Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Fund: TR/ATRAPS.Gen2 BDS/ZAccess.T und .v über Avira nicht zu beheben (https://www.trojaner-board.de/121732-fund-tr-atraps-gen2-bds-zaccess-t-v-avira-beheben.html)

Kalinewirsch 10.08.2012 14:29

Fund: TR/ATRAPS.Gen2 BDS/ZAccess.T und .v über Avira nicht zu beheben
 
Hallo,
ich habe folgende Hinweise auf gefährliche Funde erhalten und bitte um Hilfe.
Leider habt ihr es mit einem ziemlich ahnungslosen Anwender zu tun.

Begonnen hat das Problem mit den ständigen Hinweisen von Avira auf einen Fund TR/ATRAPS.Gen2 sowie BDS/ZAccess.T und aktuell BDS/ZAccess.v die sich nicht in Quaratäne verschieben ließen.

Meine bisherigen Recherchen hierzu lauteten auf System neu aufsetzen.
Da ich das nicht einfach so verstehe und mir auch nicht genau vorstellen kann wie ich die vorhandenen Daten und Programme erhalte oder wiederherstelle benötige ich weitergehende Hilfe, wenn das möglich ist.

Hier nun das Ergebnis nach dem Anti Malware scan.

Vielen Dank schon mal.
Kalinewirsch

Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.10.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: LENOVO-6E136213 [Administrator]

Schutz: Aktiviert

10.08.2012 14:55:03
mbam-log-2012-08-10 (14-55-03).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 191022
Laufzeit: 14 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 1
HKCR\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32| (Trojan.Zaccess) -> Bösartig: (\\.\globalroot\systemroot\Installer\{5fbfaf52-88c9-271c-da90-34e44d37be18}\n.) Gut: (wbemess.dll) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\System32\rundll32.exe (Trojan.Phex.THAGen3) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\System32\svchost.exe (Trojan.Phex.THAGen3) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\WINDOWS\Installer\{5fbfaf52-88c9-271c-da90-34e44d37be18}\n (Trojan.Dropper.PE4) -> Löschen bei Neustart.
C:\WINDOWS\Installer\{5fbfaf52-88c9-271c-da90-34e44d37be18}\U\800000cb.@ (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Kalinewirsch 14.08.2012 21:49

Hallo Zusammen,
inzwischen habe ich auch die Anleitung zu Ende gelesen, Entschuldigung!

Die Anhänge habe ich an diese Antwort gehängt.

Bitte schaut doch, ob ihr helfen könnt.

Vielen Dank

cosinus 17.08.2012 17:06

Bitte erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

Kalinewirsch 18.08.2012 12:27

Hallo Cosinus,
danke für deine Antwort. Zunächst die logs der Scans mit Malwarebytes.
Dann versuche ich deiner Anleitung weiter zu folgen.
Bis dahin schöne Grüße

cosinus 18.08.2012 14:11

Die Logs solltest du nicht als Anhang posten, sondern hier direkt in den Beitrag in CODE-Tags

Kalinewirsch 19.08.2012 21:18

Hallo Cosinus,
tut mir leid, ich hatte da nicht richtig verstanden.

Code:

Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.17.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: LENOVO-6E136213 [Administrator]

Schutz: Aktiviert

18.08.2012 08:54:37
mbam-log-2012-08-18 (08-54-37).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 276170
Laufzeit: 2 Stunde(n), 58 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Programme\Lenovo\System Update\session\tvsutemp\tvtrnr42_1016hk\localecode.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Programme\Lenovo\System Update\session\tvsutemp\tvtrnr42_1016tc\localecode.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\System Volume Information\_restore{B991F27A-883F-42A9-A172-EAAB1D37FFFA}\RP111\A0038432.exe (Trojan.Phex.THAGen3) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\System Volume Information\_restore{B991F27A-883F-42A9-A172-EAAB1D37FFFA}\RP113\A0038810.exe (Trojan.Phex.THAGen3) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Code:

Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.17.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: LENOVO-6E136213 [Administrator]

Schutz: Aktiviert

18.08.2012 08:54:37
mbam-log-2012-08-18 (08-54-37).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 276170
Laufzeit: 2 Stunde(n), 58 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Programme\Lenovo\System Update\session\tvsutemp\tvtrnr42_1016hk\localecode.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Programme\Lenovo\System Update\session\tvsutemp\tvtrnr42_1016tc\localecode.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\System Volume Information\_restore{B991F27A-883F-42A9-A172-EAAB1D37FFFA}\RP111\A0038432.exe (Trojan.Phex.THAGen3) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\System Volume Information\_restore{B991F27A-883F-42A9-A172-EAAB1D37FFFA}\RP113\A0038810.exe (Trojan.Phex.THAGen3) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Code:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c84be3ffb0195647bf1584bb53a6fff9
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-18 03:59:16
# local_time=2012-08-18 05:59:16 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1792 16777175 100 0 7082152 7082152 0 0
# compatibility_mode=8192 67108863 100 0 441 441 0 0
# scanned=88001
# found=2
# cleaned=0
# scan_time=15563
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\SKLP5CSJ\main[1].htm        JS/Kryptik.RK Trojaner (Säubern nicht möglich)        00000000000000000000000000000000        I
C:\WINDOWS\Installer\{5fbfaf52-88c9-271c-da90-34e44d37be18}\U\80000000.@        Variante von Win32/Sirefef.FA Trojaner (Säubern nicht möglich)        00000000000000000000000000000000        I

Also nochmals vielen Dank für deine Unterstützung.

cosinus 20.08.2012 21:38

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Kalinewirsch 21.08.2012 21:13

Hallo Cosinus,

die Datei des ADW Cleaner Suchlaufs hänge ich an.


Code:

AdwCleaner v1.801 - Logfile created 08/21/2012 at 22:07:26
# Updated 14/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - LENOVO-6E136213
# Boot Mode : Normal
# Running from : C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Programme\Ask.com
Folder Found : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Found : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

***** [Registry] *****

Key Found : HKCU\Software\APN
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKLM\SOFTWARE\APN
Key Found : HKLM\SOFTWARE\AskToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [2726 octets] - [21/08/2012 22:07:26]

########## EOF - C:\AdwCleaner[R1].txt - [2854 octets] ##########

Bin auf die Antwort und die Lösung meines Problemes gespannt.
Vielen Dank schon mal und bis bald

cosinus 30.08.2012 12:42

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

Kalinewirsch 31.08.2012 21:25

Hallo Cosinus,
die Logdatei des AdwCleaners:
Code:

# AdwCleaner v2.000 - Datei am 08/31/2012 um 22:05:19 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : Administrator - LENOVO-6E136213
# Normaler Modus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
Ordner Gelöscht : C:\Programme\Ask.com
Ordner Gelöscht : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.18702

Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

*************************

AdwCleaner[S1].txt - [3471 octets] - [31/08/2012 22:05:19]

########## EOF - C:\AdwCleaner[S1].txt - [3531 octets] ##########

Wie geht es weiter?
Schöne Grüße

cosinus 01.09.2012 10:26

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Kalinewirsch 01.09.2012 20:57

Hallo Cosinus,
es fehlt anscheinend kein Programm. Was meinst mit "der normale Modus von Windows"
Ich hatte keinerlei Einschränkungen bei dem "Befall". Es gab sichtbar lediglich die ständige Meldung von Avira. Avira war allerdings nicht in der Lage den Fund in Quarantäne zu verschieben. Alle Infos die ich zu der Meldung passend gefunden hatten waren umfangreiche Warnungen.
Es waren allerdings mehrmalige Neustarts erforderlich, weil sich die "Maus" immer aufgehängt hat also unbeweglich war. Das scheint wieder ok zu sein. (Zufall?)
Kannst du mir sagen was los ist oder war? Ist jetzt alles erledigt?
Vielen Dank und schöne Grüße

cosinus 03.09.2012 15:45

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT


Kalinewirsch 04.09.2012 21:35

Hallo Cosinus, die .txt:
Code:

OTL logfile created on: 04.09.2012 21:54:10 - Run 2
OTL by OldTimer - Version 3.2.60.0    Folder = C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1014,42 Mb Total Physical Memory | 347,34 Mb Available Physical Memory | 34,24% Memory free
2,38 Gb Paging File | 1,71 Gb Available in Paging File | 71,57% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 67,99 Gb Total Space | 32,04 Gb Free Space | 47,12% Space Free | Partition Type: NTFS
 
Computer Name: LENOVO-6E136213 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.04 21:51:25 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads\OTL(1).exe
PRC - [2012.08.08 15:26:58 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.05.28 13:01:00 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Real\RealPlayer\Update\realsched.exe
PRC - [2012.05.04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2012.05.03 13:39:48 | 001,302,072 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psia.exe
PRC - [2012.05.03 13:39:48 | 000,681,016 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\sua.exe
PRC - [2012.05.03 13:39:46 | 000,562,232 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psi_tray.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.01.31 19:35:30 | 000,892,928 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
PRC - [2012.01.17 11:07:54 | 000,252,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2011.05.26 19:43:12 | 000,328,040 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011.04.20 10:04:40 | 000,130,920 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\tphkload.exe
PRC - [2011.04.07 16:41:32 | 000,138,680 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe
PRC - [2011.03.29 13:41:08 | 000,064,952 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2010.12.21 02:07:48 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2010.11.29 16:32:44 | 000,069,560 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2010.04.01 14:50:44 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe
PRC - [2009.02.23 12:48:50 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.03.04 10:34:20 | 000,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
PRC - [2008.03.04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) -- c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
PRC - [2007.11.29 20:04:00 | 000,059,168 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2007.08.03 16:10:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007.07.05 15:05:04 | 000,065,536 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2007.07.05 15:04:18 | 000,114,688 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2007.07.05 15:03:32 | 000,184,320 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2007.07.05 14:58:40 | 000,413,696 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2007.07.05 14:51:48 | 000,126,976 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2007.04.16 11:17:58 | 000,487,424 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2007.02.27 17:43:30 | 000,561,213 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe
PRC - [2007.02.27 17:35:04 | 000,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2007.02.08 13:11:32 | 000,569,344 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2007.02.08 13:00:06 | 000,022,016 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Lenovo\Logger\logmon.exe
PRC - [2007.02.08 11:40:16 | 000,045,056 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe
PRC - [2007.01.30 05:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE
PRC - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006.11.07 12:51:40 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\AwayTask\AwaySch.EXE
PRC - [2006.05.23 21:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2006.05.18 16:24:06 | 000,196,696 | ---- | M] (Diskeeper Corporation) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe
PRC - [2006.02.02 05:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005.09.20 11:28:16 | 001,200,128 | ---- | M] (IVT Corporation) -- C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe
PRC - [2005.04.06 17:03:28 | 000,110,592 | ---- | M] () -- C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
PRC - [2004.07.27 16:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Programme\Gemeinsame Dateien\Installshield\UpdateService\issch.exe
PRC - [2003.06.24 15:34:38 | 000,126,976 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.04.16 23:11:02 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2012.01.31 19:36:28 | 000,884,736 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\fsk.dll
MOD - [2012.01.31 19:35:32 | 000,143,360 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\readerAppHelper.dll
MOD - [2012.01.31 19:34:34 | 000,172,032 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\USBDetector.dll
MOD - [2012.01.31 19:33:22 | 000,018,432 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskNetInterface.dll
MOD - [2012.01.31 19:33:18 | 000,009,728 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskPower.dll
MOD - [2012.01.31 19:33:16 | 000,020,480 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskinLocalize.dll
MOD - [2012.01.31 19:33:16 | 000,008,704 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll
MOD - [2012.01.31 19:33:14 | 000,028,160 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\ticket.dll
MOD - [2012.01.31 19:33:12 | 000,012,288 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll
MOD - [2012.01.31 19:31:42 | 000,118,784 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll
MOD - [2012.01.31 19:31:36 | 000,233,472 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\Fskin.dll
MOD - [2012.01.31 19:31:36 | 000,010,752 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll
MOD - [2012.01.31 19:31:04 | 000,033,792 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll
MOD - [2011.11.17 22:06:54 | 000,798,720 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskSecurity.dll
MOD - [2011.11.17 20:47:08 | 000,086,016 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\ebookUsb.dll
MOD - [2007.12.06 18:22:00 | 000,073,728 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\PWRMGRIF.DLL
MOD - [2007.12.06 18:22:00 | 000,049,152 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\GR\PWRMGRRT.DLL
MOD - [2007.08.03 15:52:06 | 000,110,592 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Lenovo\xml4cmessages5_5.dll
MOD - [2007.04.16 11:17:32 | 000,118,784 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2007.03.30 07:41:34 | 001,167,360 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\acAuth.dll
MOD - [2007.02.27 17:48:38 | 002,842,624 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2007.02.27 17:45:10 | 000,053,248 | ---- | M] () -- C:\Programme\ThinkPad\Bluetooth Software\BTKeyInd.dll
MOD - [2007.02.08 13:11:32 | 000,569,344 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe
MOD - [2007.02.08 13:00:06 | 000,022,016 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Lenovo\Logger\logmon.exe
MOD - [2007.02.08 12:59:30 | 000,139,264 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\CDRecord.dll
MOD - [2007.02.08 12:59:30 | 000,139,264 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Lenovo\CDRecord.dll
MOD - [2007.02.08 11:40:16 | 000,045,056 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe
MOD - [2005.04.06 17:03:28 | 000,110,592 | ---- | M] () -- C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
MOD - [2004.12.24 16:10:30 | 000,028,672 | ---- | M] () -- C:\Programme\IVT Corporation\BlueSoleil\hcicmd.dll
MOD - [2004.12.13 17:29:22 | 000,118,784 | ---- | M] () -- C:\Programme\IVT Corporation\BlueSoleil\btwin.dll
MOD - [2004.08.04 14:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012.08.30 12:36:21 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.05.04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012.05.03 13:39:48 | 001,302,072 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2012.05.03 13:39:48 | 000,681,016 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.11.17 22:12:44 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2011.07.25 23:14:00 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- c:\Programme\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2011.04.20 10:04:40 | 000,130,920 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV - [2011.04.04 10:27:20 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2011.03.29 13:41:08 | 000,064,952 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.02.23 12:48:50 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008.03.04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2007.08.03 16:10:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007.07.05 15:05:04 | 000,065,536 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2007.07.05 15:03:32 | 000,184,320 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2007.02.27 17:35:04 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2007.02.08 13:11:32 | 000,569,344 | ---- | M] () [Auto | Running] -- C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2007.02.08 11:40:16 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)
SRV - [2007.01.30 05:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)
SRV - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006.05.23 21:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2005.11.14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Installshield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005.10.06 18:13:10 | 000,856,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
SRV - [2005.04.06 17:03:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service)
SRV - [2004.09.29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\tvtpktfilter.sys -- (TVTPktFilter)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\CHDAudN.sys -- (HdAudAddService)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.12.16 16:19:54 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010.09.07 14:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.06.02 14:49:20 | 000,993,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2010.06.02 14:49:20 | 000,738,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2010.06.02 14:49:18 | 000,217,016 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007.12.06 18:22:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2007.11.29 20:04:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2007.10.25 07:19:00 | 000,153,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007.10.16 18:33:00 | 000,103,472 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsX86.sys -- (Shockprf)
DRV - [2007.10.16 18:32:00 | 000,019,504 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsHM86.sys -- (TPDIGIMN)
DRV - [2007.08.08 13:42:00 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.07.30 04:54:00 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.07.30 03:42:00 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.05.22 15:59:38 | 000,030,336 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2007.05.22 09:59:34 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2007.05.02 04:34:32 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007.04.30 06:37:20 | 002,206,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32)
DRV - [2007.04.02 11:24:08 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2007.03.29 15:19:36 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007.03.14 22:10:02 | 000,011,152 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Programme\Gemeinsame Dateien\ThinkVantage Fingerprint Software\Drivers\smihlp.sys -- (smihlp)
DRV - [2007.02.27 11:02:00 | 000,868,042 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007.01.24 11:27:00 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006.11.06 10:24:56 | 000,012,080 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2006.02.02 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006.02.02 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006.02.02 05:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006.02.02 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006.02.02 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006.02.02 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006.02.02 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005.11.18 12:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005.11.18 12:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005.11.08 09:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2005.08.31 11:34:52 | 000,020,480 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - [2005.08.31 11:34:10 | 000,020,480 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2005.07.29 17:26:54 | 000,023,000 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2005.07.29 17:21:32 | 000,011,988 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2005.04.30 15:50:10 | 000,028,271 | ---- | M] (IVT Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2005.04.30 15:48:58 | 000,010,804 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BtNetDrv.sys -- (BT)
DRV - [2005.03.25 18:18:48 | 000,082,148 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2004.12.16 17:32:54 | 000,013,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BTNetFilter.sys -- (BTNetFilter)
DRV - [2004.10.19 14:37:38 | 000,061,312 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2001.08.18 05:33:12 | 000,322,432 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\G400m.sys -- (G400)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-3654445409-3643727936-2709279435-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3654445409-3643727936-2709279435-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3654445409-3643727936-2709279435-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3654445409-3643727936-2709279435-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=LENIE
IE - HKU\S-1-5-21-3654445409-3643727936-2709279435-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3654445409-3643727936-2709279435-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = hxxp://www.dw-westfalen.de/conf.pac
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://google.de"
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=c250801f-5c31-482c-89f6-219c953482d9&apn_ptnrs=%5EABT&apn_sauid=EBD87735-905E-4227-8D9B-4BA1F3C02159&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q="
FF - prefs.js..network.proxy.autoconfig_url: "hxxp://www.dw-westfalen.de/conf.pac"
FF - prefs.js..network.proxy.type: 2
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\programme\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\programme\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\Dokume

Schöne Grüße

cosinus 05.09.2012 13:12

Log ist unvollständig

Kalinewirsch 05.09.2012 22:24

hatte ich übersehen:
Code:

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\programme\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Programme\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Programme\Gemeinsame Dateien\Wolfram Research\Browser\8.0.4.2609412\npmathplugin.dll (Wolfram Research, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Swiss Academic Software\Citavi Picker\Firefox [2011.10.30 22:13:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.05.28 13:01:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.08.30 12:36:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
 
[2011.10.07 18:32:44 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions
[2012.08.30 09:32:02 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\t3g1o2zt.default\extensions
[2011.12.25 21:48:02 | 000,000,933 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\t3g1o2zt.default\searchplugins\11-suche.xml
[2011.12.25 21:48:02 | 000,002,419 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\t3g1o2zt.default\searchplugins\englische-ergebnisse.xml
[2011.12.25 21:48:01 | 000,010,525 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\t3g1o2zt.default\searchplugins\gmx-suche.xml
[2011.12.25 21:48:02 | 000,002,457 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\t3g1o2zt.default\searchplugins\lastminute.xml
[2011.12.25 21:48:01 | 000,005,508 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\t3g1o2zt.default\searchplugins\webde-suche.xml
[2012.06.07 20:54:53 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.07 20:54:53 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2012.06.07 20:54:53 | 000,000,000 | ---D | M] (WEB.DE MailCheck) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de
[2011.11.25 10:36:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012.08.30 12:36:28 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.12.11 11:35:48 | 000,150,696 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\mozilla firefox\components\nppl3260.dll
[2012.06.01 18:33:00 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.30 12:36:01 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.06.01 18:33:00 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.01 18:33:00 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.01 18:33:00 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.01 18:33:00 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [BLOG] C:\Programme\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [DiskeeperSystray] C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\Installshield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LenovoAutoScrollUtility] C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [Reader Application Helper] C:\Programme\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\programme\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPFNF7] C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - Startup: C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader Synchronizer.lnk = C:\Programme\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BlueSoleil.lnk = C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe (IVT Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Secunia PSI Tray.lnk = C:\Programme\Secunia\PSI\psi_tray.exe (Secunia)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3654445409-3643727936-2709279435-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Citavi Picker... - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect.cab (IASRunner Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CC4F18D-162D-4C73-A5D0-CCC6DE4A966D}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\WINDOWS\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\ACNotify: DllName - (ACNotify.dll) - C:\Programme\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O20 - Winlogon\Notify\psfus: DllName - (C:\WINDOWS\system32\psqlpwd.dll) - C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.01.27 04:18:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: Sharedaccess -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: BITS -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: SharedAccess -  File not found
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - VfWWDM32.dll File not found
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.18 13:34:25 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.08.12 13:25:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\7-Zip
[2012.08.12 13:25:56 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip
[2012.08.10 15:21:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia
[2012.08.10 14:52:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes
[2012.08.10 14:52:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.08.10 14:52:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.08.10 14:52:24 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.08.10 14:52:23 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.04 21:30:52 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2012.09.04 21:29:44 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.09.04 21:29:42 | 000,025,261 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
[2012.09.04 21:28:57 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3654445409-3643727936-2709279435-500.job
[2012.09.04 21:25:50 | 000,000,380 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2012.09.04 21:25:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.09.04 21:25:18 | 1063,768,064 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.02 21:58:06 | 000,520,362 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.09.02 21:58:06 | 000,491,556 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.09.02 21:58:06 | 000,090,246 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.09.02 21:58:05 | 000,109,744 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.09.01 22:48:39 | 000,002,489 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Microsoft Word 2010.lnk
[2012.09.01 21:51:57 | 000,002,491 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Microsoft Excel 2010.lnk
[2012.08.24 20:27:59 | 000,648,159 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\ADFC_TOUR_HWI_Neukloster.pdf
[2012.08.20 13:03:05 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3654445409-3643727936-2709279435-500.job
[2012.08.20 12:31:28 | 000,712,291 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Klausur_IRUFS_WS_11-12_Moodle.pdf
[2012.08.12 13:32:13 | 000,025,955 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Desktop.zip
[2012.08.10 15:35:04 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\defogger_reenable
[2012.08.10 14:52:28 | 000,000,763 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.24 20:27:46 | 000,648,159 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\ADFC_TOUR_HWI_Neukloster.pdf
[2012.08.20 12:31:20 | 000,712,291 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Klausur_IRUFS_WS_11-12_Moodle.pdf
[2012.08.12 13:32:13 | 000,025,955 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Desktop.zip
[2012.08.10 15:35:04 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\defogger_reenable
[2012.08.10 14:52:28 | 000,000,763 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.06 13:10:59 | 000,013,312 | ---- | C] () -- C:\WINDOWS\Installer\{5fbfaf52-88c9-271c-da90-34e44d37be18}\U\80000000.@
[2012.02.17 23:41:25 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.12.27 23:31:59 | 000,000,095 | ---- | C] () -- C:\WINDOWS\wiso.ini
[2011.12.16 20:25:55 | 000,015,360 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.07 19:44:13 | 000,113,618 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2011.10.07 19:44:13 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2006.02.16 10:18:38 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006.01.27 03:01:16 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\Installer\{5fbfaf52-88c9-271c-da90-34e44d37be18}\@
[2006.01.27 03:01:16 | 000,002,048 | -HS- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\{5fbfaf52-88c9-271c-da90-34e44d37be18}\@
 
========== LOP Check ==========
 
[2012.06.18 19:21:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Amazon
[2012.03.26 11:52:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\becker
[2011.12.28 16:14:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Image Zone Express
[2008.05.29 15:23:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Lenovo
[2012.06.23 22:21:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Oracle
[2012.06.01 21:50:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sony
[2011.10.30 22:15:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Swiss Academic Software
[2012.08.10 15:12:17 | 000,000,000 | RHSD | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\System32
[2011.11.25 17:30:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TuneUp Software
[2012.02.19 13:30:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Bluetooth
[2011.12.27 23:32:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH
[2011.12.03 21:23:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Gibraltar
[2012.05.28 14:49:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\kinoma
[2008.05.29 15:10:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lenovo
[2008.05.29 15:15:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC-Doctor
[2011.10.30 22:13:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Swiss Academic Software
[2011.11.25 17:31:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2008.05.29 15:23:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UIB
[2008.05.29 15:29:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2011.11.25 17:24:19 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2008.05.29 15:23:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\Lenovo
[2012.09.04 21:30:52 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.05.27 14:33:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Adobe
[2012.06.18 19:21:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Amazon
[2012.05.28 14:34:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Avira
[2012.03.26 11:52:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\becker
[2011.11.27 22:17:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\HP
[2012.06.17 23:42:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\HpUpdate
[2008.05.29 22:30:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Identities
[2011.12.28 16:14:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Image Zone Express
[2008.05.29 14:56:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\InstallShield
[2011.10.07 18:28:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Intel
[2008.05.29 15:23:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Lenovo
[2011.12.05 22:31:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia
[2012.08.10 14:52:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes
[2012.04.13 20:39:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\MathematicaPlayer
[2012.07.06 01:09:03 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft
[2011.10.07 18:32:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla
[2012.06.23 22:21:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Oracle
[2011.12.11 12:02:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Real
[2012.06.01 21:50:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sony
[2012.05.23 23:48:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sony Corporation
[2011.09.22 09:54:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sun
[2011.10.30 22:15:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Swiss Academic Software
[2012.08.10 15:12:17 | 000,000,000 | RHSD | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\System32
[2011.11.25 17:30:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TuneUp Software
[2011.11.25 17:19:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\WinRAR
 
< %APPDATA%\*.exe /s >
[2012.03.26 11:53:48 | 000,023,552 | ---- | M] (Nav N Go Kft.) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\becker\backup\CK-HLEM-NNKR-G66W-A8QZ\3181703\drive0\iGO8\exeVideoPlayer.exe
[2012.03.26 11:53:50 | 007,340,056 | ---- | M] (Nav N Go Kft.) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\becker\backup\CK-HLEM-NNKR-G66W-A8QZ\3181703\drive0\iGO8\IGO8.EXE
[2012.03.26 12:02:54 | 000,152,088 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\becker\backup\CK-HLEM-NNKR-G66W-A8QZ\3181703\drive0\NNGStart\NNGStart.exe
[2012.05.28 22:15:59 | 000,117,427 | ---- | M] (Adobe Systems, Inc.) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\digitaleditions\digitaleditions.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2007.04.03 12:39:42 | 000,096,384 | ---- | M] (Microsoft Corporation) MD5=2218E3FD674DC284CE98C807086CAB14 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2007.03.14 22:20:18 | 000,033,280 | ---- | M] (UPEK Inc.) MD5=683FB3F8B7B40317BE7362CF86BFA998 -- C:\Programme\ThinkVantage Fingerprint Software\eventlog.dll
 
< MD5 for: IASTOR.SYS  >
[2007.02.12 06:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\drivers\other\iastor.sys
[2007.02.12 06:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\SWTOOLS\DRIVERS\IMSM\iastor.sys
[2007.02.12 19:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINDOWS\system32\drivers\iaStor.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
 
< MD5 for: USER32.DLL  >
[2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\I386\user32.dll
[2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.01.26 20:08:21 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2006.01.26 20:08:21 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2006.01.26 20:08:20 | 000,417,792 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
<          >

< End of report >

Viele Grüße

cosinus 06.09.2012 14:33

Passt das Log nicht in ein Stück in den Beitrag?

