) CSPinvoke - Error -- 461 Exception

 in C# layer (asapicsharp_wrap.cxx, line 43806; threadid = 812): License authentication

 result = FAIL; reasons = SMBIOS_CHECK Stack Trace: file: Common.dll   instruction 

offset: 000A75A5  file: Asapi.dll   instruction offset: 000826A9  file: asapicsharp.dll
 

  instruction offset: 0007AFF4  file: ??????????????????U?    instruction offset: 0000282F
 

file:

 ??????????????????U?    instruction offset: 00000528  file: ??????????????????U?    instruction

 offset: 000044A2  file: ??????????????????U?    instruction offset: 0000417B  file: mscorlib.ni.dll
 

  instruction offset: 0022043F  file: mscorlib.ni.dll   instruction offset: 00216F34
 

file:

 mscorwks.dll   instruction offset: 00001B4C  file: mscorwks.dll   instruction offset:

 0001969E  file: mscorwks.dll   instruction offset: 00026D21  file: mscorwks.dll   instruction

 offset: 00026D54  file: mscorwks.dll   instruction offset: 00026D72  file: mscorwks.dll
 

  instruction offset: 0011834F  file: mscorwks.dll   instruction offset: 0002CB0F  file:

 mscorwks.dll   instruction offset: 0002CAAB  file: mscorwks.dll   instruction offset:

 0002C9D1  file: mscorwks.dll   instruction offset: 0002CB5D  file: mscorwks.dll   instruction

 offset: 00118120  file: mscorwks.dll   instruction offset: 001181FA  file: mscorwks.dll
 

  instruction offset: 0009E235  file: KERNEL32.dll   instruction offset: 0000B729  (end

 stack trace) ***** NOTE *****: Use stacktraceparser.exe to translate the instruction

 offsets into function names.  

 

[ Lenovo-Lenovo Patch Utility/Admin Events ]

Error - 01.07.2012 12:49:01 | Computer Name = FRP-LAPTOP | Source = Lenovo Patch Utility | ID = 1

Description = HttpFileDownloader failed to download the file "hxxp://download.lenovo.com/ibmdl/pub/pc/pccbbs/lpupatches//PM.manifest.xml".

 Error message: Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht gefunden.

 

[ OSession Events ]

Error - 17.05.2012 03:18:03 | Computer Name = FRP-LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 85

 seconds with 60 seconds of active time.  This session ended with a crash.

 

Error - 17.05.2012 03:19:34 | Computer Name = FRP-LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 20

 seconds with 0 seconds of active time.  This session ended with a crash.

 

[ System Events ]

Error - 18.07.2012 15:09:23 | Computer Name = FRP-LAPTOP | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"

 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {1BE1F766-5536-11D1-B726-00C04FB926AF}

 

Error - 18.07.2012 15:10:34 | Computer Name = FRP-LAPTOP | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   ANC  avipbb  avkmgr  Fips  IBMTPCHK  intelppm  lenovo.smi  ssmdrv  TPHKDRV  TPPWRIF

 

Error - 18.07.2012 15:12:01 | Computer Name = FRP-LAPTOP | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "BITS"

 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {4991D34B-80A1-4291-83B6-3328366B9097}

 

Error - 20.07.2012 11:09:02 | Computer Name = FRP-LAPTOP | Source = Dhcp | ID = 1001

Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server

 für die  Netzwerkkarte mit der Netzwerkadresse 001F3C4BA4CD zugeteilt werden. Der

 folgende Fehler  ist aufgetreten:   %%1223.  Es wird weiterhin im Hintergrund versucht,

 eine Adresse vom  Netzwerkadressserver (DHCP) zugeteilt zu bekommen.

 

Error - 20.07.2012 18:19:12 | Computer Name = FRP-LAPTOP | Source = Dhcp | ID = 1001

Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server

 für die  Netzwerkkarte mit der Netzwerkadresse 001F3C4BA4CD zugeteilt werden. Der

 folgende Fehler  ist aufgetreten:   %%1223.  Es wird weiterhin im Hintergrund versucht,

 eine Adresse vom  Netzwerkadressserver (DHCP) zugeteilt zu bekommen.

 

Error - 20.07.2012 18:25:37 | Computer Name = FRP-LAPTOP | Source = Dhcp | ID = 1001

Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server

 für die  Netzwerkkarte mit der Netzwerkadresse 001F3C4BA4CD zugeteilt werden. Der

 folgende Fehler  ist aufgetreten:   %%1223.  Es wird weiterhin im Hintergrund versucht,

 eine Adresse vom  Netzwerkadressserver (DHCP) zugeteilt zu bekommen.

 

Error - 21.07.2012 00:01:41 | Computer Name = FRP-LAPTOP | Source = Dhcp | ID = 1001

Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server

 für die  Netzwerkkarte mit der Netzwerkadresse 001F3C4BA4CD zugeteilt werden. Der

 folgende Fehler  ist aufgetreten:   %%1223.  Es wird weiterhin im Hintergrund versucht,

 eine Adresse vom  Netzwerkadressserver (DHCP) zugeteilt zu bekommen.

 

Error - 22.07.2012 06:06:50 | Computer Name = FRP-LAPTOP | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"

 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {1BE1F766-5536-11D1-B726-00C04FB926AF}

 

Error - 22.07.2012 06:08:30 | Computer Name = FRP-LAPTOP | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"

 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {1BE1F766-5536-11D1-B726-00C04FB926AF}

 

Error - 22.07.2012 06:09:41 | Computer Name = FRP-LAPTOP | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   ANC  avipbb  avkmgr  Fips  IBMTPCHK  intelppm  lenovo.smi  ssmdrv  TPHKDRV  TPPWRIF

 

 

< End of report >

--- --- ---

Weiss man hierdurch eigentlich auch, wo/wie man sich den Trojaner geholt hat?

Danke für Deine Hilfe!

Viele Grüße,

FRP