Kalinewirsch 06.09.2012 20:21

Ja, schein alles zu passen:


Code:

OTL logfile created on: 04.09.2012 21:54:10 - Run 2
OTL by OldTimer - Version 3.2.60.0    Folder = C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1014,42 Mb Total Physical Memory | 347,34 Mb Available Physical Memory | 34,24% Memory free
2,38 Gb Paging File | 1,71 Gb Available in Paging File | 71,57% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 67,99 Gb Total Space | 32,04 Gb Free Space | 47,12% Space Free | Partition Type: NTFS
 
Computer Name: LENOVO-6E136213 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.04 21:51:25 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads\OTL(1).exe
PRC - [2012.08.08 15:26:58 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.05.28 13:01:00 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Real\RealPlayer\Update\realsched.exe
PRC - [2012.05.04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2012.05.03 13:39:48 | 001,302,072 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psia.exe
PRC - [2012.05.03 13:39:48 | 000,681,016 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\sua.exe
PRC - [2012.05.03 13:39:46 | 000,562,232 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psi_tray.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.01.31 19:35:30 | 000,892,928 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
PRC - [2012.01.17 11:07:54 | 000,252,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2011.05.26 19:43:12 | 000,328,040 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011.04.20 10:04:40 | 000,130,920 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\tphkload.exe
PRC - [2011.04.07 16:41:32 | 000,138,680 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe
PRC - [2011.03.29 13:41:08 | 000,064,952 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2010.12.21 02:07:48 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2010.11.29 16:32:44 | 000,069,560 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2010.04.01 14:50:44 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe
PRC - [2009.02.23 12:48:50 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.03.04 10:34:20 | 000,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
PRC - [2008.03.04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) -- c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
PRC - [2007.11.29 20:04:00 | 000,059,168 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2007.08.03 16:10:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007.07.05 15:05:04 | 000,065,536 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2007.07.05 15:04:18 | 000,114,688 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2007.07.05 15:03:32 | 000,184,320 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2007.07.05 14:58:40 | 000,413,696 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2007.07.05 14:51:48 | 000,126,976 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2007.04.16 11:17:58 | 000,487,424 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2007.02.27 17:43:30 | 000,561,213 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe
PRC - [2007.02.27 17:35:04 | 000,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2007.02.08 13:11:32 | 000,569,344 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2007.02.08 13:00:06 | 000,022,016 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Lenovo\Logger\logmon.exe
PRC - [2007.02.08 11:40:16 | 000,045,056 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe
PRC - [2007.01.30 05:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE
PRC - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006.11.07 12:51:40 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\AwayTask\AwaySch.EXE
PRC - [2006.05.23 21:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2006.05.18 16:24:06 | 000,196,696 | ---- | M] (Diskeeper Corporation) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe
PRC - [2006.02.02 05:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005.09.20 11:28:16 | 001,200,128 | ---- | M] (IVT Corporation) -- C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe
PRC - [2005.04.06 17:03:28 | 000,110,592 | ---- | M] () -- C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
PRC - [2004.07.27 16:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Programme\Gemeinsame Dateien\Installshield\UpdateService\issch.exe
PRC - [2003.06.24 15:34:38 | 000,126,976 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.04.16 23:11:02 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2012.01.31 19:36:28 | 000,884,736 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\fsk.dll
MOD - [2012.01.31 19:35:32 | 000,143,360 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\readerAppHelper.dll
MOD - [2012.01.31 19:34:34 | 000,172,032 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\USBDetector.dll
MOD - [2012.01.31 19:33:22 | 000,018,432 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskNetInterface.dll
MOD - [2012.01.31 19:33:18 | 000,009,728 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskPower.dll
MOD - [2012.01.31 19:33:16 | 000,020,480 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskinLocalize.dll
MOD - [2012.01.31 19:33:16 | 000,008,704 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll
MOD - [2012.01.31 19:33:14 | 000,028,160 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\ticket.dll
MOD - [2012.01.31 19:33:12 | 000,012,288 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll
MOD - [2012.01.31 19:31:42 | 000,118,784 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll
MOD - [2012.01.31 19:31:36 | 000,233,472 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\Fskin.dll
MOD - [2012.01.31 19:31:36 | 000,010,752 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll
MOD - [2012.01.31 19:31:04 | 000,033,792 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll
MOD - [2011.11.17 22:06:54 | 000,798,720 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskSecurity.dll
MOD - [2011.11.17 20:47:08 | 000,086,016 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\ebookUsb.dll
MOD - [2007.12.06 18:22:00 | 000,073,728 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\PWRMGRIF.DLL
MOD - [2007.12.06 18:22:00 | 000,049,152 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\GR\PWRMGRRT.DLL
MOD - [2007.08.03 15:52:06 | 000,110,592 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Lenovo\xml4cmessages5_5.dll
MOD - [2007.04.16 11:17:32 | 000,118,784 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2007.03.30 07:41:34 | 001,167,360 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\acAuth.dll
MOD - [2007.02.27 17:48:38 | 002,842,624 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2007.02.27 17:45:10 | 000,053,248 | ---- | M] () -- C:\Programme\ThinkPad\Bluetooth Software\BTKeyInd.dll
MOD - [2007.02.08 13:11:32 | 000,569,344 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe
MOD - [2007.02.08 13:00:06 | 000,022,016 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Lenovo\Logger\logmon.exe
MOD - [2007.02.08 12:59:30 | 000,139,264 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\CDRecord.dll
MOD - [2007.02.08 12:59:30 | 000,139,264 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Lenovo\CDRecord.dll
MOD - [2007.02.08 11:40:16 | 000,045,056 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe
MOD - [2005.04.06 17:03:28 | 000,110,592 | ---- | M] () -- C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
MOD - [2004.12.24 16:10:30 | 000,028,672 | ---- | M] () -- C:\Programme\IVT Corporation\BlueSoleil\hcicmd.dll
MOD - [2004.12.13 17:29:22 | 000,118,784 | ---- | M] () -- C:\Programme\IVT Corporation\BlueSoleil\btwin.dll
MOD - [2004.08.04 14:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012.08.30 12:36:21 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.05.04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012.05.03 13:39:48 | 001,302,072 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2012.05.03 13:39:48 | 000,681,016 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.11.17 22:12:44 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2011.07.25 23:14:00 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- c:\Programme\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2011.04.20 10:04:40 | 000,130,920 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV - [2011.04.04 10:27:20 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2011.03.29 13:41:08 | 000,064,952 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.02.23 12:48:50 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008.03.04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2007.08.03 16:10:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007.07.05 15:05:04 | 000,065,536 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2007.07.05 15:03:32 | 000,184,320 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2007.02.27 17:35:04 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2007.02.08 13:11:32 | 000,569,344 | ---- | M] () [Auto | Running] -- C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2007.02.08 11:40:16 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)
SRV - [2007.01.30 05:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)
SRV - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006.05.23 21:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2005.11.14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Installshield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005.10.06 18:13:10 | 000,856,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
SRV - [2005.04.06 17:03:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service)
SRV - [2004.09.29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\tvtpktfilter.sys -- (TVTPktFilter)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\CHDAudN.sys -- (HdAudAddService)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.12.16 16:19:54 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010.09.07 14:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.06.02 14:49:20 | 000,993,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2010.06.02 14:49:20 | 000,738,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2010.06.02 14:49:18 | 000,217,016 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007.12.06 18:22:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2007.11.29 20:04:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2007.10.25 07:19:00 | 000,153,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007.10.16 18:33:00 | 000,103,472 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsX86.sys -- (Shockprf)
DRV - [2007.10.16 18:32:00 | 000,019,504 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsHM86.sys -- (TPDIGIMN)
DRV - [2007.08.08 13:42:00 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.07.30 04:54:00 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.07.30 03:42:00 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.05.22 15:59:38 | 000,030,336 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2007.05.22 09:59:34 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2007.05.02 04:34:32 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007.04.30 06:37:20 | 002,206,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32)
DRV - [2007.04.02 11:24:08 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2007.03.29 15:19:36 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007.03.14 22:10:02 | 000,011,152 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Programme\Gemeinsame Dateien\ThinkVantage Fingerprint Software\Drivers\smihlp.sys -- (smihlp)
DRV - [2007.02.27 11:02:00 | 000,868,042 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007.01.24 11:27:00 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006.11.06 10:24:56 | 000,012,080 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2006.02.02 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006.02.02 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006.02.02 05:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006.02.02 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006.02.02 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006.02.02 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006.02.02 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005.11.18 12:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005.11.18 12:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005.11.08 09:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2005.08.31 11:34:52 | 000,020,480 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - [2005.08.31 11:34:10 | 000,020,480 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2005.07.29 17:26:54 | 000,023,000 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2005.07.29 17:21:32 | 000,011,988 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2005.04.30 15:50:10 | 000,028,271 | ---- | M] (IVT Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2005.04.30 15:48:58 | 000,010,804 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BtNetDrv.sys -- (BT)
DRV - [2005.03.25 18:18:48 | 000,082,148 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2004.12.16 17:32:54 | 000,013,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BTNetFilter.sys -- (BTNetFilter)
DRV - [2004.10.19 14:37:38 | 000,061,312 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2001.08.18 05:33:12 | 000,322,432 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\G400m.sys -- (G400)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-3654445409-3643727936-2709279435-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3654445409-3643727936-2709279435-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3654445409-3643727936-2709279435-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3654445409-3643727936-2709279435-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=LENIE
IE - HKU\S-1-5-21-3654445409-3643727936-2709279435-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3654445409-3643727936-2709279435-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = hxxp://www.dw-westfalen.de/conf.pac
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://google.de"
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=c250801f-5c31-482c-89f6-219c953482d9&apn_ptnrs=%5EABT&apn_sauid=EBD87735-905E-4227-8D9B-4BA1F3C02159&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q="
FF - prefs.js..network.proxy.autoconfig_url: "hxxp://www.dw-westfalen.de/conf.pac"
FF - prefs.js..network.proxy.type: 2
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\programme\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\programme\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\programme\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Programme\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Programme\Gemeinsame Dateien\Wolfram Research\Browser\8.0.4.2609412\npmathplugin.dll (Wolfram Research, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Swiss Academic Software\Citavi Picker\Firefox [2011.10.30 22:13:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.05.28 13:01:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.08.30 12:36:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
 
[2011.10.07 18:32:44 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions
[2012.08.30 09:32:02 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\t3g1o2zt.default\extensions
[2011.12.25 21:48:02 | 000,000,933 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\t3g1o2zt.default\searchplugins\11-suche.xml
[2011.12.25 21:48:02 | 000,002,419 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\t3g1o2zt.default\searchplugins\englische-ergebnisse.xml
[2011.12.25 21:48:01 | 000,010,525 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\t3g1o2zt.default\searchplugins\gmx-suche.xml
[2011.12.25 21:48:02 | 000,002,457 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\t3g1o2zt.default\searchplugins\lastminute.xml
[2011.12.25 21:48:01 | 000,005,508 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\t3g1o2zt.default\searchplugins\webde-suche.xml
[2012.06.07 20:54:53 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.07 20:54:53 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2012.06.07 20:54:53 | 000,000,000 | ---D | M] (WEB.DE MailCheck) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de
[2011.11.25 10:36:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012.08.30 12:36:28 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.12.11 11:35:48 | 000,150,696 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\mozilla firefox\components\nppl3260.dll
[2012.06.01 18:33:00 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.30 12:36:01 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.06.01 18:33:00 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.01 18:33:00 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.01 18:33:00 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.01 18:33:00 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [BLOG] C:\Programme\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [DiskeeperSystray] C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\Installshield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LenovoAutoScrollUtility] C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [Reader Application Helper] C:\Programme\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\programme\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPFNF7] C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - Startup: C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader Synchronizer.lnk = C:\Programme\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BlueSoleil.lnk = C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe (IVT Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Secunia PSI Tray.lnk = C:\Programme\Secunia\PSI\psi_tray.exe (Secunia)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3654445409-3643727936-2709279435-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Citavi Picker... - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect.cab (IASRunner Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CC4F18D-162D-4C73-A5D0-CCC6DE4A966D}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\WINDOWS\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\ACNotify: DllName - (ACNotify.dll) - C:\Programme\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O20 - Winlogon\Notify\psfus: DllName - (C:\WINDOWS\system32\psqlpwd.dll) - C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.01.27 04:18:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: Sharedaccess -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: BITS -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: SharedAccess -  File not found
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - VfWWDM32.dll File not found
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.18 13:34:25 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.08.12 13:25:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\7-Zip
[2012.08.12 13:25:56 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip
[2012.08.10 15:21:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia
[2012.08.10 14:52:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes
[2012.08.10 14:52:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.08.10 14:52:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.08.10 14:52:24 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.08.10 14:52:23 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.04 21:30:52 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2012.09.04 21:29:44 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.09.04 21:29:42 | 000,025,261 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
[2012.09.04 21:28:57 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3654445409-3643727936-2709279435-500.job
[2012.09.04 21:25:50 | 000,000,380 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2012.09.04 21:25:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.09.04 21:25:18 | 1063,768,064 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.02 21:58:06 | 000,520,362 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.09.02 21:58:06 | 000,491,556 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.09.02 21:58:06 | 000,090,246 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.09.02 21:58:05 | 000,109,744 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.09.01 22:48:39 | 000,002,489 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Microsoft Word 2010.lnk
[2012.09.01 21:51:57 | 000,002,491 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Microsoft Excel 2010.lnk
[2012.08.24 20:27:59 | 000,648,159 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\ADFC_TOUR_HWI_Neukloster.pdf
[2012.08.20 13:03:05 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3654445409-3643727936-2709279435-500.job
[2012.08.20 12:31:28 | 000,712,291 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Klausur_IRUFS_WS_11-12_Moodle.pdf
[2012.08.12 13:32:13 | 000,025,955 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Desktop.zip
[2012.08.10 15:35:04 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\defogger_reenable
[2012.08.10 14:52:28 | 000,000,763 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.24 20:27:46 | 000,648,159 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\ADFC_TOUR_HWI_Neukloster.pdf
[2012.08.20 12:31:20 | 000,712,291 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Klausur_IRUFS_WS_11-12_Moodle.pdf
[2012.08.12 13:32:13 | 000,025,955 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Desktop.zip
[2012.08.10 15:35:04 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\defogger_reenable
[2012.08.10 14:52:28 | 000,000,763 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.06 13:10:59 | 000,013,312 | ---- | C] () -- C:\WINDOWS\Installer\{5fbfaf52-88c9-271c-da90-34e44d37be18}\U\80000000.@
[2012.02.17 23:41:25 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.12.27 23:31:59 | 000,000,095 | ---- | C] () -- C:\WINDOWS\wiso.ini
[2011.12.16 20:25:55 | 000,015,360 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.07 19:44:13 | 000,113,618 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2011.10.07 19:44:13 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2006.02.16 10:18:38 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006.01.27 03:01:16 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\Installer\{5fbfaf52-88c9-271c-da90-34e44d37be18}\@
[2006.01.27 03:01:16 | 000,002,048 | -HS- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\{5fbfaf52-88c9-271c-da90-34e44d37be18}\@
 
========== LOP Check ==========
 
[2012.06.18 19:21:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Amazon
[2012.03.26 11:52:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\becker
[2011.12.28 16:14:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Image Zone Express
[2008.05.29 15:23:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Lenovo
[2012.06.23 22:21:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Oracle
[2012.06.01 21:50:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sony
[2011.10.30 22:15:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Swiss Academic Software
[2012.08.10 15:12:17 | 000,000,000 | RHSD | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\System32
[2011.11.25 17:30:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TuneUp Software
[2012.02.19 13:30:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Bluetooth
[2011.12.27 23:32:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH
[2011.12.03 21:23:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Gibraltar
[2012.05.28 14:49:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\kinoma
[2008.05.29 15:10:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lenovo
[2008.05.29 15:15:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC-Doctor
[2011.10.30 22:13:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Swiss Academic Software
[2011.11.25 17:31:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2008.05.29 15:23:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UIB
[2008.05.29 15:29:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2011.11.25 17:24:19 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2008.05.29 15:23:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\Lenovo
[2012.09.04 21:30:52 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.05.27 14:33:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Adobe
[2012.06.18 19:21:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Amazon
[2012.05.28 14:34:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Avira
[2012.03.26 11:52:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\becker
[2011.11.27 22:17:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\HP
[2012.06.17 23:42:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\HpUpdate
[2008.05.29 22:30:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Identities
[2011.12.28 16:14:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Image Zone Express
[2008.05.29 14:56:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\InstallShield
[2011.10.07 18:28:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Intel
[2008.05.29 15:23:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Lenovo
[2011.12.05 22:31:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia
[2012.08.10 14:52:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes
[2012.04.13 20:39:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\MathematicaPlayer
[2012.07.06 01:09:03 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft
[2011.10.07 18:32:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla
[2012.06.23 22:21:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Oracle
[2011.12.11 12:02:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Real
[2012.06.01 21:50:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sony
[2012.05.23 23:48:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sony Corporation
[2011.09.22 09:54:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sun
[2011.10.30 22:15:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Swiss Academic Software
[2012.08.10 15:12:17 | 000,000,000 | RHSD | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\System32
[2011.11.25 17:30:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TuneUp Software
[2011.11.25 17:19:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\WinRAR
 
< %APPDATA%\*.exe /s >
[2012.03.26 11:53:48 | 000,023,552 | ---- | M] (Nav N Go Kft.) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\becker\backup\CK-HLEM-NNKR-G66W-A8QZ\3181703\drive0\iGO8\exeVideoPlayer.exe
[2012.03.26 11:53:50 | 007,340,056 | ---- | M] (Nav N Go Kft.) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\becker\backup\CK-HLEM-NNKR-G66W-A8QZ\3181703\drive0\iGO8\IGO8.EXE
[2012.03.26 12:02:54 | 000,152,088 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\becker\backup\CK-HLEM-NNKR-G66W-A8QZ\3181703\drive0\NNGStart\NNGStart.exe
[2012.05.28 22:15:59 | 000,117,427 | ---- | M] (Adobe Systems, Inc.) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\digitaleditions\digitaleditions.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2007.04.03 12:39:42 | 000,096,384 | ---- | M] (Microsoft Corporation) MD5=2218E3FD674DC284CE98C807086CAB14 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2007.03.14 22:20:18 | 000,033,280 | ---- | M] (UPEK Inc.) MD5=683FB3F8B7B40317BE7362CF86BFA998 -- C:\Programme\ThinkVantage Fingerprint Software\eventlog.dll
 
< MD5 for: IASTOR.SYS  >
[2007.02.12 06:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\drivers\other\iastor.sys
[2007.02.12 06:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\SWTOOLS\DRIVERS\IMSM\iastor.sys
[2007.02.12 19:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINDOWS\system32\drivers\iaStor.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
 
< MD5 for: USER32.DLL  >
[2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\I386\user32.dll
[2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.01.26 20:08:21 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2006.01.26 20:08:21 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2006.01.26 20:08:20 | 000,417,792 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
<          >

< End of report >


cosinus 07.09.2012 08:10

Hm, da ist immer noch Toolbar-Müll drin
Bitte mal den aktuellen adwCleaner runterladen, also die alte adwcleaner löschen und neu runterladen

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

Kalinewirsch 07.09.2012 18:37

Hallo,
die ADW.txt:
Code:

# AdwCleaner v2.000 - Datei am 09/07/2012 um 19:33:41 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : Administrator - LENOVO-6E136213
# Normaler Modus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Die Registrierungsdatenbank ist sauber.

*************************

AdwCleaner[S1].txt - [3600 octets] - [31/08/2012 22:05:19]
AdwCleaner[R1].txt - [689 octets] - [07/09/2012 19:33:41]

########## EOF - C:\AdwCleaner[R1].txt - [748 octets] ##########

Schöne Grüße

cosinus 10.09.2012 14:02

Sry aber :o vom adwcleaner gibt es wieder neue Version ;)
Bitte neu runterladen und den Suchlauf nochmal machen :)

Kalinewirsch 10.09.2012 21:20

eine neue Version 2.001
Code:

# AdwCleaner v2.001 - Datei am 09/10/2012 um 22:13:05 erstellt
# Aktualisiert am 09/09/2012 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : Administrator - LENOVO-6E136213
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Die Registrierungsdatenbank ist sauber.

*************************

AdwCleaner[S1].txt - [3600 octets] - [31/08/2012 22:05:19]
AdwCleaner[R1].txt - [816 octets] - [07/09/2012 19:33:41]
AdwCleaner[R1] 2012-09-07.txt - [816 octets] - [07/09/2012 19:34:12]
AdwCleaner[R2].txt - [813 octets] - [10/09/2012 22:13:05]

########## EOF - C:\AdwCleaner[R2].txt - [872 octets] ##########

Schöne Grüße

cosinus 10.09.2012 22:06

Hm es hat nichts gefunden

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT


Kalinewirsch 11.09.2012 22:34

Hallo und guten Abend,

Code:

OTL logfile created on: 11.09.2012 22:49:48 - Run 3
OTL by OldTimer - Version 3.2.61.3    Folder = C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1014,42 Mb Total Physical Memory | 404,72 Mb Available Physical Memory | 39,90% Memory free
2,38 Gb Paging File | 1,76 Gb Available in Paging File | 73,97% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 67,99 Gb Total Space | 31,93 Gb Free Space | 46,97% Space Free | Partition Type: NTFS
 
Computer Name: LENOVO-6E136213 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.11 22:45:44 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads\OTL.exe
PRC - [2012.08.08 15:26:58 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.05.28 13:01:00 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Real\RealPlayer\Update\realsched.exe
PRC - [2012.05.04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2012.05.03 13:39:48 | 001,302,072 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psia.exe
PRC - [2012.05.03 13:39:48 | 000,681,016 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\sua.exe
PRC - [2012.05.03 13:39:46 | 000,562,232 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psi_tray.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.01.31 19:35:30 | 000,892,928 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
PRC - [2012.01.17 11:07:58 | 000,505,736 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe
PRC - [2012.01.17 11:07:54 | 000,252,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2011.07.25 23:14:00 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Programme\Lenovo\System Update\SUService.exe
PRC - [2011.05.26 19:43:12 | 000,328,040 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011.04.20 10:04:40 | 000,130,920 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\tphkload.exe
PRC - [2011.04.07 16:41:32 | 000,138,680 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe
PRC - [2011.03.29 13:41:08 | 000,064,952 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2010.12.21 02:07:48 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2010.11.29 16:32:44 | 000,069,560 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2010.04.01 14:50:44 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe
PRC - [2009.02.23 12:48:50 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.03.04 10:34:20 | 000,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
PRC - [2008.03.04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) -- c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
PRC - [2007.11.29 20:04:00 | 000,059,168 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2007.08.03 16:10:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007.07.05 15:05:04 | 000,065,536 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2007.07.05 15:04:18 | 000,114,688 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2007.07.05 15:03:32 | 000,184,320 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2007.07.05 14:58:40 | 000,413,696 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2007.07.05 14:51:48 | 000,126,976 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2007.04.16 11:17:58 | 000,487,424 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2007.02.27 17:43:30 | 000,561,213 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe
PRC - [2007.02.27 17:35:04 | 000,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2007.02.08 13:11:32 | 000,569,344 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2007.02.08 13:00:06 | 000,022,016 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Lenovo\Logger\logmon.exe
PRC - [2007.02.08 11:40:16 | 000,045,056 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe
PRC - [2007.01.30 05:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE
PRC - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006.05.23 21:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2006.05.18 16:24:06 | 000,196,696 | ---- | M] (Diskeeper Corporation) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe
PRC - [2006.02.02 05:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005.09.20 11:28:16 | 001,200,128 | ---- | M] (IVT Corporation) -- C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe
PRC - [2005.04.06 17:03:28 | 000,110,592 | ---- | M] () -- C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
PRC - [2004.07.27 16:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Programme\Gemeinsame Dateien\Installshield\UpdateService\issch.exe
PRC - [2003.06.24 15:34:38 | 000,126,976 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.14 22:23:40 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012.05.13 00:59:11 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll
MOD - [2012.05.12 16:57:15 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012.05.12 16:54:56 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012.05.12 16:54:43 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012.04.16 23:11:02 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2012.01.31 19:36:28 | 000,884,736 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\fsk.dll
MOD - [2012.01.31 19:35:32 | 000,143,360 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\readerAppHelper.dll
MOD - [2012.01.31 19:34:34 | 000,172,032 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\USBDetector.dll
MOD - [2012.01.31 19:33:22 | 000,018,432 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskNetInterface.dll
MOD - [2012.01.31 19:33:18 | 000,009,728 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskPower.dll
MOD - [2012.01.31 19:33:16 | 000,020,480 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskinLocalize.dll
MOD - [2012.01.31 19:33:16 | 000,008,704 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll
MOD - [2012.01.31 19:33:14 | 000,028,160 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\ticket.dll
MOD - [2012.01.31 19:33:12 | 000,012,288 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll
MOD - [2012.01.31 19:31:42 | 000,118,784 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll
MOD - [2012.01.31 19:31:36 | 000,233,472 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\Fskin.dll
MOD - [2012.01.31 19:31:36 | 000,010,752 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll
MOD - [2012.01.31 19:31:04 | 000,033,792 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll
MOD - [2011.11.17 22:06:54 | 000,798,720 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskSecurity.dll
MOD - [2011.11.17 20:47:08 | 000,086,016 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\ebookUsb.dll
MOD - [2011.05.28 23:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2008.05.29 14:49:42 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll
MOD - [2007.12.06 18:22:00 | 000,073,728 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\PWRMGRIF.DLL
MOD - [2007.12.06 18:22:00 | 000,049,152 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\GR\PWRMGRRT.DLL
MOD - [2007.08.03 15:52:06 | 000,110,592 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Lenovo\xml4cmessages5_5.dll
MOD - [2007.04.16 11:17:32 | 000,118,784 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2007.03.30 07:41:34 | 001,167,360 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\acAuth.dll
MOD - [2007.02.27 17:48:38 | 002,842,624 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2007.02.27 17:45:10 | 000,053,248 | ---- | M] () -- C:\Programme\ThinkPad\Bluetooth Software\BTKeyInd.dll
MOD - [2007.02.08 13:11:32 | 000,569,344 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe
MOD - [2007.02.08 13:00:06 | 000,022,016 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Lenovo\Logger\logmon.exe
MOD - [2007.02.08 12:59:30 | 000,139,264 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\CDRecord.dll
MOD - [2007.02.08 12:59:30 | 000,139,264 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Lenovo\CDRecord.dll
MOD - [2007.02.08 11:40:16 | 000,045,056 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe
MOD - [2005.04.06 17:03:28 | 000,110,592 | ---- | M] () -- C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
MOD - [2004.12.24 16:10:30 | 000,028,672 | ---- | M] () -- C:\Programme\IVT Corporation\BlueSoleil\hcicmd.dll
MOD - [2004.12.13 17:29:22 | 000,118,784 | ---- | M] () -- C:\Programme\IVT Corporation\BlueSoleil\btwin.dll
MOD - [2004.08.04 14:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012.08.30 12:36:21 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.05.04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012.05.03 13:39:48 | 001,302,072 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2012.05.03 13:39:48 | 000,681,016 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.11.17 22:12:44 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2011.07.25 23:14:00 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Programme\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2011.04.20 10:04:40 | 000,130,920 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV - [2011.04.04 10:27:20 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2011.03.29 13:41:08 | 000,064,952 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.02.23 12:48:50 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008.03.04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2007.08.03 16:10:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007.07.05 15:05:04 | 000,065,536 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2007.07.05 15:03:32 | 000,184,320 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2007.02.27 17:35:04 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2007.02.08 13:11:32 | 000,569,344 | ---- | M] () [Auto | Running] -- C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2007.02.08 11:40:16 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)
SRV - [2007.01.30 05:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)
SRV - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006.05.23 21:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2005.11.14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Installshield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005.10.06 18:13:10 | 000,856,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
SRV - [2005.04.06 17:03:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service)
SRV - [2004.09.29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\tvtpktfilter.sys -- (TVTPktFilter)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\CHDAudN.sys -- (HdAudAddService)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.12.16 16:19:54 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010.09.07 14:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.06.02 14:49:20 | 000,993,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2010.06.02 14:49:20 | 000,738,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2010.06.02 14:49:18 | 000,217,016 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007.12.06 18:22:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2007.11.29 20:04:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2007.10.25 07:19:00 | 000,153,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007.10.16 18:33:00 | 000,103,472 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsX86.sys -- (Shockprf)
DRV - [2007.10.16 18:32:00 | 000,019,504 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsHM86.sys -- (TPDIGIMN)
DRV - [2007.08.08 13:42:00 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.07.30 04:54:00 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.07.30 03:42:00 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.05.22 15:59:38 | 000,030,336 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2007.05.22 09:59:34 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2007.05.02 04:34:32 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007.04.30 06:37:20 | 002,206,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32)
DRV - [2007.04.02 11:24:08 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2007.03.29 15:19:36 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007.03.14 22:10:02 | 000,011,152 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Programme\Gemeinsame Dateien\ThinkVantage Fingerprint Software\Drivers\smihlp.sys -- (smihlp)
DRV - [2007.02.27 11:02:00 | 000,868,042 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007.01.24 11:27:00 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006.11.06 10:24:56 | 000,012,080 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2006.02.02 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006.02.02 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006.02.02 05:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006.02.02 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006.02.02 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006.02.02 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006.02.02 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005.11.18 12:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005.11.18 12:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005.11.08 09:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2005.08.31 11:34:52 | 000,020,480 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - [2005.08.31 11:34:10 | 000,020,480 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2005.07.29 17:26:54 | 000,023,000 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2005.07.29 17:21:32 | 000,011,988 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2005.04.30 15:50:10 | 000,028,271 | ---- | M] (IVT Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2005.04.30 15:48:58 | 000,010,804 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BtNetDrv.sys -- (BT)
DRV - [2005.03.25 18:18:48 | 000,082,148 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2004.12.16 17:32:54 | 000,013,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BTNetFilter.sys -- (BTNetFilter)
DRV - [2004.10.19 14:37:38 | 000,061,312 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2001.08.18 05:33:12 | 000,322,432 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\G400m.sys -- (G400)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-3654445409-3643727936-2709279435-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3654445409-3643727936-2709279435-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3654445409-3643727936-2709279435-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3654445409-3643727936-2709279435-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=LENIE
IE - HKU\S-1-5-21-3654445409-3643727936-2709279435-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3654445409-3643727936-2709279435-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = hxxp://www.dw-westfalen.de/conf.pac
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://google.de"
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=c250801f-5c31-482c-89f6-219c953482d9&apn_ptnrs=%5EABT&apn_sauid=EBD87735-905E-4227-8D9B-4BA1F3C02159&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q="
FF - prefs.js..network.proxy.autoconfig_url: "hxxp://www.dw-westfalen.de/conf.pac"
FF - prefs.js..network.proxy.type: 2
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\programme\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\programme\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\programme\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Programme\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Programme\Gemeinsame Dateien\Wolfram Research\Browser\8.0.4.2609412\npmathplugin.dll (Wolfram Research, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Swiss Academic Software\Citavi Picker\Firefox [2011.10.30 22:13:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.05.28 13:01:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.08.30 12:36:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
 
[2011.10.07 18:32:44 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions
[2012.08.30 09:32:02 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\t3g1o2zt.default\extensions
[2012.07.17 17:15:09 | 000,016,228 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\t3g1o2zt.default\extensions\support@startxxl.com.xpi
[2012.08.30 09:32:01 | 000,518,756 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\t3g1o2zt.default\extensions\toolbar@web.de.xpi
[2012.08.16 23:07:14 | 000,061,403 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\t3g1o2zt.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi
[2012.07.29 22:37:22 | 000,741,958 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\t3g1o2zt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.12.25 21:48:02 | 000,000,933 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\t3g1o2zt.default\searchplugins\11-suche.xml
[2011.12.25 21:48:02 | 000,002,419 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\t3g1o2zt.default\searchplugins\englische-ergebnisse.xml
[2011.12.25 21:48:01 | 000,010,525 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\t3g1o2zt.default\searchplugins\gmx-suche.xml
[2011.12.25 21:48:02 | 000,002,457 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\t3g1o2zt.default\searchplugins\lastminute.xml
[2011.12.25 21:48:01 | 000,005,508 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\t3g1o2zt.default\searchplugins\webde-suche.xml
[2012.06.07 20:54:53 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.07 20:54:53 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2012.06.07 20:54:53 | 000,000,000 | ---D | M] (WEB.DE MailCheck) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de
[2011.11.25 10:36:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012.08.30 12:36:28 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.12.11 11:35:48 | 000,150,696 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\mozilla firefox\components\nppl3260.dll
[2012.06.01 18:33:00 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.30 12:36:01 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.06.01 18:33:00 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.01 18:33:00 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.01 18:33:00 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.01 18:33:00 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [BLOG] C:\Programme\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [DiskeeperSystray] C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\Installshield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LenovoAutoScrollUtility] C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [Reader Application Helper] C:\Programme\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\programme\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPFNF7] C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - Startup: C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader Synchronizer.lnk = C:\Programme\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BlueSoleil.lnk = C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe (IVT Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Secunia PSI Tray.lnk = C:\Programme\Secunia\PSI\psi_tray.exe (Secunia)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3654445409-3643727936-2709279435-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Citavi Picker... - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect.cab (IASRunner Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CC4F18D-162D-4C73-A5D0-CCC6DE4A966D}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\WINDOWS\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\ACNotify: DllName - (ACNotify.dll) - C:\Programme\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O20 - Winlogon\Notify\psfus: DllName - (C:\WINDOWS\system32\psqlpwd.dll) - C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.01.27 04:18:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: Sharedaccess -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: BITS -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: SharedAccess -  File not found
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - VfWWDM32.dll File not found
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.18 13:34:25 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.11 22:34:40 | 000,025,261 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
[2012.09.11 22:30:43 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2012.09.11 22:30:32 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.09.11 22:30:23 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3654445409-3643727936-2709279435-500.job
[2012.09.11 22:28:03 | 000,000,380 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2012.09.11 22:27:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.09.11 22:27:34 | 1063,768,064 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.08 21:54:37 | 000,491,556 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.09.08 21:54:36 | 000,520,362 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.09.08 21:54:36 | 000,090,246 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.09.08 21:54:35 | 000,109,744 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.09.01 22:48:39 | 000,002,489 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Microsoft Word 2010.lnk
[2012.09.01 21:51:57 | 000,002,491 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Microsoft Excel 2010.lnk
[2012.08.24 20:27:59 | 000,648,159 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\ADFC_TOUR_HWI_Neukloster.pdf
[2012.08.20 13:03:05 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3654445409-3643727936-2709279435-500.job
[2012.08.20 12:31:28 | 000,712,291 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Klausur_IRUFS_WS_11-12_Moodle.pdf
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.24 20:27:46 | 000,648,159 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\ADFC_TOUR_HWI_Neukloster.pdf
[2012.08.20 12:31:20 | 000,712,291 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Klausur_IRUFS_WS_11-12_Moodle.pdf
[2012.08.10 15:35:04 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\defogger_reenable
[2012.07.06 13:10:59 | 000,013,312 | ---- | C] () -- C:\WINDOWS\Installer\{5fbfaf52-88c9-271c-da90-34e44d37be18}\U\80000000.@
[2012.02.17 23:41:25 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.12.27 23:31:59 | 000,000,095 | ---- | C] () -- C:\WINDOWS\wiso.ini
[2011.12.16 20:25:55 | 000,015,360 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.07 19:44:13 | 000,113,618 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2011.10.07 19:44:13 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2006.02.16 10:18:38 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006.01.27 03:01:16 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\Installer\{5fbfaf52-88c9-271c-da90-34e44d37be18}\@
[2006.01.27 03:01:16 | 000,002,048 | -HS- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\{5fbfaf52-88c9-271c-da90-34e44d37be18}\@
 
========== LOP Check ==========
 
[2012.06.18 19:21:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Amazon
[2012.03.26 11:52:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\becker
[2011.12.28 16:14:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Image Zone Express
[2008.05.29 15:23:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Lenovo
[2012.06.23 22:21:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Oracle
[2012.06.01 21:50:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sony
[2011.10.30 22:15:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Swiss Academic Software
[2012.08.10 15:12:17 | 000,000,000 | RHSD | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\System32
[2011.11.25 17:30:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TuneUp Software
[2012.02.19 13:30:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Bluetooth
[2011.12.27 23:32:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH
[2011.12.03 21:23:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Gibraltar
[2012.05.28 14:49:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\kinoma
[2008.05.29 15:10:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lenovo
[2008.05.29 15:15:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC-Doctor
[2011.10.30 22:13:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Swiss Academic Software
[2011.11.25 17:31:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2008.05.29 15:23:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UIB
[2008.05.29 15:29:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2011.11.25 17:24:19 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2008.05.29 15:23:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\Lenovo
[2012.09.11 22:30:43 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.05.27 14:33:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Adobe
[2012.06.18 19:21:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Amazon
[2012.05.28 14:34:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Avira
[2012.03.26 11:52:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\becker
[2011.11.27 22:17:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\HP
[2012.06.17 23:42:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\HpUpdate
[2008.05.29 22:30:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Identities
[2011.12.28 16:14:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Image Zone Express
[2008.05.29 14:56:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\InstallShield
[2011.10.07 18:28:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Intel
[2008.05.29 15:23:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Lenovo
[2011.12.05 22:31:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia
[2012.08.10 14:52:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes
[2012.04.13 20:39:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\MathematicaPlayer
[2012.07.06 01:09:03 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft
[2011.10.07 18:32:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla
[2012.06.23 22:21:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Oracle
[2011.12.11 12:02:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Real
[2012.06.01 21:50:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sony
[2012.05.23 23:48:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sony Corporation
[2011.09.22 09:54:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sun
[2011.10.30 22:15:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Swiss Academic Software
[2012.08.10 15:12:17 | 000,000,000 | RHSD | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\System32
[2011.11.25 17:30:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TuneUp Software
[2011.11.25 17:19:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\WinRAR
 
< %APPDATA%\*.exe /s >
[2012.03.26 11:53:48 | 000,023,552 | ---- | M] (Nav N Go Kft.) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\becker\backup\CK-HLEM-NNKR-G66W-A8QZ\3181703\drive0\iGO8\exeVideoPlayer.exe
[2012.03.26 11:53:50 | 007,340,056 | ---- | M] (Nav N Go Kft.) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\becker\backup\CK-HLEM-NNKR-G66W-A8QZ\3181703\drive0\iGO8\IGO8.EXE
[2012.03.26 12:02:54 | 000,152,088 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\becker\backup\CK-HLEM-NNKR-G66W-A8QZ\3181703\drive0\NNGStart\NNGStart.exe
[2012.05.28 22:15:59 | 000,117,427 | ---- | M] (Adobe Systems, Inc.) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\digitaleditions\digitaleditions.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2007.04.03 12:39:42 | 000,096,384 | ---- | M] (Microsoft Corporation) MD5=2218E3FD674DC284CE98C807086CAB14 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2007.03.14 22:20:18 | 000,033,280 | ---- | M] (UPEK Inc.) MD5=683FB3F8B7B40317BE7362CF86BFA998 -- C:\Programme\ThinkVantage Fingerprint Software\eventlog.dll
 
< MD5 for: IASTOR.SYS  >
[2007.02.12 06:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\drivers\other\iastor.sys
[2007.02.12 06:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\SWTOOLS\DRIVERS\IMSM\iastor.sys
[2007.02.12 19:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINDOWS\system32\drivers\iaStor.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
 
< MD5 for: USER32.DLL  >
[2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\I386\user32.dll
[2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.01.26 20:08:21 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2006.01.26 20:08:21 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2006.01.26 20:08:20 | 000,417,792 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
<          >

< End of report >

Schöne Grüße

cosinus 12.09.2012 00:10

Wieso ist denn da schon wieder Müll von Ask drin?
Hast du AntiVir neu installiert?

Kalinewirsch 12.09.2012 19:18

Hallo Cosinus,
Antivis scheint sich immer selbst zu aktualisieren. Jetzt erhielt ich die Meldung, dass ich die Avira Toolbar aktualisieren solle. Das habe ich nicht gemacht. Es ist ein Echtzeitscanner aktiviert. Muss ich daran etwas ändern?
Ich blicke nicht mehr durch. Ist denn Antivir das Problem?
Wie geht es weiter? Schö Grüße

cosinus 12.09.2012 20:59

Genau diese dämliche Toolbar sollst du nicht mehr installieren. Dann ist auch Schluss mit dem Ask-Tinnef

Also nochmal adwCleaner ausführen und alles löschen ;)

Kalinewirsch 14.09.2012 19:49

Hallo, ich hab noch nicht ganz verstanden. Gibt es eine Alternative zu Avira? Solange Avira benutzt wird scheint sich diese "Toolbar" immer wieder selbständig zu aktivieren, zumindest mit jedem update.
Und noch eine Frage: Ist der Computer nun wieder Malwarefrei???
Vielen Dank schon mal für eine verständliche Antwort.

cosinus 14.09.2012 23:01

Ja, da gibt es zB Avast oder MSE als Alternativen

Wenn du umsteigen willst, dann deinstalliere AntIVir und nimm entweder Avast oder MSE. Mach dann wieder wie o.g. ein neues OTL-Log (OTL bitte wieder neu runterladen)

Kalinewirsch 15.09.2012 23:45

Hallo,
nun habe ich avira deinstalliert. Avast installiert. Dann OTL ausgeführt:
Code:

OTL logfile created on: 16.09.2012 00:04:23 - Run 4
OTL by OldTimer - Version 3.2.61.5    Folder = C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1014,42 Mb Total Physical Memory | 389,26 Mb Available Physical Memory | 38,37% Memory free
2,38 Gb Paging File | 1,87 Gb Available in Paging File | 78,25% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 67,99 Gb Total Space | 32,94 Gb Free Space | 48,45% Space Free | Partition Type: NTFS
 
Computer Name: LENOVO-6E136213 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.16 00:02:49 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads\OTL.exe
PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.08.21 11:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.05.28 13:01:00 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Real\RealPlayer\Update\realsched.exe
PRC - [2012.05.04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2012.05.03 13:39:48 | 001,302,072 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psia.exe
PRC - [2012.05.03 13:39:48 | 000,681,016 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\sua.exe
PRC - [2012.05.03 13:39:46 | 000,562,232 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psi_tray.exe
PRC - [2012.01.31 19:35:30 | 000,892,928 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
PRC - [2012.01.17 11:07:54 | 000,252,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2011.05.26 19:43:12 | 000,328,040 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011.04.20 10:04:40 | 000,130,920 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\tphkload.exe
PRC - [2011.04.07 16:41:32 | 000,138,680 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe
PRC - [2011.03.29 13:41:08 | 000,064,952 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2010.12.21 02:07:48 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2010.11.29 16:32:44 | 000,069,560 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2010.04.01 14:50:44 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe
PRC - [2009.02.23 12:48:50 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.03.04 10:34:20 | 000,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
PRC - [2008.03.04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) -- c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
PRC - [2007.11.29 20:04:00 | 000,059,168 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2007.08.03 16:10:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007.07.05 15:05:04 | 000,065,536 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2007.07.05 15:04:18 | 000,114,688 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2007.07.05 15:03:32 | 000,184,320 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2007.07.05 14:58:40 | 000,413,696 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2007.07.05 14:51:48 | 000,126,976 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2007.04.16 11:17:58 | 000,487,424 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2007.02.27 17:43:30 | 000,561,213 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe
PRC - [2007.02.27 17:35:04 | 000,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2007.02.08 13:11:32 | 000,569,344 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2007.02.08 13:00:06 | 000,022,016 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Lenovo\Logger\logmon.exe
PRC - [2007.02.08 12:55:44 | 000,057,344 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\launcheg.exe
PRC - [2007.02.08 11:40:16 | 000,045,056 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe
PRC - [2007.01.30 05:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE
PRC - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006.11.07 12:51:40 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\AwayTask\AwaySch.EXE
PRC - [2006.05.23 21:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2006.05.18 16:24:06 | 000,196,696 | ---- | M] (Diskeeper Corporation) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe
PRC - [2006.02.02 05:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005.09.20 11:28:16 | 001,200,128 | ---- | M] (IVT Corporation) -- C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe
PRC - [2005.04.06 17:03:28 | 000,110,592 | ---- | M] () -- C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
PRC - [2004.07.27 16:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Programme\Gemeinsame Dateien\Installshield\UpdateService\issch.exe
PRC - [2003.06.24 15:34:38 | 000,126,976 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.09.15 13:23:31 | 001,810,432 | ---- | M] () -- C:\Programme\AVAST Software\Avast\defs\12091500\algo.dll
MOD - [2012.01.31 19:36:28 | 000,884,736 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\fsk.dll
MOD - [2012.01.31 19:35:32 | 000,143,360 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\readerAppHelper.dll
MOD - [2012.01.31 19:34:34 | 000,172,032 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\USBDetector.dll
MOD - [2012.01.31 19:33:22 | 000,018,432 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskNetInterface.dll
MOD - [2012.01.31 19:33:18 | 000,009,728 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskPower.dll
MOD - [2012.01.31 19:33:16 | 000,020,480 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskinLocalize.dll
MOD - [2012.01.31 19:33:16 | 000,008,704 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll
MOD - [2012.01.31 19:33:14 | 000,028,160 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\ticket.dll
MOD - [2012.01.31 19:33:12 | 000,012,288 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll
MOD - [2012.01.31 19:31:42 | 000,118,784 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll
MOD - [2012.01.31 19:31:36 | 000,233,472 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\Fskin.dll
MOD - [2012.01.31 19:31:36 | 000,010,752 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll
MOD - [2012.01.31 19:31:04 | 000,033,792 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll
MOD - [2011.11.17 22:06:54 | 000,798,720 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskSecurity.dll
MOD - [2011.11.17 20:47:08 | 000,086,016 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\ebookUsb.dll
MOD - [2007.12.06 18:22:00 | 000,073,728 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\PWRMGRIF.DLL
MOD - [2007.12.06 18:22:00 | 000,049,152 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\GR\PWRMGRRT.DLL
MOD - [2007.08.03 15:52:06 | 000,110,592 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Lenovo\xml4cmessages5_5.dll
MOD - [2007.04.16 11:17:32 | 000,118,784 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2007.03.30 07:41:34 | 001,167,360 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\acAuth.dll
MOD - [2007.02.27 17:48:38 | 002,842,624 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2007.02.27 17:45:10 | 000,053,248 | ---- | M] () -- C:\Programme\ThinkPad\Bluetooth Software\BTKeyInd.dll
MOD - [2007.02.08 13:11:32 | 000,569,344 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe
MOD - [2007.02.08 13:00:06 | 000,022,016 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Lenovo\Logger\logmon.exe
MOD - [2007.02.08 12:59:30 | 000,139,264 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\CDRecord.dll
MOD - [2007.02.08 12:59:30 | 000,139,264 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Lenovo\CDRecord.dll
MOD - [2007.02.08 12:55:44 | 000,057,344 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\launcheg.exe
MOD - [2007.02.08 11:40:16 | 000,045,056 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe
MOD - [2005.04.06 17:03:28 | 000,110,592 | ---- | M] () -- C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
MOD - [2004.12.24 16:10:30 | 000,028,672 | ---- | M] () -- C:\Programme\IVT Corporation\BlueSoleil\hcicmd.dll
MOD - [2004.12.13 17:29:22 | 000,118,784 | ---- | M] () -- C:\Programme\IVT Corporation\BlueSoleil\btwin.dll
MOD - [2004.08.04 14:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.08.30 12:36:21 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.05.04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012.05.03 13:39:48 | 001,302,072 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2012.05.03 13:39:48 | 000,681,016 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011.11.17 22:12:44 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2011.07.25 23:14:00 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- c:\Programme\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2011.04.20 10:04:40 | 000,130,920 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV - [2011.04.04 10:27:20 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2011.03.29 13:41:08 | 000,064,952 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.02.23 12:48:50 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008.03.04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2007.08.03 16:10:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007.07.05 15:05:04 | 000,065,536 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2007.07.05 15:03:32 | 000,184,320 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2007.02.27 17:35:04 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2007.02.08 13:11:32 | 000,569,344 | ---- | M] () [Auto | Running] -- C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2007.02.08 11:40:16 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)
SRV - [2007.01.30 05:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)
SRV - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006.05.23 21:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2005.11.14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Installshield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005.10.06 18:13:10 | 000,856,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
SRV - [2005.04.06 17:03:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service)
SRV - [2004.09.29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\tvtpktfilter.sys -- (TVTPktFilter)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\CHDAudN.sys -- (HdAudAddService)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.08.21 11:13:14 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012.08.21 11:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012.08.21 11:13:13 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011.12.16 16:19:54 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010.09.07 14:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2010.06.02 14:49:20 | 000,993,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2010.06.02 14:49:20 | 000,738,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2010.06.02 14:49:18 | 000,217,016 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007.12.06 18:22:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2007.11.29 20:04:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2007.10.25 07:19:00 | 000,153,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007.10.16 18:33:00 | 000,103,472 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsX86.sys -- (Shockprf)
DRV - [2007.10.16 18:32:00 | 000,019,504 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsHM86.sys -- (TPDIGIMN)
DRV - [2007.08.08 13:42:00 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.07.30 04:54:00 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.07.30 03:42:00 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.05.22 15:59:38 | 000,030,336 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2007.05.22 09:59:34 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2007.05.02 04:34:32 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007.04.30 06:37:20 | 002,206,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32)
DRV - [2007.04.02 11:24:08 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2007.03.29 15:19:36 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007.03.14 22:10:02 | 000,011,152 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Programme\Gemeinsame Dateien\ThinkVantage Fingerprint Software\Drivers\smihlp.sys -- (smihlp)
DRV - [2007.02.27 11:02:00 | 000,868,042 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007.01.24 11:27:00 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006.11.06 10:24:56 | 000,012,080 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2006.02.02 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006.02.02 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006.02.02 05:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006.02.02 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006.02.02 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006.02.02 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006.02.02 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005.11.18 12:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005.11.18 12:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005.11.08 09:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2005.08.31 11:34:52 | 000,020,480 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - [2005.08.31 11:34:10 | 000,020,480 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2005.07.29 17:26:54 | 000,023,000 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2005.07.29 17:21:32 | 000,011,988 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2005.04.30 15:50:10 | 000,028,271 | ---- | M] (IVT Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2005.04.30 15:48:58 | 000,010,804 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BtNetDrv.sys -- (BT)
DRV - [2005.03.25 18:18:48 | 000,082,148 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2004.12.16 17:32:54 | 000,013,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BTNetFilter.sys -- (BTNetFilter)
DRV - [2004.10.19 14:37:38 | 000,061,312 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2001.08.18 05:33:12 | 000,322,432 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\G400m.sys -- (G400)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-3654445409-3643727936-2709279435-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3654445409-3643727936-2709279435-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3654445409-3643727936-2709279435-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3654445409-3643727936-2709279435-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=LENIE
IE - HKU\S-1-5-21-3654445409-3643727936-2709279435-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3654445409-3643727936-2709279435-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = hxxp://www.dw-westfalen.de/conf.pac
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://google.de"
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=c250801f-5c31-482c-89f6-219c953482d9&apn_ptnrs=%5EABT&apn_sauid=EBD87735-905E-4227-8D9B-4BA1F3C02159&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q="
FF - prefs.js..network.proxy.autoconfig_url: "hxxp://www.dw-westfalen.de/conf.pac"
FF - prefs.js..network.proxy.type: 2
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\programme\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\programme\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\programme\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Programme\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Programme\Gemeinsame Dateien\Wolfram Research\Browser\8.0.4.2609412\npmathplugin.dll (Wolfram Research, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Swiss Academic Software\Citavi Picker\Firefox [2011.10.30 22:13:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.05.28 13:01:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Programme\AVAST Software\Avast\WebRep\FF [2012.09.15 22:28:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.08.30 12:36:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
 
[2011.10.07 18:32:44 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions
[2012.08.30 09:32:02 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\t3g1o2zt.default\extensions
[2012.07.17 17:15:09 | 000,016,228 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\t3g1o2zt.default\extensions\support@startxxl.com.xpi
[2012.08.30 09:32:01 | 000,518,756 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\t3g1o2zt.default\extensions\toolbar@web.de.xpi
[2012.08.16 23:07:14 | 000,061,403 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\t3g1o2zt.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi
[2012.07.29 22:37:22 | 000,741,958 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\t3g1o2zt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.12.25 21:48:02 | 000,000,933 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\t3g1o2zt.default\searchplugins\11-suche.xml
[2011.12.25 21:48:02 | 000,002,419 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\t3g1o2zt.default\searchplugins\englische-ergebnisse.xml
[2011.12.25 21:48:01 | 000,010,525 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\t3g1o2zt.default\searchplugins\gmx-suche.xml
[2011.12.25 21:48:02 | 000,002,457 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\t3g1o2zt.default\searchplugins\lastminute.xml
[2011.12.25 21:48:01 | 000,005,508 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\t3g1o2zt.default\searchplugins\webde-suche.xml
[2012.06.07 20:54:53 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.07 20:54:53 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2012.06.07 20:54:53 | 000,000,000 | ---D | M] (WEB.DE MailCheck) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de
[2011.11.25 10:36:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012.08.30 12:36:28 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.12.11 11:35:48 | 000,150,696 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\mozilla firefox\components\nppl3260.dll
[2012.06.01 18:33:00 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.30 12:36:01 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.06.01 18:33:00 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.01 18:33:00 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.01 18:33:00 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.01 18:33:00 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - homepage: hxxp://www.google.com/
 
O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [avast] C:\Programme\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [BLOG] C:\Programme\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [DiskeeperSystray] C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\Installshield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LenovoAutoScrollUtility] C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [Reader Application Helper] C:\Programme\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\programme\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPFNF7] C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - Startup: C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader Synchronizer.lnk = C:\Programme\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BlueSoleil.lnk = C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe (IVT Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Secunia PSI Tray.lnk = C:\Programme\Secunia\PSI\psi_tray.exe (Secunia)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3654445409-3643727936-2709279435-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Citavi Picker... - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect.cab (IASRunner Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CC4F18D-162D-4C73-A5D0-CCC6DE4A966D}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\WINDOWS\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\ACNotify: DllName - (ACNotify.dll) - C:\Programme\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O20 - Winlogon\Notify\psfus: DllName - (C:\WINDOWS\system32\psqlpwd.dll) - C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.01.27 04:18:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.15 22:38:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Chrome
[2012.09.15 22:31:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\avast! Free Antivirus
[2012.09.15 22:31:14 | 000,355,632 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012.09.15 22:31:14 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012.09.15 22:31:07 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012.09.15 22:31:06 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012.09.15 22:31:05 | 000,729,752 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012.09.15 22:31:02 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012.09.15 22:31:02 | 000,089,624 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012.09.15 22:31:01 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012.09.15 22:28:07 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012.09.15 22:27:59 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012.09.15 22:24:03 | 000,000,000 | ---D | C] -- C:\Programme\AVAST Software
[2012.09.15 22:24:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software
[2012.08.18 13:34:25 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.15 23:44:16 | 000,001,104 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.15 23:33:51 | 000,000,322 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012.09.15 23:33:50 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2012.09.15 23:33:21 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.09.15 23:32:44 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3654445409-3643727936-2709279435-500.job
[2012.09.15 23:32:22 | 000,001,100 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.15 23:30:53 | 000,025,261 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
[2012.09.15 23:28:19 | 000,000,380 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2012.09.15 23:27:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.09.15 23:27:40 | 1063,768,064 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.15 22:38:28 | 000,001,784 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk
[2012.09.15 22:31:15 | 000,001,660 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk
[2012.09.15 22:31:03 | 000,003,001 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012.09.14 22:22:42 | 000,000,763 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.12 20:14:39 | 000,000,066 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Private Nachrichten.URL
[2012.09.12 11:31:41 | 000,002,491 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Microsoft Excel 2010.lnk
[2012.09.08 21:54:37 | 000,491,556 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.09.08 21:54:36 | 000,520,362 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.09.08 21:54:36 | 000,090,246 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.09.08 21:54:35 | 000,109,744 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.09.01 22:48:39 | 000,002,489 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Microsoft Word 2010.lnk
[2012.08.24 20:27:59 | 000,648,159 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\ADFC_TOUR_HWI_Neukloster.pdf
[2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012.08.21 11:13:14 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012.08.21 11:13:14 | 000,089,624 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012.08.21 11:13:14 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012.08.21 11:13:13 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012.08.21 11:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012.08.21 11:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012.08.20 13:03:05 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3654445409-3643727936-2709279435-500.job
[2012.08.20 12:31:28 | 000,712,291 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Klausur_IRUFS_WS_11-12_Moodle.pdf
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.15 22:38:28 | 000,001,784 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk
[2012.09.15 22:31:40 | 000,001,104 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.15 22:31:40 | 000,001,100 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.15 22:31:15 | 000,001,660 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk
[2012.09.15 22:31:04 | 000,000,322 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012.09.12 20:14:39 | 000,000,066 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Private Nachrichten.URL
[2012.08.24 20:27:46 | 000,648,159 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\ADFC_TOUR_HWI_Neukloster.pdf
[2012.08.20 12:31:20 | 000,712,291 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Klausur_IRUFS_WS_11-12_Moodle.pdf
[2012.08.10 15:35:04 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\defogger_reenable
[2012.02.17 23:41:25 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.12.27 23:31:59 | 000,000,095 | ---- | C] () -- C:\WINDOWS\wiso.ini
[2011.12.16 20:25:55 | 000,015,360 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.07 19:44:13 | 000,113,618 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2011.10.07 19:44:13 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2006.02.16 10:18:38 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006.01.27 03:01:16 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\Installer\{5fbfaf52-88c9-271c-da90-34e44d37be18}\@
[2006.01.27 03:01:16 | 000,002,048 | -HS- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\{5fbfaf52-88c9-271c-da90-34e44d37be18}\@
 
========== LOP Check ==========
 
[2012.06.18 19:21:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Amazon
[2012.03.26 11:52:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\becker
[2011.12.28 16:14:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Image Zone Express
[2008.05.29 15:23:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Lenovo
[2012.06.23 22:21:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Oracle
[2012.06.01 21:50:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sony
[2011.10.30 22:15:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Swiss Academic Software
[2012.08.10 15:12:17 | 000,000,000 | RHSD | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\System32
[2011.11.25 17:30:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TuneUp Software
[2012.09.15 22:24:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software
[2012.02.19 13:30:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Bluetooth
[2011.12.27 23:32:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH
[2011.12.03 21:23:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Gibraltar
[2012.05.28 14:49:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\kinoma
[2008.05.29 15:10:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lenovo
[2008.05.29 15:15:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC-Doctor
[2011.10.30 22:13:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Swiss Academic Software
[2011.11.25 17:31:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2008.05.29 15:23:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UIB
[2008.05.29 15:29:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2011.11.25 17:24:19 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2008.05.29 15:23:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\Lenovo
[2012.09.15 23:33:51 | 000,000,322 | -H-- | M] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job
[2012.09.15 23:33:50 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job
 
========== Purity Check ==========
 
 

< End of report >

In der Malwarebyte Quarantäne liegen meine ursprünglichen Trojaner oder ..."was auch immer".

Wie geht es nun weiter?

cosinus 16.09.2012 18:25

Das war kein CustomScan! Warum machst du es anders?! Es wurde doch ständig die Anleitung zu einem CustomScan gepostet :(

Zitat:

In der Malwarebyte Quarantäne liegen meine ursprünglichen Trojaner oder ..."was auch immer".
Was habt ihr alle immer nur mit der Quarantäne? :wtf:
Überleg doch mal was eine Quarantäne ist. Ob da die schädliche Datei drinbleibt oder nicht, das hat keine Auswirkungen. Schädlinge in der Quarantäne können nichts mehr anrichten, sie sind dort isoliert. Du solltest grundsätzlich mit der Quarantäne arbeiten, denn falls der Virenscanner durch einen Fehlalarm was wichtiges löscht, kannst Du notfalls noch über die Quarantäne an die Datei ran.

Kalinewirsch 16.09.2012 22:05

Hallo, hier ist der scan:
Code:

OTL logfile created on: 16.09.2012 22:06:38 - Run 5
OTL by OldTimer - Version 3.2.61.5    Folder = C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1014,42 Mb Total Physical Memory | 380,28 Mb Available Physical Memory | 37,49% Memory free
2,38 Gb Paging File | 1,86 Gb Available in Paging File | 78,16% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 67,99 Gb Total Space | 32,70 Gb Free Space | 48,09% Space Free | Partition Type: NTFS
 
Computer Name: LENOVO-6E136213 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.16 00:02:49 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads\OTL.exe
PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.08.21 11:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.05.28 13:01:00 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Real\RealPlayer\Update\realsched.exe
PRC - [2012.05.04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2012.05.03 13:39:48 | 001,302,072 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psia.exe
PRC - [2012.05.03 13:39:48 | 000,681,016 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\sua.exe
PRC - [2012.05.03 13:39:46 | 000,562,232 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psi_tray.exe
PRC - [2012.01.31 19:35:30 | 000,892,928 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
PRC - [2012.01.17 11:07:54 | 000,252,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2011.05.26 19:43:12 | 000,328,040 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011.04.20 10:04:40 | 000,130,920 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\tphkload.exe
PRC - [2011.04.07 16:41:32 | 000,138,680 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe
PRC - [2011.03.29 13:41:08 | 000,064,952 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2010.12.21 02:07:48 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2010.11.29 16:32:44 | 000,069,560 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2010.04.01 14:50:44 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe
PRC - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
PRC - [2009.02.23 12:48:50 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.03.04 10:34:20 | 000,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
PRC - [2008.03.04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) -- c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
PRC - [2007.11.29 20:04:00 | 000,059,168 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2007.08.03 16:10:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007.07.05 15:05:04 | 000,065,536 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2007.07.05 15:04:18 | 000,114,688 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2007.07.05 15:03:32 | 000,184,320 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2007.07.05 14:58:40 | 000,413,696 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2007.07.05 14:51:48 | 000,126,976 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2007.04.16 11:17:58 | 000,487,424 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2007.02.27 17:43:30 | 000,561,213 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe
PRC - [2007.02.27 17:35:04 | 000,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2007.02.08 13:11:32 | 000,569,344 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2007.02.08 13:00:06 | 000,022,016 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Lenovo\Logger\logmon.exe
PRC - [2007.02.08 11:40:16 | 000,045,056 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe
PRC - [2007.01.30 05:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE
PRC - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006.11.07 12:51:40 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\AwayTask\AwaySch.EXE
PRC - [2006.05.23 21:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2006.05.18 16:24:06 | 000,196,696 | ---- | M] (Diskeeper Corporation) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe
PRC - [2006.02.02 05:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005.09.20 11:28:16 | 001,200,128 | ---- | M] (IVT Corporation) -- C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe
PRC - [2005.04.06 17:03:28 | 000,110,592 | ---- | M] () -- C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
PRC - [2004.07.27 16:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Programme\Gemeinsame Dateien\Installshield\UpdateService\issch.exe
PRC - [2003.06.24 15:34:38 | 000,126,976 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.09.16 10:05:08 | 001,810,432 | ---- | M] () -- C:\Programme\AVAST Software\Avast\defs\12091600\algo.dll
MOD - [2012.09.15 13:23:31 | 001,810,432 | ---- | M] () -- C:\Programme\AVAST Software\Avast\defs\12091500\algo.dll
MOD - [2012.01.31 19:36:28 | 000,884,736 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\fsk.dll
MOD - [2012.01.31 19:35:32 | 000,143,360 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\readerAppHelper.dll
MOD - [2012.01.31 19:34:34 | 000,172,032 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\USBDetector.dll
MOD - [2012.01.31 19:33:22 | 000,018,432 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskNetInterface.dll
MOD - [2012.01.31 19:33:18 | 000,009,728 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskPower.dll
MOD - [2012.01.31 19:33:16 | 000,020,480 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskinLocalize.dll
MOD - [2012.01.31 19:33:16 | 000,008,704 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll
MOD - [2012.01.31 19:33:14 | 000,028,160 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\ticket.dll
MOD - [2012.01.31 19:33:12 | 000,012,288 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll
MOD - [2012.01.31 19:31:42 | 000,118,784 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll
MOD - [2012.01.31 19:31:36 | 000,233,472 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\Fskin.dll
MOD - [2012.01.31 19:31:36 | 000,010,752 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll
MOD - [2012.01.31 19:31:04 | 000,033,792 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll
MOD - [2011.11.17 22:06:54 | 000,798,720 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskSecurity.dll
MOD - [2011.11.17 20:47:08 | 000,086,016 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\ebookUsb.dll
MOD - [2007.12.06 18:22:00 | 000,073,728 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\PWRMGRIF.DLL
MOD - [2007.12.06 18:22:00 | 000,049,152 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\GR\PWRMGRRT.DLL
MOD - [2007.08.03 15:52:06 | 000,110,592 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Lenovo\xml4cmessages5_5.dll
MOD - [2007.04.16 11:17:32 | 000,118,784 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2007.03.30 07:41:34 | 001,167,360 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\acAuth.dll
MOD - [2007.02.27 17:48:38 | 002,842,624 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2007.02.27 17:45:10 | 000,053,248 | ---- | M] () -- C:\Programme\ThinkPad\Bluetooth Software\BTKeyInd.dll
MOD - [2007.02.08 13:11:32 | 000,569,344 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe
MOD - [2007.02.08 13:00:06 | 000,022,016 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Lenovo\Logger\logmon.exe
MOD - [2007.02.08 12:59:30 | 000,139,264 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\CDRecord.dll
MOD - [2007.02.08 12:59:30 | 000,139,264 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Lenovo\CDRecord.dll
MOD - [2007.02.08 11:40:16 | 000,045,056 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe
MOD - [2005.04.06 17:03:28 | 000,110,592 | ---- | M] () -- C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
MOD - [2004.12.24 16:10:30 | 000,028,672 | ---- | M] () -- C:\Programme\IVT Corporation\BlueSoleil\hcicmd.dll
MOD - [2004.12.13 17:29:22 | 000,118,784 | ---- | M] () -- C:\Programme\IVT Corporation\BlueSoleil\btwin.dll
MOD - [2004.08.04 14:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.08.30 12:36:21 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.05.04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012.05.03 13:39:48 | 001,302,072 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2012.05.03 13:39:48 | 000,681,016 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011.11.17 22:12:44 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2011.07.25 23:14:00 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- c:\Programme\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2011.04.20 10:04:40 | 000,130,920 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV - [2011.04.04 10:27:20 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2011.03.29 13:41:08 | 000,064,952 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.02.23 12:48:50 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008.03.04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2007.08.03 16:10:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007.07.05 15:05:04 | 000,065,536 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2007.07.05 15:03:32 | 000,184,320 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2007.02.27 17:35:04 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2007.02.08 13:11:32 | 000,569,344 | ---- | M] () [Auto | Running] -- C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2007.02.08 11:40:16 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)
SRV - [2007.01.30 05:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)
SRV - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006.05.23 21:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2005.11.14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Installshield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005.10.06 18:13:10 | 000,856,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
SRV - [2005.04.06 17:03:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service)
SRV - [2004.09.29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\tvtpktfilter.sys -- (TVTPktFilter)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\CHDAudN.sys -- (HdAudAddService)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.08.21 11:13:14 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012.08.21 11:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012.08.21 11:13:13 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011.12.16 16:19:54 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010.09.07 14:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2010.06.02 14:49:20 | 000,993,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2010.06.02 14:49:20 | 000,738,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2010.06.02 14:49:18 | 000,217,016 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007.12.06 18:22:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2007.11.29 20:04:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2007.10.25 07:19:00 | 000,153,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007.10.16 18:33:00 | 000,103,472 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsX86.sys -- (Shockprf)
DRV - [2007.10.16 18:32:00 | 000,019,504 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsHM86.sys -- (TPDIGIMN)
DRV - [2007.08.08 13:42:00 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.07.30 04:54:00 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.07.30 03:42:00 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.05.22 15:59:38 | 000,030,336 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2007.05.22 09:59:34 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2007.05.02 04:34:32 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007.04.30 06:37:20 | 002,206,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32)
DRV - [2007.04.02 11:24:08 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2007.03.29 15:19:36 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007.03.14 22:10:02 | 000,011,152 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Programme\Gemeinsame Dateien\ThinkVantage Fingerprint Software\Drivers\smihlp.sys -- (smihlp)
DRV - [2007.02.27 11:02:00 | 000,868,042 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007.01.24 11:27:00 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006.11.06 10:24:56 | 000,012,080 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2006.02.02 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006.02.02 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006.02.02 05:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006.02.02 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006.02.02 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006.02.02 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006.02.02 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005.11.18 12:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005.11.18 12:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005.11.08 09:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2005.08.31 11:34:52 | 000,020,480 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - [2005.08.31 11:34:10 | 000,020,480 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2005.07.29 17:26:54 | 000,023,000 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2005.07.29 17:21:32 | 000,011,988 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2005.04.30 15:50:10 | 000,028,271 | ---- | M] (IVT Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2005.04.30 15:48:58 | 000,010,804 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BtNetDrv.sys -- (BT)
DRV - [2005.03.25 18:18:48 | 000,082,148 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2004.12.16 17:32:54 | 000,013,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BTNetFilter.sys -- (BTNetFilter)
DRV - [2004.10.19 14:37:38 | 000,061,312 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2001.08.18 05:33:12 | 000,322,432 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\G400m.sys -- (G400)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-3654445409-3643727936-2709279435-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3654445409-3643727936-2709279435-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3654445409-3643727936-2709279435-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3654445409-3643727936-2709279435-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=LENIE
IE - HKU\S-1-5-21-3654445409-3643727936-2709279435-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3654445409-3643727936-2709279435-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = hxxp://www.dw-westfalen.de/conf.pac
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://google.de"
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=c250801f-5c31-482c-89f6-219c953482d9&apn_ptnrs=%5EABT&apn_sauid=EBD87735-905E-4227-8D9B-4BA1F3C02159&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q="
FF - prefs.js..network.proxy.autoconfig_url: "hxxp://www.dw-westfalen.de/conf.pac"
FF - prefs.js..network.proxy.type: 2
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\programme\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\programme\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\programme\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Programme\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Programme\Gemeinsame Dateien\Wolfram Research\Browser\8.0.4.2609412\npmathplugin.dll (Wolfram Research, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Swiss Academic Software\Citavi Picker\Firefox [2011.10.30 22:13:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.05.28 13:01:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Programme\AVAST Software\Avast\WebRep\FF [2012.09.15 22:28:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.08.30 12:36:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
 
[2011.10.07 18:32:44 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions
[2012.08.30 09:32:02 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\t3g1o2zt.default\extensions
[2012.07.17 17:15:09 | 000,016,228 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\t3g1o2zt.default\extensions\support@startxxl.com.xpi
[2012.08.30 09:32:01 | 000,518,756 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\t3g1o2zt.default\extensions\toolbar@web.de.xpi
[2012.08.16 23:07:14 | 000,061,403 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\t3g1o2zt.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi
[2012.07.29 22:37:22 | 000,741,958 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\t3g1o2zt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.12.25 21:48:02 | 000,000,933 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\t3g1o2zt.default\searchplugins\11-suche.xml
[2011.12.25 21:48:02 | 000,002,419 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\t3g1o2zt.default\searchplugins\englische-ergebnisse.xml
[2011.12.25 21:48:01 | 000,010,525 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\t3g1o2zt.default\searchplugins\gmx-suche.xml
[2011.12.25 21:48:02 | 000,002,457 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\t3g1o2zt.default\searchplugins\lastminute.xml
[2011.12.25 21:48:01 | 000,005,508 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\t3g1o2zt.default\searchplugins\webde-suche.xml
[2012.06.07 20:54:53 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.07 20:54:53 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2012.06.07 20:54:53 | 000,000,000 | ---D | M] (WEB.DE MailCheck) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de
[2011.11.25 10:36:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012.08.30 12:36:28 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.12.11 11:35:48 | 000,150,696 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\mozilla firefox\components\nppl3260.dll
[2012.06.01 18:33:00 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.30 12:36:01 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.06.01 18:33:00 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.01 18:33:00 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.01 18:33:00 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.01 18:33:00 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - homepage: hxxp://www.google.com/
 
O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [avast] C:\Programme\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [BLOG] C:\Programme\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [DiskeeperSystray] C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\Installshield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LenovoAutoScrollUtility] C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [Reader Application Helper] C:\Programme\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\programme\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPFNF7] C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - Startup: C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader Synchronizer.lnk = C:\Programme\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BlueSoleil.lnk = C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe (IVT Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Secunia PSI Tray.lnk = C:\Programme\Secunia\PSI\psi_tray.exe (Secunia)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3654445409-3643727936-2709279435-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Citavi Picker... - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect.cab (IASRunner Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CC4F18D-162D-4C73-A5D0-CCC6DE4A966D}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\WINDOWS\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\ACNotify: DllName - (ACNotify.dll) - C:\Programme\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O20 - Winlogon\Notify\psfus: DllName - (C:\WINDOWS\system32\psqlpwd.dll) - C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.01.27 04:18:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: Sharedaccess -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: BITS -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: SharedAccess -  File not found
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - VfWWDM32.dll File not found
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.15 22:38:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Chrome
[2012.09.15 22:31:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\avast! Free Antivirus
[2012.09.15 22:31:14 | 000,355,632 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012.09.15 22:31:14 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012.09.15 22:31:07 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012.09.15 22:31:06 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012.09.15 22:31:05 | 000,729,752 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012.09.15 22:31:02 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012.09.15 22:31:02 | 000,089,624 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012.09.15 22:31:01 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012.09.15 22:28:07 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012.09.15 22:27:59 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012.09.15 22:24:03 | 000,000,000 | ---D | C] -- C:\Programme\AVAST Software
[2012.09.15 22:24:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software
[2012.08.18 13:34:25 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.16 22:31:14 | 000,000,322 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012.09.16 21:44:37 | 000,001,104 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.16 21:41:25 | 000,002,489 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Microsoft Word 2010.lnk
[2012.09.16 21:35:44 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2012.09.16 21:35:03 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.09.16 21:35:01 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3654445409-3643727936-2709279435-500.job
[2012.09.16 21:34:54 | 000,001,100 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.16 21:33:11 | 000,025,261 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
[2012.09.16 21:31:37 | 000,000,380 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2012.09.16 21:31:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.09.16 21:31:26 | 1063,768,064 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.15 22:38:28 | 000,001,784 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk
[2012.09.15 22:31:15 | 000,001,660 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk
[2012.09.15 22:31:03 | 000,003,001 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012.09.14 22:22:42 | 000,000,763 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.12 20:14:39 | 000,000,066 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Private Nachrichten.URL
[2012.09.12 11:31:41 | 000,002,491 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Microsoft Excel 2010.lnk
[2012.09.08 21:54:37 | 000,491,556 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.09.08 21:54:36 | 000,520,362 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.09.08 21:54:36 | 000,090,246 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.09.08 21:54:35 | 000,109,744 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.08.24 20:27:59 | 000,648,159 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\ADFC_TOUR_HWI_Neukloster.pdf
[2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012.08.21 11:13:14 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012.08.21 11:13:14 | 000,089,624 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012.08.21 11:13:14 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012.08.21 11:13:13 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012.08.21 11:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012.08.21 11:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012.08.20 13:03:05 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3654445409-3643727936-2709279435-500.job
[2012.08.20 12:31:28 | 000,712,291 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Klausur_IRUFS_WS_11-12_Moodle.pdf
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.15 22:38:28 | 000,001,784 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk
[2012.09.15 22:31:40 | 000,001,104 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.15 22:31:40 | 000,001,100 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.15 22:31:15 | 000,001,660 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk
[2012.09.15 22:31:04 | 000,000,322 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012.09.12 20:14:39 | 000,000,066 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Private Nachrichten.URL
[2012.08.24 20:27:46 | 000,648,159 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\ADFC_TOUR_HWI_Neukloster.pdf
[2012.08.20 12:31:20 | 000,712,291 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Klausur_IRUFS_WS_11-12_Moodle.pdf
[2012.08.10 15:35:04 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\defogger_reenable
[2012.02.17 23:41:25 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.12.27 23:31:59 | 000,000,095 | ---- | C] () -- C:\WINDOWS\wiso.ini
[2011.12.16 20:25:55 | 000,015,360 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.07 19:44:13 | 000,113,618 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2011.10.07 19:44:13 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2006.02.16 10:18:38 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006.01.27 03:01:16 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\Installer\{5fbfaf52-88c9-271c-da90-34e44d37be18}\@
[2006.01.27 03:01:16 | 000,002,048 | -HS- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\{5fbfaf52-88c9-271c-da90-34e44d37be18}\@
 
========== LOP Check ==========
 
[2012.06.18 19:21:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Amazon
[2012.03.26 11:52:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\becker
[2011.12.28 16:14:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Image Zone Express
[2008.05.29 15:23:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Lenovo
[2012.06.23 22:21:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Oracle
[2012.06.01 21:50:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sony
[2011.10.30 22:15:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Swiss Academic Software
[2012.08.10 15:12:17 | 000,000,000 | RHSD | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\System32
[2011.11.25 17:30:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TuneUp Software
[2012.09.15 22:24:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software
[2012.02.19 13:30:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Bluetooth
[2011.12.27 23:32:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH
[2011.12.03 21:23:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Gibraltar
[2012.05.28 14:49:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\kinoma
[2008.05.29 15:10:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lenovo
[2008.05.29 15:15:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC-Doctor
[2011.10.30 22:13:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Swiss Academic Software
[2011.11.25 17:31:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2008.05.29 15:23:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UIB
[2008.05.29 15:29:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2011.11.25 17:24:19 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2008.05.29 15:23:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\Lenovo
[2012.09.16 22:31:14 | 000,000,322 | -H-- | M] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job
[2012.09.16 21:35:44 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.05.27 14:33:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Adobe
[2012.06.18 19:21:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Amazon
[2012.03.26 11:52:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\becker
[2011.11.27 22:17:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\HP
[2012.06.17 23:42:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\HpUpdate
[2008.05.29 22:30:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Identities
[2011.12.28 16:14:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Image Zone Express
[2008.05.29 14:56:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\InstallShield
[2011.10.07 18:28:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Intel
[2008.05.29 15:23:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Lenovo
[2011.12.05 22:31:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia
[2012.08.10 14:52:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes
[2012.04.13 20:39:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\MathematicaPlayer
[2012.07.06 01:09:03 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft
[2011.10.07 18:32:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla
[2012.06.23 22:21:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Oracle
[2011.12.11 12:02:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Real
[2012.06.01 21:50:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sony
[2012.05.23 23:48:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sony Corporation
[2011.09.22 09:54:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sun
[2011.10.30 22:15:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Swiss Academic Software
[2012.08.10 15:12:17 | 000,000,000 | RHSD | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\System32
[2011.11.25 17:30:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TuneUp Software
[2011.11.25 17:19:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\WinRAR
 
< %APPDATA%\*.exe /s >
[2012.03.26 11:53:48 | 000,023,552 | ---- | M] (Nav N Go Kft.) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\becker\backup\CK-HLEM-NNKR-G66W-A8QZ\3181703\drive0\iGO8\exeVideoPlayer.exe
[2012.03.26 11:53:50 | 007,340,056 | ---- | M] (Nav N Go Kft.) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\becker\backup\CK-HLEM-NNKR-G66W-A8QZ\3181703\drive0\iGO8\IGO8.EXE
[2012.03.26 12:02:54 | 000,152,088 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\becker\backup\CK-HLEM-NNKR-G66W-A8QZ\3181703\drive0\NNGStart\NNGStart.exe
[2012.05.28 22:15:59 | 000,117,427 | ---- | M] (Adobe Systems, Inc.) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\digitaleditions\digitaleditions.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2007.04.03 12:39:42 | 000,096,384 | ---- | M] (Microsoft Corporation) MD5=2218E3FD674DC284CE98C807086CAB14 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2007.03.14 22:20:18 | 000,033,280 | ---- | M] (UPEK Inc.) MD5=683FB3F8B7B40317BE7362CF86BFA998 -- C:\Programme\ThinkVantage Fingerprint Software\eventlog.dll
 
< MD5 for: IASTOR.SYS  >
[2007.02.12 06:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\drivers\other\iastor.sys
[2007.02.12 06:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\SWTOOLS\DRIVERS\IMSM\iastor.sys
[2007.02.12 19:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINDOWS\system32\drivers\iaStor.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
 
< MD5 for: USER32.DLL  >
[2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\I386\user32.dll
[2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.01.26 20:08:21 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2006.01.26 20:08:21 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2006.01.26 20:08:20 | 000,417,792 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< End of report >


cosinus 17.09.2012 11:40

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL
FF - user.js - File not found
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=c250801f-5c31-482c-89f6-219c953482d9&apn_ptnrs=%5EABT&apn_sauid=EBD87735-905E-4227-8D9B-4BA1F3C02159&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q="
FF - prefs.js..network.proxy.type: 2
[2012.08.30 09:32:01 | 000,518,756 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\t3g1o2zt.default\extensions\toolbar@web.de.xpi
O4 - HKLM..\Run: []  File not found
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3654445409-3643727936-2709279435-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.01.27 04:18:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
:Files
C:\WINDOWS\Installer\{5fbfaf52-88c9-271c-da90-34e44d37be18}
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\{5fbfaf52-88c9-271c-da90-34e44d37be18}
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{*
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Kalinewirsch 19.09.2012 20:36

Hallo Cosinus,
habe alles wie beschrieben gemacht ...
das funktionierte anscheinend nicht. Nachdem ich OTL Fix gestartet hatte erschien ein Hinweis, "killing prozess, do not interupt" am unteren Rand von OTL

Dann geschah aber nichts mehr.

Ich habe den Computer die Nacht über so belassen und heute morgen unverrichteter Dinge ausgeschaltet. Eine Bedienung mit der Maus was nicht möglich.

cosinus 20.09.2012 11:31

Starte Windows neu im abgesicherten Modus (mit Netzwerktreibern nach Möglichkeit), manchmal hakt das Fixen mit OTL im normalen Modus aber sehr oft funktioniert der Fix im abgesicherte Modus.

Kalinewirsch 21.09.2012 18:21

UUUUUPS,
OTL Fix im abgesicherten Modus mit Netzwerktreibern hat funktioniert. Nach dem Neustart
wurde ein logfile angezeigt. Leider hängte sich der Computer auf. Nichts ging mehr. Seit dem zweiten Neustart war die txt nicht mehr auffindbar.

Kann ich das noch irgendwo finden?
Was kommt nun?

Danke für Rat, Hilfe und Geduld

cosinus 21.09.2012 21:24

Ich brauch den Quarantäneordner von OTL. Bitte folgendes machen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinflussen!
2.) Ordner MovedFiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten!

4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

Kalinewirsch 22.09.2012 21:12

Hallo Cosinus,
die zip "moved files" ist wie beschrieben hochgeladen.

... und weiter gehts?

cosinus 23.09.2012 16:13

Ich seh dort leider keine Datei von dir. Welche Größe hat deine ZIP-Datei?
Wenn sie zu groß ist bitte hier hochladen => File-Upload.net - Ihr kostenloser File Hoster! und den Downloadlink posten

Kalinewirsch 23.09.2012 19:00

19,89 MB - MovedFiles.zip

File-Upload.net - MovedFiles.zip

Hoffe es ist nun ok...?

cosinus 23.09.2012 19:33

Den Link posten, nicht die Beschreibung!

Kalinewirsch 23.09.2012 19:56

File-Upload.net - MovedFiles.zip

cosinus 23.09.2012 19:56

Das ist immer noch kein Link :(

Kalinewirsch 23.09.2012 19:57

Code:

hxxp://www.file-upload.net/download-4817167/MovedFiles.zip.html

cosinus 23.09.2012 20:00

Danke! Das ist ein Link! :D

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtg4nzy0ywy5/settings_2012-09-04.png

Kalinewirsch 23.09.2012 20:53

Code:

21:45:43.0984 5052  TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
21:45:44.0015 5052  ============================================================
21:45:44.0015 5052  Current date / time: 2012/09/23 21:45:44.0015
21:45:44.0015 5052  SystemInfo:
21:45:44.0015 5052 
21:45:44.0015 5052  OS Version: 5.1.2600 ServicePack: 3.0
21:45:44.0015 5052  Product type: Workstation
21:45:44.0015 5052  ComputerName: LENOVO-6E136213
21:45:44.0015 5052  UserName: Administrator
21:45:44.0015 5052  Windows directory: C:\WINDOWS
21:45:44.0015 5052  System windows directory: C:\WINDOWS
21:45:44.0015 5052  Processor architecture: Intel x86
21:45:44.0015 5052  Number of processors: 2
21:45:44.0015 5052  Page size: 0x1000
21:45:44.0015 5052  Boot type: Normal boot
21:45:44.0015 5052  ============================================================
21:45:46.0250 5052  Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2861, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
21:45:46.0250 5052  ============================================================
21:45:46.0250 5052  \Device\Harddisk0\DR0:
21:45:46.0250 5052  MBR partitions:
21:45:46.0250 5052  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x87F9F21
21:45:46.0250 5052  ============================================================
21:45:46.0296 5052  C: <-> \Device\Harddisk0\DR0\Partition1
21:45:46.0296 5052  ============================================================
21:45:46.0296 5052  Initialize success
21:45:46.0296 5052  ============================================================
21:46:16.0312 4128  ============================================================
21:46:16.0312 4128  Scan started
21:46:16.0312 4128  Mode: Manual; SigCheck; TDLFS;
21:46:16.0312 4128  ============================================================
21:46:16.0609 4128  ================ Scan system memory ========================
21:46:16.0625 4128  System memory - ok
21:46:16.0625 4128  ================ Scan services =============================
21:46:17.0187 4128  [ 0352A73CD6B1782EA3ED7A03A8268F55 ] Aavmker4        C:\WINDOWS\system32\drivers\Aavmker4.sys
21:46:17.0421 4128  Aavmker4 - ok
21:46:17.0421 4128  Abiosdsk - ok
21:46:17.0468 4128  [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5        C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
21:46:17.0781 4128  abp480n5 - ok
21:46:17.0843 4128  [ 0F2D66D5F08EBE2F77BB904288DCF6F0 ] ac97intc        C:\WINDOWS\system32\drivers\ac97intc.sys
21:46:18.0031 4128  ac97intc - ok
21:46:18.0171 4128  [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:46:18.0406 4128  ACPI - ok
21:46:18.0421 4128  [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC          C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
21:46:18.0593 4128  ACPIEC - ok
21:46:18.0812 4128  [ AC83DA08B02BC2AC4F9920523275BB0F ] AcPrfMgrSvc    C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
21:46:18.0843 4128  AcPrfMgrSvc ( UnsignedFile.Multi.Generic ) - warning
21:46:18.0843 4128  AcPrfMgrSvc - detected UnsignedFile.Multi.Generic (1)
21:46:18.0953 4128  [ F0DFCAB03CC9C71137D00C17FEB08873 ] AcSvc          C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
21:46:19.0078 4128  AcSvc ( UnsignedFile.Multi.Generic ) - warning
21:46:19.0078 4128  AcSvc - detected UnsignedFile.Multi.Generic (1)
21:46:19.0296 4128  [ D537F3D03C6301FEFA21F3EEE8CC82D8 ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
21:46:19.0500 4128  ADIHdAudAddService ( UnsignedFile.Multi.Generic ) - warning
21:46:19.0500 4128  ADIHdAudAddService - detected UnsignedFile.Multi.Generic (1)
21:46:19.0593 4128  [ 9A11864873DA202C996558B2106B0BBC ] adpu160m        C:\WINDOWS\system32\DRIVERS\adpu160m.sys
21:46:19.0859 4128  adpu160m - ok
21:46:19.0921 4128  [ 860DF7676869CD8690CB2B23AB6DE66A ] AEAudio        C:\WINDOWS\system32\drivers\AEAudio.sys
21:46:20.0000 4128  AEAudio ( UnsignedFile.Multi.Generic ) - warning
21:46:20.0000 4128  AEAudio - detected UnsignedFile.Multi.Generic (1)
21:46:20.0093 4128  [ 8BED39E3C35D6A489438B8141717A557 ] aec            C:\WINDOWS\system32\drivers\aec.sys
21:46:20.0390 4128  aec - ok
21:46:20.0437 4128  [ A1AD1A4A9F18D900CA9C93FA3EFDCB56 ] AegisP          C:\WINDOWS\system32\DRIVERS\AegisP.sys
21:46:20.0500 4128  AegisP - ok
21:46:20.0625 4128  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD            C:\WINDOWS\System32\drivers\afd.sys
21:46:20.0781 4128  AFD - ok
21:46:20.0843 4128  [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
21:46:21.0046 4128  agp440 - ok
21:46:21.0078 4128  [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ          C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
21:46:21.0218 4128  agpCPQ - ok
21:46:21.0250 4128  [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x        C:\WINDOWS\system32\DRIVERS\aha154x.sys
21:46:21.0343 4128  Aha154x - ok
21:46:21.0390 4128  [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2        C:\WINDOWS\system32\DRIVERS\aic78u2.sys
21:46:21.0531 4128  aic78u2 - ok
21:46:21.0562 4128  [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx        C:\WINDOWS\system32\DRIVERS\aic78xx.sys
21:46:21.0718 4128  aic78xx - ok
21:46:21.0781 4128  [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter        C:\WINDOWS\system32\alrsvc.dll
21:46:21.0921 4128  Alerter - ok
21:46:21.0968 4128  [ 190CD73D4984F94D823F9444980513E5 ] ALG            C:\WINDOWS\System32\alg.exe
21:46:22.0125 4128  ALG - ok
21:46:22.0125 4128  [ 1140AB9938809700B46BB88E46D72A96 ] AliIde          C:\WINDOWS\system32\DRIVERS\aliide.sys
21:46:22.0296 4128  AliIde - ok
21:46:22.0328 4128  [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541        C:\WINDOWS\system32\DRIVERS\alim1541.sys
21:46:22.0515 4128  alim1541 - ok
21:46:22.0562 4128  [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp          C:\WINDOWS\system32\DRIVERS\amdagp.sys
21:46:22.0750 4128  amdagp - ok
21:46:22.0750 4128  [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint          C:\WINDOWS\system32\DRIVERS\amsint.sys
21:46:22.0843 4128  amsint - ok
21:46:22.0890 4128  [ 11AB185A7AF224800BBFB5B836974A17 ] ANC            C:\WINDOWS\system32\drivers\ANC.SYS
21:46:22.0906 4128  ANC ( UnsignedFile.Multi.Generic ) - warning
21:46:22.0906 4128  ANC - detected UnsignedFile.Multi.Generic (1)
21:46:23.0031 4128  [ BB53E21960498EBACB7D2E676F034083 ] ApfiltrService  C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
21:46:23.0140 4128  ApfiltrService - ok
21:46:23.0281 4128  [ D45960BE52C3C610D361977057F98C54 ] AppMgmt        C:\WINDOWS\System32\appmgmts.dll
21:46:23.0531 4128  AppMgmt - ok
21:46:23.0593 4128  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394        C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:46:23.0828 4128  Arp1394 - ok
21:46:23.0843 4128  [ 62D318E9A0C8FC9B780008E724283707 ] asc            C:\WINDOWS\system32\DRIVERS\asc.sys
21:46:23.0984 4128  asc - ok
21:46:24.0046 4128  [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p        C:\WINDOWS\system32\DRIVERS\asc3350p.sys
21:46:24.0125 4128  asc3350p - ok
21:46:24.0140 4128  [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550        C:\WINDOWS\system32\DRIVERS\asc3550.sys
21:46:24.0312 4128  asc3550 - ok
21:46:24.0500 4128  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:46:24.0578 4128  aspnet_state - ok
21:46:24.0609 4128  [ F5DC168BF77572D51BE28BA261B30CB4 ] aswFsBlk        C:\WINDOWS\system32\drivers\aswFsBlk.sys
21:46:24.0625 4128  aswFsBlk - ok
21:46:24.0703 4128  [ 2B9B1DF809E965EF63402CBBA6DB50AE ] aswMon2        C:\WINDOWS\system32\drivers\aswMon2.sys
21:46:24.0750 4128  aswMon2 - ok
21:46:24.0796 4128  [ B7D5E4486BA658ED08624D8084ABB830 ] AswRdr          C:\WINDOWS\system32\drivers\AswRdr.sys
21:46:24.0828 4128  AswRdr - ok
21:46:25.0265 4128  [ 30E45AF8B4D83176CA850FC9699E860B ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
21:46:26.0000 4128  aswSnx - ok
21:46:26.0203 4128  [ F04BDBCB965C05C51F4A7DE7B62063D6 ] aswSP          C:\WINDOWS\system32\drivers\aswSP.sys
21:46:26.0640 4128  aswSP - ok
21:46:26.0687 4128  [ DFE9152ABFA89BB8CFDC057409B2D4DA ] aswTdi          C:\WINDOWS\system32\drivers\aswTdi.sys
21:46:26.0750 4128  aswTdi - ok
21:46:26.0765 4128  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:46:26.0968 4128  AsyncMac - ok
21:46:27.0031 4128  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi          C:\WINDOWS\system32\DRIVERS\atapi.sys
21:46:27.0140 4128  atapi - ok
21:46:27.0140 4128  Atdisk - ok
21:46:27.0203 4128  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc        C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:46:27.0453 4128  Atmarpc - ok
21:46:27.0500 4128  [ DBF0D7E2DF33B469EB55406FEA759350 ] atmeltpm        C:\WINDOWS\system32\DRIVERS\atmeltpm.sys
21:46:27.0562 4128  atmeltpm - ok
21:46:27.0625 4128  [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
21:46:27.0796 4128  AudioSrv - ok
21:46:27.0859 4128  [ D9F724AA26C010A217C97606B160ED68 ] audstub        C:\WINDOWS\system32\DRIVERS\audstub.sys
21:46:28.0031 4128  audstub - ok
21:46:28.0218 4128  [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Programme\AVAST Software\Avast\AvastSvc.exe
21:46:28.0265 4128  avast! Antivirus - ok
21:46:28.0390 4128  [ 66DD574749C38153C6067EBBA929BEFC ] b57w2k          C:\WINDOWS\system32\DRIVERS\b57xp32.sys
21:46:28.0546 4128  b57w2k - ok
21:46:28.0671 4128  [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
21:46:28.0718 4128  BcmSqlStartupSvc - ok
21:46:28.0750 4128  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
21:46:29.0171 4128  Beep - ok
21:46:29.0234 4128  [ 534B95FBD867D0512DCB43E6CC1AA91E ] BlueletAudio    C:\WINDOWS\system32\DRIVERS\blueletaudio.sys
21:46:29.0296 4128  BlueletAudio ( UnsignedFile.Multi.Generic ) - warning
21:46:29.0296 4128  BlueletAudio - detected UnsignedFile.Multi.Generic (1)
21:46:29.0328 4128  [ 01D1832F2B13DFAF7384884F7C3E0124 ] BlueletSCOAudio C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys
21:46:29.0359 4128  BlueletSCOAudio ( UnsignedFile.Multi.Generic ) - warning
21:46:29.0359 4128  BlueletSCOAudio - detected UnsignedFile.Multi.Generic (1)
21:46:29.0453 4128  [ 55F24E6EC983FCC7510293B05A27CEEC ] BlueSoleil Hid Service C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
21:46:29.0531 4128  BlueSoleil Hid Service ( UnsignedFile.Multi.Generic ) - warning
21:46:29.0531 4128  BlueSoleil Hid Service - detected UnsignedFile.Multi.Generic (1)
21:46:29.0625 4128  [ B42057F06BBB98B31876C0B3F2B54E33 ] Browser        C:\WINDOWS\System32\browser.dll
21:46:29.0843 4128  Browser - ok
21:46:29.0875 4128  [ D1813668A0117AE05BC0B81C874F91D4 ] BT              C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
21:46:29.0890 4128  BT ( UnsignedFile.Multi.Generic ) - warning
21:46:29.0890 4128  BT - detected UnsignedFile.Multi.Generic (1)
21:46:29.0921 4128  [ F7FF961F1B8BD229F94F648889A87B94 ] Btcsrusb        C:\WINDOWS\system32\Drivers\btcusb.sys
21:46:29.0968 4128  Btcsrusb ( UnsignedFile.Multi.Generic ) - warning
21:46:29.0968 4128  Btcsrusb - detected UnsignedFile.Multi.Generic (1)
21:46:29.0984 4128  [ E69D9E7854095A9C81ACEE40D766FE2D ] BTHidEnum      C:\WINDOWS\system32\DRIVERS\vbtenum.sys
21:46:30.0031 4128  BTHidEnum ( UnsignedFile.Multi.Generic ) - warning
21:46:30.0031 4128  BTHidEnum - detected UnsignedFile.Multi.Generic (1)
21:46:30.0093 4128  [ A9164C2A39BD917B9F42AE087560AC3D ] BTHidMgr        C:\WINDOWS\system32\Drivers\BTHidMgr.sys
21:46:30.0109 4128  BTHidMgr ( UnsignedFile.Multi.Generic ) - warning
21:46:30.0109 4128  BTHidMgr - detected UnsignedFile.Multi.Generic (1)
21:46:30.0718 4128  [ 9DA09B5800B9DE8336948664E3B9CC94 ] BTKRNL          C:\WINDOWS\system32\DRIVERS\btkrnl.sys
21:46:31.0734 4128  BTKRNL - ok
21:46:31.0765 4128  [ 6B05FDC0CFC3753B520D2D4176CC32D0 ] BTNetFilter    C:\WINDOWS\system32\drivers\BTNetFilter.sys
21:46:31.0796 4128  BTNetFilter ( UnsignedFile.Multi.Generic ) - warning
21:46:31.0796 4128  BTNetFilter - detected UnsignedFile.Multi.Generic (1)
21:46:32.0015 4128  [ D14C346D293E6F83CBB55AC641FF941E ] btwdins        C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
21:46:32.0171 4128  btwdins ( UnsignedFile.Multi.Generic ) - warning
21:46:32.0171 4128  btwdins - detected UnsignedFile.Multi.Generic (1)
21:46:32.0218 4128  [ 57E91E9925976BBC98984EEBAAF1D84C ] BTWUSB          C:\WINDOWS\system32\Drivers\btwusb.sys
21:46:32.0375 4128  BTWUSB - ok
21:46:32.0375 4128  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf          C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
21:46:32.0531 4128  cbidf - ok
21:46:32.0546 4128  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k        C:\WINDOWS\system32\drivers\cbidf2k.sys
21:46:32.0656 4128  cbidf2k - ok
21:46:32.0687 4128  [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:46:32.0828 4128  CCDECODE - ok
21:46:32.0859 4128  [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt        C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
21:46:32.0937 4128  cd20xrnt - ok
21:46:32.0968 4128  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio        C:\WINDOWS\system32\drivers\Cdaudio.sys
21:46:33.0109 4128  Cdaudio - ok
21:46:33.0187 4128  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
21:46:33.0328 4128  Cdfs - ok
21:46:33.0390 4128  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom          C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:46:33.0562 4128  Cdrom - ok
21:46:33.0562 4128  Changer - ok
21:46:33.0609 4128  [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc          C:\WINDOWS\system32\cisvc.exe
21:46:33.0718 4128  CiSvc - ok
21:46:33.0750 4128  [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv        C:\WINDOWS\system32\clipsrv.exe
21:46:33.0906 4128  ClipSrv - ok
21:46:33.0984 4128  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:46:34.0109 4128  clr_optimization_v2.0.50727_32 - ok
21:46:34.0140 4128  [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:46:34.0328 4128  CmBatt - ok
21:46:34.0375 4128  [ C687F81290303D90099B027A6474F99F ] CmdIde          C:\WINDOWS\system32\DRIVERS\cmdide.sys
21:46:34.0578 4128  CmdIde - ok
21:46:34.0593 4128  [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:46:34.0703 4128  Compbatt - ok
21:46:34.0718 4128  COMSysApp - ok
21:46:34.0734 4128  [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray        C:\WINDOWS\system32\DRIVERS\cpqarray.sys
21:46:34.0875 4128  Cpqarray - ok
21:46:34.0953 4128  [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
21:46:35.0109 4128  CryptSvc - ok
21:46:35.0218 4128  [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k        C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
21:46:35.0546 4128  dac2w2k - ok
21:46:35.0578 4128  [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt        C:\WINDOWS\system32\DRIVERS\dac960nt.sys
21:46:35.0718 4128  dac960nt - ok
21:46:36.0000 4128  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
21:46:36.0453 4128  DcomLaunch - ok
21:46:36.0593 4128  [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
21:46:36.0781 4128  Dhcp - ok
21:46:36.0843 4128  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
21:46:36.0953 4128  Disk - ok
21:46:37.0390 4128  [ 0711D2E0F17B31E537B2770A618DA41F ] Diskeeper      C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe
21:46:38.0015 4128  Diskeeper ( UnsignedFile.Multi.Generic ) - warning
21:46:38.0015 4128  Diskeeper - detected UnsignedFile.Multi.Generic (1)
21:46:38.0078 4128  [ 35CBC02546335EA41A5D516DA6626C8A ] DLABOIOM        C:\WINDOWS\system32\DLA\DLABOIOM.SYS
21:46:38.0156 4128  DLABOIOM ( UnsignedFile.Multi.Generic ) - warning
21:46:38.0156 4128  DLABOIOM - detected UnsignedFile.Multi.Generic (1)
21:46:38.0156 4128  [ EC6AE8BC9F773382D2EED49E4DFDAE2A ] DLACDBHM        C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
21:46:38.0187 4128  DLACDBHM ( UnsignedFile.Multi.Generic ) - warning
21:46:38.0187 4128  DLACDBHM - detected UnsignedFile.Multi.Generic (1)
21:46:38.0218 4128  [ 2104649B0B79B9F30122C545CBA0C655 ] DLADResN        C:\WINDOWS\system32\DLA\DLADResN.SYS
21:46:38.0234 4128  DLADResN ( UnsignedFile.Multi.Generic ) - warning
21:46:38.0234 4128  DLADResN - detected UnsignedFile.Multi.Generic (1)
21:46:38.0296 4128  [ E4859CA5BD8412A9A60D62067A653522 ] DLAIFS_M        C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
21:46:38.0421 4128  DLAIFS_M ( UnsignedFile.Multi.Generic ) - warning
21:46:38.0421 4128  DLAIFS_M - detected UnsignedFile.Multi.Generic (1)
21:46:38.0437 4128  [ 20C24A3D1CF0825487C93F806625805E ] DLAOPIOM        C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
21:46:38.0453 4128  DLAOPIOM ( UnsignedFile.Multi.Generic ) - warning
21:46:38.0453 4128  DLAOPIOM - detected UnsignedFile.Multi.Generic (1)
21:46:38.0468 4128  [ 8A530DA5DC81954BCF1966813F699B49 ] DLAPoolM        C:\WINDOWS\system32\DLA\DLAPoolM.SYS
21:46:38.0484 4128  DLAPoolM ( UnsignedFile.Multi.Generic ) - warning
21:46:38.0484 4128  DLAPoolM - detected UnsignedFile.Multi.Generic (1)
21:46:38.0515 4128  [ 0605B66052F82B6F07204DBDB61C13FF ] DLARTL_N        C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
21:46:38.0515 4128  DLARTL_N ( UnsignedFile.Multi.Generic ) - warning
21:46:38.0515 4128  DLARTL_N - detected UnsignedFile.Multi.Generic (1)
21:46:38.0578 4128  [ 7EDA68AF6A91BF64AF6F301E39928EBF ] DLAUDFAM        C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
21:46:38.0640 4128  DLAUDFAM ( UnsignedFile.Multi.Generic ) - warning
21:46:38.0640 4128  DLAUDFAM - detected UnsignedFile.Multi.Generic (1)
21:46:38.0703 4128  [ A18423BBC6D92B01FDF3C51E7510EE70 ] DLAUDF_M        C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
21:46:38.0765 4128  DLAUDF_M ( UnsignedFile.Multi.Generic ) - warning
21:46:38.0765 4128  DLAUDF_M - detected UnsignedFile.Multi.Generic (1)
21:46:38.0765 4128  dmadmin - ok
21:46:39.0250 4128  [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
21:46:40.0171 4128  dmboot - ok
21:46:40.0296 4128  [ 53720AB12B48719D00E327DA470A619A ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
21:46:40.0484 4128  dmio - ok
21:46:40.0515 4128  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
21:46:40.0656 4128  dmload - ok
21:46:40.0718 4128  [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver        C:\WINDOWS\System32\dmserver.dll
21:46:40.0875 4128  dmserver - ok
21:46:40.0921 4128  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
21:46:41.0109 4128  DMusic - ok
21:46:41.0171 4128  [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
21:46:41.0421 4128  Dnscache - ok
21:46:41.0546 4128  [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc        C:\WINDOWS\System32\dot3svc.dll
21:46:41.0812 4128  Dot3svc - ok
21:46:41.0828 4128  [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o          C:\WINDOWS\system32\DRIVERS\dpti2o.sys
21:46:41.0984 4128  dpti2o - ok
21:46:42.0000 4128  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud        C:\WINDOWS\system32\drivers\drmkaud.sys
21:46:42.0125 4128  drmkaud - ok
21:46:42.0187 4128  [ 48C7008D23DCFCE0D0232F49307EFCED ] DRVMCDB        C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
21:46:42.0203 4128  DRVMCDB ( UnsignedFile.Multi.Generic ) - warning
21:46:42.0203 4128  DRVMCDB - detected UnsignedFile.Multi.Generic (1)
21:46:42.0250 4128  [ 05467E44A42C777DD1534BB4539B16D1 ] DRVNDDM        C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
21:46:42.0328 4128  DRVNDDM ( UnsignedFile.Multi.Generic ) - warning
21:46:42.0328 4128  DRVNDDM - detected UnsignedFile.Multi.Generic (1)
21:46:42.0421 4128  [ A6DE5342417FEC3C0AA8EFEBB899C431 ] E100B          C:\WINDOWS\system32\DRIVERS\e100b325.sys
21:46:42.0656 4128  E100B - ok
21:46:42.0734 4128  [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost        C:\WINDOWS\System32\eapsvc.dll
21:46:42.0921 4128  EapHost - ok
21:46:42.0968 4128  [ 877C18558D70587AA7823A1A308AC96B ] ERSvc          C:\WINDOWS\System32\ersvc.dll
21:46:43.0125 4128  ERSvc - ok
21:46:43.0218 4128  [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog        C:\WINDOWS\system32\services.exe
21:46:43.0328 4128  Eventlog - ok
21:46:43.0500 4128  [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem    C:\WINDOWS\system32\es.dll
21:46:43.0703 4128  EventSystem - ok
21:46:44.0140 4128  [ 695E398E5858C10813E54FAFC933514F ] EvtEng          C:\Programme\Intel\Wireless\Bin\EvtEng.exe
21:46:44.0875 4128  EvtEng ( UnsignedFile.Multi.Generic ) - warning
21:46:44.0875 4128  EvtEng - detected UnsignedFile.Multi.Generic (1)
21:46:45.0000 4128  [ 38D332A6D56AF32635675F132548343E ] Fastfat        C:\WINDOWS\system32\drivers\Fastfat.sys
21:46:45.0234 4128  Fastfat - ok
21:46:45.0343 4128  [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:46:45.0421 4128  FastUserSwitchingCompatibility - ok
21:46:45.0453 4128  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc            C:\WINDOWS\system32\DRIVERS\fdc.sys
21:46:45.0578 4128  Fdc - ok
21:46:45.0625 4128  [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
21:46:45.0781 4128  Fips - ok
21:46:45.0796 4128  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:46:45.0921 4128  Flpydisk - ok
21:46:46.0046 4128  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
21:46:46.0234 4128  FltMgr - ok
21:46:46.0328 4128  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:46:46.0375 4128  FontCache3.0.0.0 - ok
21:46:46.0421 4128  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:46:46.0578 4128  Fs_Rec - ok
21:46:46.0656 4128  [ 8F1955CE42E1484714B542F341647778 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:46:46.0843 4128  Ftdisk - ok
21:46:47.0031 4128  [ 33D00F8CB70AC5F7A8101F79D5273615 ] G400            C:\WINDOWS\system32\DRIVERS\G400m.sys
21:46:47.0406 4128  G400 - ok
21:46:47.0468 4128  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc            C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:46:47.0625 4128  Gpc - ok
21:46:47.0781 4128  [ F02A533F517EB38333CB12A9E8963773 ] gupdate        C:\Programme\Google\Update\GoogleUpdate.exe
21:46:47.0859 4128  gupdate - ok
21:46:47.0937 4128  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Programme\Google\Update\GoogleUpdate.exe
21:46:47.0953 4128  gupdatem - ok
21:46:48.0031 4128  [ C1B577B2169900F4CF7190C39F085794 ] gusvc          C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
21:46:48.0156 4128  gusvc - ok
21:46:48.0171 4128  HdAudAddService - ok
21:46:48.0281 4128  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:46:48.0484 4128  HDAudBus - ok
21:46:48.0609 4128  [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc        C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:46:48.0750 4128  helpsvc - ok
21:46:48.0750 4128  HidServ - ok
21:46:48.0828 4128  [ ED29F14101523A6E0E808107405D452C ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
21:46:48.0984 4128  hkmsvc - ok
21:46:49.0046 4128  [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn            C:\WINDOWS\system32\DRIVERS\hpn.sys
21:46:49.0234 4128  hpn - ok
21:46:49.0281 4128  [ 9F1D80908658EB7F1BF70809E0B51470 ] HPZid412        C:\WINDOWS\system32\DRIVERS\HPZid412.sys
21:46:49.0453 4128  HPZid412 - ok
21:46:49.0484 4128  [ F7E3E9D50F9CD3DE28085A8FDAA0A1C3 ] HPZipr12        C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
21:46:49.0625 4128  HPZipr12 - ok
21:46:49.0640 4128  [ CF1B7951B4EC8D13F3C93B74BB2B461B ] HPZius12        C:\WINDOWS\system32\DRIVERS\HPZius12.sys
21:46:49.0843 4128  HPZius12 - ok
21:46:50.0000 4128  [ 702A7E1B3C9263EFBD6AEDE3B6919761 ] HSFHWAZL        C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
21:46:50.0140 4128  HSFHWAZL - ok
21:46:50.0734 4128  [ 8D02CB68D53AA36189FAF86FED438884 ] HSF_DPV        C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
21:46:51.0828 4128  HSF_DPV - ok
21:46:52.0000 4128  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
21:46:52.0171 4128  HTTP - ok
21:46:52.0218 4128  [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
21:46:52.0437 4128  HTTPFilter - ok
21:46:52.0468 4128  [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt        C:\WINDOWS\system32\drivers\i2omgmt.sys
21:46:52.0609 4128  i2omgmt - ok
21:46:52.0640 4128  [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp          C:\WINDOWS\system32\DRIVERS\i2omp.sys
21:46:52.0781 4128  i2omp - ok
21:46:52.0859 4128  [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:46:53.0015 4128  i8042prt - ok
21:46:56.0562 4128  [ 06B71441957B48A4866DE2FE27CB79C8 ] ialm            C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
21:47:03.0125 4128  ialm - ok
21:47:03.0296 4128  [ FD7F9D74C2B35DBDA400804A3F5ED5D8 ] iaStor          C:\WINDOWS\system32\DRIVERS\iaStor.sys
21:47:03.0515 4128  iaStor - ok
21:47:03.0578 4128  [ FA3D0A6DA7BB7968EFE5C5BC267F0E55 ] IBMPMDRV        C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
21:47:03.0609 4128  IBMPMDRV - ok
21:47:03.0640 4128  [ 495F184A29B80B51735BCEE91D84FE8F ] IBMPMSVC        C:\WINDOWS\system32\ibmpmsvc.exe
21:47:03.0687 4128  IBMPMSVC - ok
21:47:03.0734 4128  [ 083D095FED4B01FFF9D501B98D50DB68 ] IBMTPCHK        C:\WINDOWS\system32\Drivers\IBMBLDID.sys
21:47:03.0734 4128  IBMTPCHK ( UnsignedFile.Multi.Generic ) - warning
21:47:03.0734 4128  IBMTPCHK - detected UnsignedFile.Multi.Generic (1)
21:47:03.0906 4128  [ DAF66902F08796F9C694901660E5A64A ] IDriverT        C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
21:47:03.0984 4128  IDriverT ( UnsignedFile.Multi.Generic ) - warning
21:47:03.0984 4128  IDriverT - detected UnsignedFile.Multi.Generic (1)
21:47:04.0562 4128  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc          c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:47:05.0515 4128  idsvc - ok
21:47:05.0578 4128  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi          C:\WINDOWS\system32\DRIVERS\imapi.sys
21:47:05.0781 4128  Imapi - ok
21:47:05.0906 4128  [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService    C:\WINDOWS\system32\imapi.exe
21:47:06.0109 4128  ImapiService - ok
21:47:06.0156 4128  [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u        C:\WINDOWS\system32\DRIVERS\ini910u.sys
21:47:06.0296 4128  ini910u - ok
21:47:06.0312 4128  [ 69C4E3C9E67A1F103B94E14FDD5F3213 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
21:47:06.0468 4128  IntelIde - ok
21:47:06.0546 4128  [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:47:06.0703 4128  intelppm - ok
21:47:06.0718 4128  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw          C:\WINDOWS\system32\drivers\ip6fw.sys
21:47:06.0859 4128  Ip6Fw - ok
21:47:06.0890 4128  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:47:07.0031 4128  IpFilterDriver - ok
21:47:07.0078 4128  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:47:07.0218 4128  IpInIp - ok
21:47:07.0312 4128  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat          C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:47:07.0531 4128  IpNat - ok
21:47:07.0593 4128  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec          C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:47:07.0765 4128  IPSec - ok
21:47:07.0875 4128  [ 00D8E9DAEBE72A5DF3986FD418A995EB ] IPSSVC          C:\WINDOWS\system32\IPSSVC.EXE
21:47:07.0937 4128  IPSSVC - ok
21:47:07.0953 4128  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
21:47:08.0078 4128  IRENUM - ok
21:47:08.0156 4128  [ 6DFB88F64135C525433E87648BDA30DE ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:47:08.0281 4128  isapnp - ok
21:47:08.0328 4128  [ F59C3569A2F2C464BB78CB1BDCDCA55E ] Iviaspi        C:\WINDOWS\system32\drivers\iviaspi.sys
21:47:08.0343 4128  Iviaspi ( UnsignedFile.Multi.Generic ) - warning
21:47:08.0343 4128  Iviaspi - detected UnsignedFile.Multi.Generic (1)
21:47:08.0562 4128  [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr      C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe
21:47:08.0656 4128  IviRegMgr - ok
21:47:08.0765 4128  [ C2C1660DDCC9BD67EB98D6D5F91C107F ] JavaQuickStarterService C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
21:47:08.0875 4128  JavaQuickStarterService - ok
21:47:08.0921 4128  [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:47:09.0109 4128  Kbdclass - ok
21:47:09.0218 4128  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
21:47:09.0437 4128  kmixer - ok
21:47:09.0515 4128  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
21:47:09.0593 4128  KSecDD - ok
21:47:09.0687 4128  [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
21:47:09.0796 4128  lanmanserver - ok
21:47:09.0906 4128  [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:47:10.0031 4128  lanmanworkstation - ok
21:47:10.0031 4128  lbrtfdc - ok
21:47:10.0156 4128  [ 128158D8B1DF639BF3E3FDBCBB64CDAC ] LENOVO.MICMUTE  C:\Programme\LENOVO\HOTKEY\MICMUTE.exe
21:47:10.0203 4128  LENOVO.MICMUTE - ok
21:47:10.0250 4128  [ 9AAC267A225F3CAEBB9E633F7EB16E4B ] lenovo.smi      C:\WINDOWS\system32\DRIVERS\smiif32.sys
21:47:10.0281 4128  lenovo.smi - ok
21:47:10.0343 4128  [ 636714B7D43C8D0C80449123FD266920 ] LmHosts        C:\WINDOWS\System32\lmhsvc.dll
21:47:10.0562 4128  LmHosts - ok
21:47:10.0609 4128  [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector  C:\WINDOWS\system32\drivers\mbam.sys
21:47:10.0625 4128  MBAMProtector - ok
21:47:10.0890 4128  [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler  C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:47:11.0281 4128  MBAMScheduler - ok
21:47:11.0703 4128  [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService    C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
21:47:12.0453 4128  MBAMService - ok
21:47:12.0500 4128  [ A027DE1E6C11BD2DAF61F6F276B2299F ] mdmxsdk        C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
21:47:12.0531 4128  mdmxsdk - ok
21:47:12.0578 4128  [ B7550A7107281D170CE85524B1488C98 ] Messenger      C:\WINDOWS\System32\msgsvc.dll
21:47:12.0765 4128  Messenger - ok
21:47:12.0812 4128  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd          C:\WINDOWS\system32\drivers\mnmdd.sys
21:47:12.0953 4128  mnmdd - ok
21:47:13.0015 4128  [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc        C:\WINDOWS\system32\mnmsrvc.exe
21:47:13.0140 4128  mnmsrvc - ok
21:47:13.0203 4128  [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem          C:\WINDOWS\system32\drivers\Modem.sys
21:47:13.0343 4128  Modem - ok
21:47:13.0406 4128  [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:47:13.0609 4128  Mouclass - ok
21:47:13.0671 4128  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
21:47:13.0828 4128  MountMgr - ok
21:47:13.0953 4128  [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
21:47:14.0046 4128  MozillaMaintenance - ok
21:47:14.0093 4128  [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x        C:\WINDOWS\system32\DRIVERS\mraid35x.sys
21:47:14.0281 4128  mraid35x - ok
21:47:14.0390 4128  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:47:14.0625 4128  MRxDAV - ok
21:47:14.0953 4128  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:47:15.0671 4128  MRxSmb - ok
21:47:15.0718 4128  [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC          C:\WINDOWS\system32\msdtc.exe
21:47:15.0906 4128  MSDTC - ok
21:47:15.0937 4128  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
21:47:16.0046 4128  Msfs - ok
21:47:16.0062 4128  MSIServer - ok
21:47:16.0062 4128  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV        C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:47:16.0187 4128  MSKSSRV - ok
21:47:16.0203 4128  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:47:16.0312 4128  MSPCLOCK - ok
21:47:16.0328 4128  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM          C:\WINDOWS\system32\drivers\MSPQM.sys
21:47:16.0453 4128  MSPQM - ok
21:47:16.0484 4128  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:47:16.0593 4128  mssmbios - ok
21:47:16.0703 4128  MSSQL$MSSMLBIZ - ok
21:47:16.0781 4128  [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe
21:47:16.0812 4128  MSSQLServerADHelper - ok
21:47:16.0859 4128  [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE          C:\WINDOWS\system32\drivers\MSTEE.sys
21:47:17.0000 4128  MSTEE - ok
21:47:17.0078 4128  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup            C:\WINDOWS\system32\drivers\Mup.sys
21:47:17.0171 4128  Mup - ok
21:47:17.0234 4128  [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:47:17.0484 4128  NABTSFEC - ok
21:47:17.0671 4128  [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent        C:\WINDOWS\System32\qagentrt.dll
21:47:17.0968 4128  napagent - ok
21:47:18.0109 4128  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
21:47:18.0312 4128  NDIS - ok
21:47:18.0343 4128  [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:47:18.0515 4128  NdisIP - ok
21:47:18.0562 4128  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:47:18.0671 4128  NdisTapi - ok
21:47:18.0703 4128  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio        C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:47:18.0859 4128  Ndisuio - ok
21:47:18.0921 4128  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan        C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:47:19.0109 4128  NdisWan - ok
21:47:19.0187 4128  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy        C:\WINDOWS\system32\drivers\NDProxy.sys
21:47:19.0265 4128  NDProxy - ok
21:47:19.0296 4128  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS        C:\WINDOWS\system32\DRIVERS\netbios.sys
21:47:19.0484 4128  NetBIOS - ok
21:47:19.0609 4128  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT          C:\WINDOWS\system32\DRIVERS\netbt.sys
21:47:19.0812 4128  NetBT - ok
21:47:19.0921 4128  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE          C:\WINDOWS\system32\netdde.exe
21:47:20.0171 4128  NetDDE - ok
21:47:20.0234 4128  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
21:47:20.0343 4128  NetDDEdsdm - ok
21:47:20.0453 4128  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon        C:\WINDOWS\system32\lsass.exe
21:47:20.0625 4128  Netlogon - ok
21:47:20.0750 4128  [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman          C:\WINDOWS\System32\netman.dll
21:47:20.0984 4128  Netman - ok
21:47:21.0078 4128  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:47:21.0171 4128  NetTcpPortSharing - ok
21:47:22.0687 4128  [ 18B2D3E11ED7A3C898ADE6A6692B6929 ] NETw4x32        C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
21:47:24.0000 4128  NETw4x32 - ok
21:47:24.0093 4128  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394        C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:47:24.0250 4128  NIC1394 - ok
21:47:24.0406 4128  [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla            C:\WINDOWS\System32\mswsock.dll
21:47:24.0562 4128  Nla - ok
21:47:24.0593 4128  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
21:47:24.0734 4128  Npfs - ok
21:47:25.0062 4128  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
21:47:25.0640 4128  Ntfs - ok
21:47:25.0671 4128  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp        C:\WINDOWS\system32\lsass.exe
21:47:25.0843 4128  NtLmSsp - ok
21:47:26.0125 4128  [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc        C:\WINDOWS\system32\ntmssvc.dll
21:47:26.0671 4128  NtmsSvc - ok
21:47:26.0718 4128  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
21:47:26.0859 4128  Null - ok
21:47:28.0000 4128  [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:47:30.0203 4128  nv - ok
21:47:30.0234 4128  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:47:30.0359 4128  NwlnkFlt - ok
21:47:30.0390 4128  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:47:30.0593 4128  NwlnkFwd - ok
21:47:30.0671 4128  [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:47:30.0781 4128  ohci1394 - ok
21:47:30.0937 4128  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose            C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
21:47:31.0031 4128  ose - ok
21:47:33.0843 4128  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc        C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:47:39.0031 4128  osppsvc - ok
21:47:39.0109 4128  [ F84785660305B9B903FB3BCA8BA29837 ] Parport        C:\WINDOWS\system32\DRIVERS\parport.sys
21:47:39.0281 4128  Parport - ok
21:47:39.0328 4128  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr        C:\WINDOWS\system32\drivers\PartMgr.sys
21:47:39.0468 4128  PartMgr - ok
21:47:39.0500 4128  [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
21:47:39.0640 4128  ParVdm - ok
21:47:39.0687 4128  [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI            C:\WINDOWS\system32\DRIVERS\pci.sys
21:47:39.0796 4128  PCI - ok
21:47:39.0812 4128  PCIDump - ok
21:47:39.0843 4128  [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
21:47:39.0968 4128  PCIIde - ok
21:47:40.0046 4128  [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia          C:\WINDOWS\system32\DRIVERS\pcmcia.sys
21:47:40.0187 4128  Pcmcia - ok
21:47:40.0187 4128  PDCOMP - ok
21:47:40.0203 4128  PDFRAME - ok
21:47:40.0203 4128  PDRELI - ok
21:47:40.0203 4128  PDRFRAME - ok
21:47:40.0250 4128  [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2          C:\WINDOWS\system32\DRIVERS\perc2.sys
21:47:40.0390 4128  perc2 - ok
21:47:40.0390 4128  [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib        C:\WINDOWS\system32\DRIVERS\perc2hib.sys
21:47:40.0546 4128  perc2hib - ok
21:47:40.0640 4128  [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay        C:\WINDOWS\system32\services.exe
21:47:40.0671 4128  PlugPlay - ok
21:47:40.0718 4128  [ DEDEF40E1D05842639491365CB2C069E ] pmem            C:\WINDOWS\System32\drivers\pmemnt.sys
21:47:40.0734 4128  pmem ( UnsignedFile.Multi.Generic ) - warning
21:47:40.0734 4128  pmem - detected UnsignedFile.Multi.Generic (1)
21:47:40.0796 4128  [ 9D84376931440F3679BEEF2A414FA493 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
21:47:40.0812 4128  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:47:40.0812 4128  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:47:40.0828 4128  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent    C:\WINDOWS\system32\lsass.exe
21:47:40.0937 4128  PolicyAgent - ok
21:47:41.0000 4128  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:47:41.0140 4128  PptpMiniport - ok
21:47:41.0203 4128  [ 1D80309FED4BABF8EA9E7B84A394348B ] PROCDD          C:\WINDOWS\system32\DRIVERS\PROCDD.SYS
21:47:41.0218 4128  PROCDD - ok
21:47:41.0265 4128  [ 2CB55427C58679F49AD600FCCBA76360 ] Processor      C:\WINDOWS\system32\DRIVERS\processr.sys
21:47:41.0515 4128  Processor - ok
21:47:41.0531 4128  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:47:41.0656 4128  ProtectedStorage - ok
21:47:41.0718 4128  [ AAC08DEFB15AAAB00B30341C716EFA35 ] psadd          C:\WINDOWS\system32\DRIVERS\psadd.sys
21:47:41.0781 4128  psadd - ok
21:47:41.0812 4128  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
21:47:41.0984 4128  PSched - ok
21:47:42.0046 4128  [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI            C:\WINDOWS\system32\DRIVERS\psi_mf.sys
21:47:42.0062 4128  PSI - ok
21:47:42.0093 4128  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink        C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:47:42.0265 4128  Ptilink - ok
21:47:42.0296 4128  [ 1962166E0CEB740704F30FA55AD3D509 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:47:42.0328 4128  PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
21:47:42.0328 4128  PxHelp20 - detected UnsignedFile.Multi.Generic (1)
21:47:42.0375 4128  [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080          C:\WINDOWS\system32\DRIVERS\ql1080.sys
21:47:42.0640 4128  ql1080 - ok
21:47:42.0656 4128  [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt        C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
21:47:42.0812 4128  Ql10wnt - ok
21:47:42.0859 4128  [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160        C:\WINDOWS\system32\DRIVERS\ql12160.sys
21:47:43.0000 4128  ql12160 - ok
21:47:43.0031 4128  [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240          C:\WINDOWS\system32\DRIVERS\ql1240.sys
21:47:43.0171 4128  ql1240 - ok
21:47:43.0203 4128  [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280          C:\WINDOWS\system32\DRIVERS\ql1280.sys
21:47:43.0343 4128  ql1280 - ok
21:47:43.0375 4128  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:47:43.0531 4128  RasAcd - ok
21:47:43.0609 4128  [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto        C:\WINDOWS\System32\rasauto.dll
21:47:43.0796 4128  RasAuto - ok
21:47:43.0828 4128  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp        C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:47:44.0000 4128  Rasl2tp - ok
21:47:44.0125 4128  [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan          C:\WINDOWS\System32\rasmans.dll
21:47:44.0375 4128  RasMan - ok
21:47:44.0406 4128  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:47:44.0578 4128  RasPppoe - ok
21:47:44.0625 4128  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
21:47:44.0796 4128  Raspti - ok
21:47:44.0906 4128  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss          C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:47:45.0125 4128  Rdbss - ok
21:47:45.0140 4128  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:47:45.0281 4128  RDPCDD - ok
21:47:45.0406 4128  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr          C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:47:45.0640 4128  rdpdr - ok
21:47:45.0765 4128  [ 6589DB6E5969F8EEE594CF71171C5028 ] RDPWD          C:\WINDOWS\system32\drivers\RDPWD.sys
21:47:45.0890 4128  RDPWD - ok
21:47:46.0031 4128  [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr      C:\WINDOWS\system32\sessmgr.exe
21:47:46.0281 4128  RDSessMgr - ok
21:47:46.0359 4128  [ ED761D453856F795A7FE056E42C36365 ] redbook        C:\WINDOWS\system32\DRIVERS\redbook.sys
21:47:46.0593 4128  redbook - ok
21:47:46.0781 4128  [ B3611F5CC7052FE52998984A4361880F ] RegSrvc        C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
21:47:46.0984 4128  RegSrvc ( UnsignedFile.Multi.Generic ) - warning
21:47:46.0984 4128  RegSrvc - detected UnsignedFile.Multi.Generic (1)
21:47:47.0046 4128  [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
21:47:47.0265 4128  RemoteAccess - ok
21:47:47.0328 4128  [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
21:47:47.0515 4128  RemoteRegistry - ok
21:47:47.0578 4128  [ C35CA13D3627EBD9DD12A23CE781BC3D ] rimmptsk        C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
21:47:47.0656 4128  rimmptsk - ok
21:47:47.0718 4128  [ C398BCA91216755B098679A8DA8A2300 ] rimsptsk        C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
21:47:47.0796 4128  rimsptsk - ok
21:47:47.0828 4128  [ 2A2554CB24506E0A0508FC395C4A1B42 ] rismxdp        C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
21:47:47.0906 4128  rismxdp - ok
21:47:47.0953 4128  [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM      C:\WINDOWS\system32\Drivers\RootMdm.sys
21:47:48.0156 4128  ROOTMODEM - ok
21:47:48.0234 4128  [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator      C:\WINDOWS\system32\locator.exe
21:47:48.0390 4128  RpcLocator - ok
21:47:48.0718 4128  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs          C:\WINDOWS\system32\rpcss.dll
21:47:48.0921 4128  RpcSs - ok
21:47:49.0046 4128  [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP            C:\WINDOWS\system32\rsvp.exe
21:47:49.0281 4128  RSVP - ok
21:47:49.0906 4128  [ 2FD3B284ADE57CFAA70A6A9753E50572 ] S24EventMonitor C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
21:47:50.0890 4128  S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning
21:47:50.0890 4128  S24EventMonitor - detected UnsignedFile.Multi.Generic (1)
21:47:50.0906 4128  [ 2220783B32A9F91DF87F3E8315F091E7 ] s24trans        C:\WINDOWS\system32\DRIVERS\s24trans.sys
21:47:50.0921 4128  s24trans ( UnsignedFile.Multi.Generic ) - warning
21:47:50.0921 4128  s24trans - detected UnsignedFile.Multi.Generic (1)
21:47:50.0953 4128  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs          C:\WINDOWS\system32\lsass.exe
21:47:51.0125 4128  SamSs - ok
21:47:51.0218 4128  [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
21:47:51.0500 4128  SCardSvr - ok
21:47:51.0640 4128  [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule        C:\WINDOWS\system32\schedsvc.dll
21:47:51.0906 4128  Schedule - ok
21:47:51.0968 4128  [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus          C:\WINDOWS\system32\DRIVERS\sdbus.sys
21:47:52.0156 4128  sdbus - ok
21:47:52.0171 4128  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:47:52.0359 4128  Secdrv - ok
21:47:52.0390 4128  [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon        C:\WINDOWS\System32\seclogon.dll
21:47:52.0546 4128  seclogon - ok
21:47:52.0578 4128  Secunia PSI Agent - ok
21:47:52.0593 4128  Secunia Update Agent - ok
21:47:52.0625 4128  [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS            C:\WINDOWS\system32\sens.dll
21:47:52.0765 4128  SENS - ok
21:47:52.0796 4128  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum        C:\WINDOWS\system32\DRIVERS\serenum.sys
21:47:52.0906 4128  serenum - ok
21:47:52.0953 4128  [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
21:47:53.0171 4128  Serial - ok
21:47:53.0203 4128  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy        C:\WINDOWS\system32\drivers\Sfloppy.sys
21:47:53.0359 4128  Sfloppy - ok
21:47:53.0500 4128  [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:47:53.0531 4128  ShellHWDetection - ok
21:47:53.0640 4128  [ A3AEE791DB8C73882F4503BFAACD8C9E ] Shockprf        C:\WINDOWS\system32\DRIVERS\Apsx86.sys
21:47:53.0671 4128  Shockprf - ok
21:47:53.0687 4128  Simbad - ok
21:47:53.0750 4128  [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp          C:\WINDOWS\system32\DRIVERS\sisagp.sys
21:47:53.0921 4128  sisagp - ok
21:47:53.0953 4128  [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:47:54.0125 4128  SLIP - ok
21:47:54.0171 4128  [ 350483C5A139F8A39ED3191AFF39BED0 ] smihlp          C:\Programme\Gemeinsame Dateien\ThinkVantage Fingerprint Software\Drivers\smihlp.sys
21:47:54.0187 4128  smihlp - ok
21:47:54.0281 4128  [ 3BB48F7E33C2B76184DDF233000C09CD ] Sony SCSI Helper Service C:\Programme\Gemeinsame Dateien\Sony Shared\Fsk\SonySCSIHelperService.exe
21:47:54.0328 4128  Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - warning
21:47:54.0328 4128  Sony SCSI Helper Service - detected UnsignedFile.Multi.Generic (1)
21:47:54.0359 4128  [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow        C:\WINDOWS\system32\DRIVERS\sparrow.sys
21:47:54.0484 4128  Sparrow - ok
21:47:54.0515 4128  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
21:47:54.0640 4128  splitter - ok
21:47:54.0718 4128  [ 60784F891563FB1B767F70117FC2428F ] Spooler        C:\WINDOWS\system32\spoolsv.exe
21:47:54.0812 4128  Spooler - ok
21:47:54.0953 4128  [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser      c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
21:47:55.0109 4128  SQLBrowser - ok
21:47:55.0187 4128  [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter      c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
21:47:55.0250 4128  SQLWriter - ok
21:47:55.0312 4128  [ 50FA898F8C032796D3B1B9951BB5A90F ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
21:47:55.0468 4128  sr - ok
21:47:55.0593 4128  [ FE77A85495065F3AD59C5C65B6C54182 ] srservice      C:\WINDOWS\system32\srsvc.dll
21:47:55.0828 4128  srservice - ok
21:47:56.0078 4128  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv            C:\WINDOWS\system32\DRIVERS\srv.sys
21:47:56.0468 4128  Srv - ok
21:47:56.0531 4128  [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV        C:\WINDOWS\System32\ssdpsrv.dll
21:47:56.0718 4128  SSDPSRV - ok
21:47:56.0953 4128  [ BC2C5985611C5356B24AEB370953DED9 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
21:47:57.0468 4128  stisvc - ok
21:47:57.0515 4128  [ 77813007BA6265C4B6098187E6ED79D2 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:47:57.0656 4128  streamip - ok
21:47:57.0765 4128  [ C2191C1A5DFED0795E3D3B68905B195B ] SUService      c:\programme\lenovo\system update\suservice.exe
21:47:57.0812 4128  SUService ( UnsignedFile.Multi.Generic ) - warning
21:47:57.0812 4128  SUService - detected UnsignedFile.Multi.Generic (1)
21:47:57.0859 4128  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
21:47:57.0984 4128  swenum - ok
21:47:58.0031 4128  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
21:47:58.0187 4128  swmidi - ok
21:47:58.0187 4128  SwPrv - ok
21:47:58.0218 4128  [ 1FF3217614018630D0A6758630FC698C ] symc810        C:\WINDOWS\system32\DRIVERS\symc810.sys
21:47:58.0359 4128  symc810 - ok
21:47:58.0375 4128  [ 070E001D95CF725186EF8B20335F933C ] symc8xx        C:\WINDOWS\system32\DRIVERS\symc8xx.sys
21:47:58.0593 4128  symc8xx - ok
21:47:58.0609 4128  [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi          C:\WINDOWS\system32\DRIVERS\sym_hi.sys
21:47:58.0765 4128  sym_hi - ok
21:47:58.0781 4128  [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3          C:\WINDOWS\system32\DRIVERS\sym_u3.sys
21:47:58.0921 4128  sym_u3 - ok
21:47:59.0125 4128  [ 1CDE0A5C0416187B9B89E03980C6E8DE ] SynTP          C:\WINDOWS\system32\DRIVERS\SynTP.sys
21:47:59.0312 4128  SynTP - ok
21:47:59.0375 4128  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
21:47:59.0531 4128  sysaudio - ok
21:47:59.0609 4128  [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog      C:\WINDOWS\system32\smlogsvc.exe
21:47:59.0812 4128  SysmonLog - ok
21:47:59.0968 4128  [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv        C:\WINDOWS\System32\tapisrv.dll
21:48:00.0265 4128  TapiSrv - ok
21:48:00.0578 4128  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip          C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:48:00.0953 4128  Tcpip - ok
21:48:01.0015 4128  [ 109D1F5CD9CC370A87901DB3DDD533F1 ] TcUsb          C:\WINDOWS\system32\Drivers\tcusb.sys
21:48:01.0062 4128  TcUsb - ok
21:48:01.0093 4128  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
21:48:01.0296 4128  TDPIPE - ok
21:48:01.0312 4128  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP          C:\WINDOWS\system32\drivers\TDTCP.sys
21:48:01.0484 4128  TDTCP - ok
21:48:01.0546 4128  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
21:48:01.0687 4128  TermDD - ok
21:48:01.0890 4128  [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService    C:\WINDOWS\System32\termsrv.dll
21:48:02.0203 4128  TermService - ok
21:48:02.0296 4128  [ 2DB7D303C36DDD055215052F118E8E75 ] Themes          C:\WINDOWS\System32\shsvcs.dll
21:48:02.0312 4128  Themes - ok
21:48:02.0828 4128  [ D04402CD654AF1058AD9A82B73AD67C8 ] ThinkVantage Registry Monitor Service C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
21:48:03.0500 4128  ThinkVantage Registry Monitor Service - ok
21:48:03.0578 4128  [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr        C:\WINDOWS\system32\tlntsvr.exe
21:48:03.0812 4128  TlntSvr - ok
21:48:03.0859 4128  [ D213A9247DC347F305A2D4CC9B951487 ] TosIde          C:\WINDOWS\system32\DRIVERS\toside.sys
21:48:03.0984 4128  TosIde - ok
21:48:04.0015 4128  [ 639BA7B37F25054CF5E82604E736D250 ] TPDIGIMN        C:\WINDOWS\system32\DRIVERS\ApsHM86.sys
21:48:04.0031 4128  TPDIGIMN - ok
21:48:04.0093 4128  [ 3663C0F611711DAC453636AF562F0831 ] TPHDEXLGSVC    C:\WINDOWS\system32\TPHDEXLG.exe
21:48:04.0140 4128  TPHDEXLGSVC - ok
21:48:04.0250 4128  [ 8AEF2188630F5ECD79AD9ABBA630630B ] TPHKDRV        C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys
21:48:04.0359 4128  TPHKDRV - ok
21:48:04.0468 4128  [ 1DBF0267CEBF80F0BD24DFE895367DB5 ] TPHKLOAD        C:\Programme\LENOVO\HOTKEY\TPHKLOAD.exe
21:48:04.0593 4128  TPHKLOAD - ok
21:48:04.0656 4128  [ CB0625C2F5B7C72C50C5AE34F8E8F7D0 ] TPHKSVC        C:\Programme\LENOVO\HOTKEY\TPHKSVC.exe
21:48:04.0718 4128  TPHKSVC - ok
21:48:04.0765 4128  [ 44672DE6CEA9569C21C4B7A8D2560750 ] TPPWRIF        C:\WINDOWS\system32\drivers\Tppwrif.sys
21:48:04.0812 4128  TPPWRIF ( UnsignedFile.Multi.Generic ) - warning
21:48:04.0812 4128  TPPWRIF - detected UnsignedFile.Multi.Generic (1)
21:48:04.0937 4128  [ 626504572B175867F30F3215C04B3E2F ] TrkWks          C:\WINDOWS\system32\trkwks.dll
21:48:05.0171 4128  TrkWks - ok
21:48:05.0203 4128  [ F2ABA3066D7921D7FCDBD66DEA88BE11 ] TSMAPIP        C:\WINDOWS\system32\drivers\TSMAPIP.SYS
21:48:05.0218 4128  TSMAPIP ( UnsignedFile.Multi.Generic ) - warning
21:48:05.0218 4128  TSMAPIP - detected UnsignedFile.Multi.Generic (1)
21:48:05.0718 4128  [ 44D5BE1651390476C5EDB3B5DF28DE30 ] TSSCoreService  C:\Programme\Lenovo\Client Security Solution\tvttcsd.exe
21:48:06.0515 4128  TSSCoreService - ok
21:48:06.0906 4128  [ C8DA890DF821DBE5CD5B9A10C6C82D51 ] TVT Backup Protection Service C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe
21:48:07.0390 4128  TVT Backup Protection Service ( UnsignedFile.Multi.Generic ) - warning
21:48:07.0390 4128  TVT Backup Protection Service - detected UnsignedFile.Multi.Generic (1)
21:48:07.0953 4128  [ 951675971BB6DE44284CCE95F33F7421 ] TVT Backup Service C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe
21:48:08.0921 4128  TVT Backup Service ( UnsignedFile.Multi.Generic ) - warning
21:48:08.0921 4128  TVT Backup Service - detected UnsignedFile.Multi.Generic (1)
21:48:09.0750 4128  [ E9EA448F1174BE4052416B62263EA4EE ] TVT Scheduler  c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
21:48:11.0000 4128  TVT Scheduler ( UnsignedFile.Multi.Generic ) - warning
21:48:11.0000 4128  TVT Scheduler - detected UnsignedFile.Multi.Generic (1)
21:48:11.0093 4128  [ 49258A02A1E8D304ED88B0F1C56B1738 ] tvtfilter      C:\WINDOWS\system32\DRIVERS\tvtfilter.sys
21:48:11.0171 4128  tvtfilter - ok
21:48:11.0234 4128  [ 8AB24D4B7DA715C2C80455137910E792 ] TVTI2C          C:\WINDOWS\system32\DRIVERS\Tvti2c.sys
21:48:11.0312 4128  TVTI2C - ok
21:48:11.0375 4128  [ 2E72C66682E9274C97AE3F5A57C2FA33 ] tvtnetwk        C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe
21:48:11.0421 4128  tvtnetwk ( UnsignedFile.Multi.Generic ) - warning
21:48:11.0421 4128  tvtnetwk - detected UnsignedFile.Multi.Generic (1)
21:48:11.0421 4128  TVTPktFilter - ok
21:48:11.0500 4128  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
21:48:11.0734 4128  Udfs - ok
21:48:11.0765 4128  [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra          C:\WINDOWS\system32\DRIVERS\ultra.sys
21:48:11.0875 4128  ultra - ok
21:48:11.0937 4128  [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf          C:\WINDOWS\system32\wdfmgr.exe
21:48:12.0015 4128  UMWdf - ok
21:48:12.0250 4128  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
21:48:12.0875 4128  Update - ok
21:48:13.0015 4128  [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost        C:\WINDOWS\System32\upnphost.dll
21:48:13.0265 4128  upnphost - ok
21:48:13.0296 4128  [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS            C:\WINDOWS\System32\ups.exe
21:48:13.0484 4128  UPS - ok
21:48:13.0515 4128  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp        C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:48:13.0687 4128  usbccgp - ok
21:48:13.0734 4128  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci        C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:48:13.0890 4128  usbehci - ok
21:48:13.0968 4128  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:48:14.0140 4128  usbhub - ok
21:48:14.0156 4128  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:48:14.0375 4128  usbprint - ok
21:48:14.0390 4128  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan        C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:48:14.0546 4128  usbscan - ok
21:48:14.0578 4128  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR        C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:48:14.0953 4128  USBSTOR - ok
21:48:14.0984 4128  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci        C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:48:15.0109 4128  usbuhci - ok
21:48:15.0187 4128  [ 9EBEE4A060C5364A31AEAA04EAC2AF1E ] VComm          C:\WINDOWS\system32\DRIVERS\VComm.sys
21:48:15.0250 4128  VComm ( UnsignedFile.Multi.Generic ) - warning
21:48:15.0250 4128  VComm - detected UnsignedFile.Multi.Generic (1)
21:48:15.0312 4128  [ 630BBDBF5490F8F57ABE650DA63661A0 ] VcommMgr        C:\WINDOWS\system32\Drivers\VcommMgr.sys
21:48:15.0375 4128  VcommMgr ( UnsignedFile.Multi.Generic ) - warning
21:48:15.0375 4128  VcommMgr - detected UnsignedFile.Multi.Generic (1)
21:48:15.0406 4128  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave        C:\WINDOWS\System32\drivers\vga.sys
21:48:15.0593 4128  VgaSave - ok
21:48:15.0671 4128  [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp          C:\WINDOWS\system32\DRIVERS\viaagp.sys
21:48:15.0796 4128  viaagp - ok
21:48:15.0828 4128  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
21:48:15.0953 4128  ViaIde - ok
21:48:16.0031 4128  [ A5A712F4E880874A477AF790B5186E1D ] VolSnap        C:\WINDOWS\system32\drivers\VolSnap.sys
21:48:16.0156 4128  VolSnap - ok
21:48:16.0343 4128  [ 68F106273BE29E7B7EF8266977268E78 ] VSS            C:\WINDOWS\System32\vssvc.exe
21:48:16.0625 4128  VSS - ok
21:48:16.0750 4128  [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time        C:\WINDOWS\system32\w32time.dll
21:48:17.0000 4128  W32Time - ok
21:48:17.0031 4128  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:48:17.0203 4128  Wanarp - ok
21:48:17.0515 4128  [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000        C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
21:48:17.0953 4128  Wdf01000 - ok
21:48:17.0953 4128  WDICA - ok
21:48:18.0046 4128  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
21:48:18.0265 4128  wdmaud - ok
21:48:18.0328 4128  [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient      C:\WINDOWS\System32\webclnt.dll
21:48:18.0593 4128  WebClient - ok
21:48:19.0062 4128  [ 115946A53B62A6B171FD0ED197C71D52 ] winachsf        C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
21:48:19.0796 4128  winachsf - ok
21:48:19.0968 4128  [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt        C:\WINDOWS\system32\wbem\WMIsvc.dll
21:48:20.0234 4128  winmgmt - ok
21:48:20.0781 4128  [ F2E9FCB970D02E1647E185DA1D2E3CA9 ] WMConnectCDS    C:\Programme\Windows Media Connect 2\wmccds.exe
21:48:21.0687 4128  WMConnectCDS ( UnsignedFile.Multi.Generic ) - warning
21:48:21.0687 4128  WMConnectCDS - detected UnsignedFile.Multi.Generic (1)
21:48:21.0765 4128  [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
21:48:21.0828 4128  WmdmPmSN - ok
21:48:22.0234 4128  [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi            C:\WINDOWS\System32\advapi32.dll
21:48:23.0015 4128  Wmi - ok
21:48:23.0156 4128  [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:48:23.0421 4128  WmiApSrv - ok
21:48:23.0468 4128  [ 1385E5AA9C9821790D33A9563B8D2DD0 ] WpdUsb          C:\WINDOWS\system32\Drivers\wpdusb.sys
21:48:23.0531 4128  WpdUsb - ok
21:48:23.0546 4128  [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:48:23.0687 4128  WSTCODEC - ok
21:48:24.0000 4128  [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
21:48:24.0609 4128  WZCSVC - ok
21:48:24.0718 4128  [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov        C:\WINDOWS\System32\xmlprov.dll
21:48:24.0921 4128  xmlprov - ok
21:48:24.0937 4128  ================ Scan global ===============================
21:48:25.0000 4128  [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
21:48:25.0218 4128  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
21:48:25.0593 4128  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
21:48:25.0703 4128  [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
21:48:25.0703 4128  [Global] - ok
21:48:25.0703 4128  ================ Scan MBR ==================================
21:48:25.0750 4128  [ 205060F860AA1EC25B607A1B5B40A40C ] \Device\Harddisk0\DR0
21:48:26.0265 4128  \Device\Harddisk0\DR0 - ok
21:48:26.0265 4128  ================ Scan VBR ==================================
21:48:26.0265 4128  [ 995B9A8A670CD5116423BC342FBF9090 ] \Device\Harddisk0\DR0\Partition1
21:48:26.0281 4128  \Device\Harddisk0\DR0\Partition1 - ok
21:48:26.0281 4128  ============================================================
21:48:26.0281 4128  Scan finished
21:48:26.0281 4128  ============================================================
21:48:26.0390 4196  Detected object count: 47
21:48:26.0390 4196  Actual detected object count: 47
21:49:26.0953 4196  AcPrfMgrSvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:26.0953 4196  AcPrfMgrSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:26.0953 4196  AcSvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:26.0953 4196  AcSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:26.0953 4196  ADIHdAudAddService ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:26.0953 4196  ADIHdAudAddService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:26.0953 4196  AEAudio ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:26.0953 4196  AEAudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:26.0968 4196  ANC ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:26.0968 4196  ANC ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:26.0968 4196  BlueletAudio ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:26.0968 4196  BlueletAudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:26.0968 4196  BlueletSCOAudio ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:26.0968 4196  BlueletSCOAudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:26.0968 4196  BlueSoleil Hid Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:26.0968 4196  BlueSoleil Hid Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:26.0968 4196  BT ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:26.0968 4196  BT ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:26.0968 4196  Btcsrusb ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:26.0968 4196  Btcsrusb ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:26.0968 4196  BTHidEnum ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:26.0968 4196  BTHidEnum ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:26.0984 4196  BTHidMgr ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:26.0984 4196  BTHidMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:26.0984 4196  BTNetFilter ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:26.0984 4196  BTNetFilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:26.0984 4196  btwdins ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:26.0984 4196  btwdins ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:26.0984 4196  Diskeeper ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:26.0984 4196  Diskeeper ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:26.0984 4196  DLABOIOM ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:26.0984 4196  DLABOIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:26.0984 4196  DLACDBHM ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:26.0984 4196  DLACDBHM ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:27.0000 4196  DLADResN ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:27.0000 4196  DLADResN ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:27.0000 4196  DLAIFS_M ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:27.0000 4196  DLAIFS_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:27.0000 4196  DLAOPIOM ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:27.0000 4196  DLAOPIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:27.0000 4196  DLAPoolM ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:27.0000 4196  DLAPoolM ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:27.0000 4196  DLARTL_N ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:27.0000 4196  DLARTL_N ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:27.0000 4196  DLAUDFAM ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:27.0000 4196  DLAUDFAM ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:27.0000 4196  DLAUDF_M ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:27.0000 4196  DLAUDF_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:27.0000 4196  DRVMCDB ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:27.0000 4196  DRVMCDB ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:27.0000 4196  DRVNDDM ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:27.0000 4196  DRVNDDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:27.0015 4196  EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:27.0015 4196  EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:27.0015 4196  IBMTPCHK ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:27.0015 4196  IBMTPCHK ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:27.0015 4196  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:27.0015 4196  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:27.0015 4196  Iviaspi ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:27.0015 4196  Iviaspi ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:27.0015 4196  pmem ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:27.0015 4196  pmem ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:27.0015 4196  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:27.0015 4196  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:27.0031 4196  PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:27.0031 4196  PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:27.0031 4196  RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:27.0031 4196  RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:27.0031 4196  S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:27.0031 4196  S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:27.0031 4196  s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:27.0031 4196  s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:27.0031 4196  Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:27.0031 4196  Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:27.0031 4196  SUService ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:27.0031 4196  SUService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:27.0031 4196  TPPWRIF ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:27.0031 4196  TPPWRIF ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:27.0046 4196  TSMAPIP ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:27.0046 4196  TSMAPIP ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:27.0046 4196  TVT Backup Protection Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:27.0046 4196  TVT Backup Protection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:27.0046 4196  TVT Backup Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:27.0046 4196  TVT Backup Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:27.0046 4196  TVT Scheduler ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:27.0046 4196  TVT Scheduler ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:27.0046 4196  tvtnetwk ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:27.0046 4196  tvtnetwk ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:27.0046 4196  VComm ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:27.0046 4196  VComm ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:27.0046 4196  VcommMgr ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:27.0046 4196  VcommMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:27.0062 4196  WMConnectCDS ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:27.0062 4196  WMConnectCDS ( UnsignedFile.Multi.Generic ) - User select action: Skip


cosinus 24.09.2012 13:28

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Kalinewirsch 24.09.2012 20:43

Combofix Logfile:
Code:

ComboFix 12-09-24.02 - Administrator 24.09.2012  20:43:36.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.1014.325 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Administrator\Eigene Dateien\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\Administrator\Anwendungsdaten\system32
c:\windows\EventSystem.log
c:\windows\IsUn0407.exe
c:\windows\system32\Thumbs.db
c:\windows\system32\TPAPSLOG.LOG
c:\windows\system32\TPHDLOG0.LOG
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\system32\vrlogon.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-08-24 bis 2012-09-24  ))))))))))))))))))))))))))))))
.
.
2012-09-19 02:08 . 2012-09-19 02:08        --------        d-----w-        c:\dokumente und einstellungen\Administrator\Client Security Solution
2012-09-17 19:37 . 2012-09-22 19:59        --------        d-----w-        C:\_OTL
2012-09-15 20:31 . 2012-08-21 09:13        355632        ----a-w-        c:\windows\system32\drivers\aswSP.sys
2012-09-15 20:31 . 2012-08-21 09:13        21256        ----a-w-        c:\windows\system32\drivers\aswFsBlk.sys
2012-09-15 20:31 . 2012-08-21 09:13        35928        ----a-w-        c:\windows\system32\drivers\aswRdr.sys
2012-09-15 20:31 . 2012-08-21 09:13        54232        ----a-w-        c:\windows\system32\drivers\aswTdi.sys
2012-09-15 20:31 . 2012-08-21 09:13        729752        ----a-w-        c:\windows\system32\drivers\aswSnx.sys
2012-09-15 20:31 . 2012-08-21 09:13        97608        ----a-w-        c:\windows\system32\drivers\aswmon2.sys
2012-09-15 20:31 . 2012-08-21 09:13        89624        ----a-w-        c:\windows\system32\drivers\aswmon.sys
2012-09-15 20:31 . 2012-08-21 09:13        25256        ----a-w-        c:\windows\system32\drivers\aavmker4.sys
2012-09-15 20:28 . 2012-08-21 09:12        41224        ----a-w-        c:\windows\avastSS.scr
2012-09-15 20:27 . 2012-08-21 09:12        227648        ----a-w-        c:\windows\system32\aswBoot.exe
2012-09-15 20:24 . 2012-09-15 20:24        --------        d-----w-        c:\programme\AVAST Software
2012-09-15 20:24 . 2012-09-15 20:24        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\AVAST Software
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-07 15:04 . 2012-08-10 12:52        22856        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-09-19 20:03 . 2012-09-19 20:00        266720        ----a-w-        c:\programme\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12        121528        ----a-w-        c:\programme\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-12-06 200704]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-12-06 208896]
"TPFNF7"="c:\programme\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-11-29 59168]
"Apoint"="c:\programme\Apoint2K\Apoint.exe" [2007-03-05 172032]
"TpShocks"="TpShocks.exe" [2007-11-22 181536]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-28 243248]
"TVT Scheduler Proxy"="c:\programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
"ISUSPM Startup"="c:\progra~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"AwaySch"="c:\programme\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2007-04-26 120368]
"AMSG"="c:\programme\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 419376]
"DiskeeperSystray"="c:\programme\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 196696]
"ACTray"="c:\programme\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 413696]
"ACWLIcon"="c:\programme\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 126976]
"cssauth"="c:\programme\Lenovo\Client Security Solution\cssauth.exe" [2007-08-03 2630968]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-07 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-07 162328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-07 137752]
"LenovoAutoScrollUtility"="c:\programme\Lenovo\VIRTSCRL\virtscrl.exe" [2010-04-01 43960]
"SoundMAXPnP"="c:\programme\Analog Devices\Core\smax4pnp.exe" [2007-04-09 1015808]
"HP Software Update"="c:\programme\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"SynTPLpr"="c:\programme\Synaptics\SynTP\SynTPLpr.exe" [2003-06-24 126976]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2003-06-24 561152]
"TkBellExe"="c:\programme\real\realplayer\update\realsched.exe" [2012-05-28 296056]
"Reader Application Helper"="c:\programme\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe" [2012-01-31 892928]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-01-17 252296]
"avast"="c:\programme\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\Administrator\Startmenü\Programme\Autostart\
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\programme\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
c:\dokumente und einstellungen\Administrator\Startmenü\Programme\Autostart\
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\programme\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Adobe Reader Synchronizer.lnk - c:\programme\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
BlueSoleil.lnk - c:\programme\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-9-20 1200128]
BTTray.lnk - c:\programme\ThinkPad\Bluetooth Software\BTTray.exe [2007-2-27 561213]
HP Digital Imaging Monitor.lnk - c:\programme\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
Secunia PSI Tray.lnk - c:\programme\Secunia\PSI\psi_tray.exe [2012-5-3 562232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-03-14 20:17        89600        ----a-w-        c:\windows\system32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages        REG_MULTI_SZ          scecli psqlpwd
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"Client Server Runtime Process"= c:\dokumente und einstellungen\Administrator\Anwendungsdaten\System32\csrss.exe
"Host-process Windows (Rundll32.exe)"= c:\dokumente und einstellungen\Administrator\Anwendungsdaten\csrss.exe
"Service Host Process for Windows"= c:\dokumente und einstellungen\Administrator\Anwendungsdaten\svchost.exe
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
.
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [16.10.2007 18:32 19504]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [15.09.2012 22:31 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [15.09.2012 22:31 355632]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [22.09.2011 09:12 13680]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [15.09.2012 22:31 21256]
R2 MBAMScheduler;MBAMScheduler;c:\programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [14.09.2012 22:22 399432]
R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [10.08.2012 14:52 676936]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\programme\Secunia\PSI\PSIA.exe --start-service --> c:\programme\Secunia\PSI\PSIA.exe --start-service [?]
R2 Secunia Update Agent;Secunia Update Agent;c:\programme\Secunia\PSI\sua.exe --start-service --> c:\programme\Secunia\PSI\sua.exe --start-service [?]
R2 smihlp;SMI Helper Driver (smihlp);c:\programme\Gemeinsame Dateien\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [14.03.2007 22:10 11152]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\programme\Lenovo\HOTKEY\tphkload.exe [22.09.2011 09:12 130920]
R2 TPHKSVC;Anzeige am Bildschirm;c:\programme\Lenovo\HOTKEY\TPHKSVC.exe [09.07.2007 08:23 64952]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\programme\Lenovo\Rescue and Recovery\rrpservice.exe [08.02.2007 13:11 569344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10.08.2012 14:52 22856]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [22.05.2007 15:59 30336]
S2 gupdate;Google Update-Dienst (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [15.09.2012 22:31 136176]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\programme\Lenovo\HOTKEY\micmute.exe [22.09.2011 09:12 45496]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [15.09.2012 22:31 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [20.05.2012 13:42 114144]
S3 osppsvc;Office Software Protection Platform;c:\programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09.01.2010 22:37 4640000]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [16.12.2011 16:19 15544]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - BITS
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-24 c:\windows\Tasks\avast! Emergency Update.job
- c:\programme\AVAST Software\Avast\AvastEmUpdate.exe [2012-09-15 09:12]
.
2012-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2012-09-15 20:31]
.
2012-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2012-09-15 20:31]
.
2012-09-24 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-05-29 16:22]
.
2012-09-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3654445409-3643727936-2709279435-500.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2012-04-30 16:21]
.
2012-09-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3654445409-3643727936-2709279435-500.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2012-04-30 16:21]
.
2012-09-24 c:\windows\Tasks\ReclaimerUpdateFiles_Administrator.job
- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-24 09:25]
.
2012-09-24 c:\windows\Tasks\ReclaimerUpdateXML_Administrator.job
- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-24 09:25]
.
2012-09-24 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Administrator.job
- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-24 09:25]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
IE: &Citavi Picker... - file://c:\dokumente und einstellungen\All Users\Anwendungsdaten\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Senden an &Bluetooth-Gerät... - c:\programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\t3g1o2zt.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://google.de
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Notify-ACNotify - ACNotify.dll
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-09-24 21:14
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
.
c:\windows\system32\TPAPSLOG.LOG 384 bytes
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3654445409-3643727936-2709279435-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5b,76,ce,58,0e,10,3e,45,94,d7,c5,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5b,76,ce,58,0e,10,3e,45,94,d7,c5,\
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1824)
c:\programme\ThinkPad\ConnectUtilities\ACNotify.dll
c:\programme\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\programme\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\programme\ThinkPad\ConnectUtilities\ACHelper.dll
c:\windows\system32\psqlpwd.dll
c:\programme\ThinkVantage Fingerprint Software\homefus2.dll
c:\programme\ThinkVantage Fingerprint Software\infra.dll
c:\programme\ThinkVantage Fingerprint Software\homepass.dll
c:\programme\ThinkVantage Fingerprint Software\bio.dll
c:\programme\ThinkVantage Fingerprint Software\ps2css.dll
c:\programme\ThinkVantage Fingerprint Software\remote.dll
.
- - - - - - - > 'lsass.exe'(1880)
c:\windows\system32\psqlpwd.dll
c:\programme\ThinkVantage Fingerprint Software\homefus2.dll
c:\programme\ThinkVantage Fingerprint Software\infra.dll
.
- - - - - - - > 'explorer.exe'(5484)
c:\windows\system32\msi.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\webcheck.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\programme\Intel\Wireless\Bin\S24EvMon.exe
c:\programme\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\IPSSVC.EXE
c:\programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\programme\IVT Corporation\BlueSoleil\BTNtService.exe
c:\programme\Diskeeper Corporation\Diskeeper\DkService.exe
c:\programme\Intel\Wireless\Bin\EvtEng.exe
c:\programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe
c:\programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\programme\Intel\Wireless\Bin\RegSrvc.exe
c:\programme\Secunia\PSI\PSIA.exe
c:\programme\Secunia\PSI\sua.exe
c:\programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.exe
c:\programme\Lenovo\Client Security Solution\tvttcsd.exe
c:\programme\Lenovo\Rescue and Recovery\rrservice.exe
c:\programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
c:\programme\Lenovo\Rescue and Recovery\ADM\IUService.exe
c:\windows\system32\wdfmgr.exe
c:\programme\ThinkPad\ConnectUtilities\AcSvc.exe
c:\programme\Gemeinsame Dateien\Lenovo\Logger\logmon.exe
c:\programme\lenovo\system update\suservice.exe
c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe
c:\programme\LENOVO\HOTKEY\tposdsvc.exe
c:\programme\Lenovo\HOTKEY\TPONSCR.exe
c:\programme\Lenovo\Zoom\TpScrex.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\TpShocks.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\programme\Intel\Wireless\Bin\Dot1XCfg.exe
c:\programme\HP\Digital Imaging\bin\hpqSTE08.exe
c:\programme\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-09-24  21:29:53 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-09-24 19:29
.
Vor Suchlauf: 19 Verzeichnis(se), 36.289.810.432 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 36.318.629.888 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - E5B10446D543F067F6B58C885F8B28DD

--- --- ---

cosinus 25.09.2012 10:45

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Kalinewirsch 25.09.2012 17:57

... ja, alles erledigt.
Soweit ok?

cosinus 25.09.2012 19:45

Wie denn jetzt im Anhang, erspar mir doch bitte diese ständige Klickerei und Entpackerei....die Logs sollten alle direkt gepostet werden in CODE-Tags umschlossen

Kalinewirsch 25.09.2012 20:20

das habe ich versucht, aber ich bekam die Meldung das die Texte zu lang seien und ich bitte bie Beiträge las logs anhängen solle...
also habe ich es mir einfach gemacht und die 3 dateien als Anhang versendet.
GMER passt nicht...
hier nun osam
Code:

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 17:41:01 on 25.09.2012

*OS*: Windows XP Professional Service Pack 3 (Build 2600)
*Default Browser*: Mozilla Corporation Firefox 15.0.1

*Scanner Settings*
Rootkits detection (hidden registry)
Rootkits detection (hidden files)
Retrieve files information
Check Microsoft signatures

*Filters*
Trusted entries
Empty entries
Hidden registry entries (rootkit activity)
Exclusively opened files
Not found files
Files without detailed information
Existing files
Non-startable services
Non-startable drivers
Active entries
Disabled entries

          Risk        Name        Publisher        Full Path        Status
Common
%SystemRoot%\Tasks
                      "avast! Emergency Update.job"        "AVAST Software"
C:\Programme\AVAST Software\Avast\AvastEmUpdate.exe        File exists
        ||||          "GoogleUpdateTaskMachineCore.job"        "Google Inc."
C:\Programme\Google\Update\GoogleUpdate.exe        File exists
        ||||          "GoogleUpdateTaskMachineUA.job"        "Google Inc."
C:\Programme\Google\Update\GoogleUpdate.exe        File exists
        ||||          "PMTask.job"                C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE        File
found, but it contains no detailed information
             
"RealUpgradeLogonTaskS-1-5-21-3654445409-3643727936-2709279435-500.job"        "RealNetworks,
Inc."        C:\Programme\Real\RealUpgrade\realupgrade.exe        File exists
             
"RealUpgradeScheduledTaskS-1-5-21-3654445409-3643727936-2709279435-500.job"
        "RealNetworks, Inc."        C:\Programme\Real\RealUpgrade\realupgrade.exe
File exists
                      "ReclaimerUpdateFiles_Administrator.job"        "RealNetworks,
Inc."        C:\Dokumente und
Einstellungen\Administrator\Anwendungsdaten\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe
        File exists
                      "ReclaimerUpdateXML_Administrator.job"        "RealNetworks, Inc."
C:\Dokumente und
Einstellungen\Administrator\Anwendungsdaten\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe
        File exists
                      "RNUpgradeHelperLogonPrompt_Administrator.job"        "RealNetworks,
Inc."        C:\Dokumente und
Einstellungen\Administrator\Anwendungsdaten\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe
        File exists
Control Panel Objects
%SystemRoot%\system32
        ||||||        "btcpl.cpl"        "Broadcom Corporation."
C:\WINDOWS\system32\btcpl.cpl        File exists
        ||||||        "FlashPlayerCPLApp.cpl"        "Adobe Systems Incorporated"
C:\WINDOWS\system32\FlashPlayerCPLApp.cpl        File exists
        ||||||        "infocardcpl.cpl"        "Microsoft Corporation"
C:\WINDOWS\system32\infocardcpl.cpl        File exists
        ||||||        "ISUSPM.cpl"        "InstallShield Software Corporation"
C:\WINDOWS\system32\ISUSPM.cpl        File exists
                      "javacpl.cpl"        "Oracle Corporation"
C:\WINDOWS\system32\javacpl.cpl        File exists
        ||||||        "TpShCPL.cpl"        "Lenovo."        C:\WINDOWS\system32\TpShCPL.cpl        File
exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls
        ||||||        "mlcfg32.cpl"        "Microsoft Corporation"
C:\PROGRA~1\MICROS~2\Office14\MLCFG32.CPL        File exists
        ||||||        "ProtectorSuiteInfoPanel"        "UPEK Inc."
C:\Programme\ThinkVantage Fingerprint Software\infopnl.cpl        File exists
        ||||||        "Windows Media Connect"        "Microsoft Corporation"
C:\Programme\Windows Media Connect 2\wmccpl.dll        File exists
Drivers
HKLM\SYSTEM\CurrentControlSet\Services
        ||||||        "ADI UAA Function Driver for High Definition Audio Service"
(ADIHdAudAddService)        "Analog Devices, Inc."
C:\WINDOWS\System32\drivers\ADIHdAud.sys        File exists
        ||||||        "AE Audio Service" (AEAudio)        "Andrea Electronics
Corporation"        C:\WINDOWS\System32\drivers\AEAudio.sys        File exists
        ||||||        "ANC" (ANC)        "IBM Corp."        C:\WINDOWS\System32\drivers\ANC.SYS
File exists
        ||||||        "APS Digitizer Activity Monitor" (TPDIGIMN)        "Lenovo."
C:\WINDOWS\System32\DRIVERS\ApsHM86.sys        File exists
                      "aswFsBlk" (aswFsBlk)        "AVAST Software"
C:\WINDOWS\system32\drivers\aswFsBlk.sys        File exists
                      "aswMon2" (aswMon2)        "AVAST Software"
C:\WINDOWS\system32\drivers\aswMon2.sys        File exists
                      "aswRdr" (AswRdr)        "AVAST Software"
C:\WINDOWS\system32\drivers\AswRdr.sys        File exists
                      "aswSnx" (aswSnx)        "AVAST Software"
C:\WINDOWS\system32\drivers\aswSnx.sys        File exists
                      "aswSP" (aswSP)        "AVAST Software"
C:\WINDOWS\system32\drivers\aswSP.sys        File exists
                      "avast! Asynchronous Virus Monitor" (Aavmker4)        "AVAST
Software"        C:\WINDOWS\system32\drivers\Aavmker4.sys        File exists
                      "avast! Network Shield Support" (aswTdi)        "AVAST Software"
C:\WINDOWS\system32\drivers\aswTdi.sys        File exists
        ||||||        "Bluetooth Audio Service" (BlueletAudio)        "IVT Corporation"
C:\WINDOWS\System32\DRIVERS\blueletaudio.sys        File exists
        ||||||        "Bluetooth HID Enumerator" (BTHidEnum)       
C:\WINDOWS\System32\DRIVERS\vbtenum.sys        File found, but it contains no
detailed information
        ||||||        "Bluetooth HID Manager Service" (BTHidMgr)        "IVT Corporation"
C:\WINDOWS\System32\Drivers\BTHidMgr.sys        File exists
        ||||||        "Bluetooth Network Filter" (BTNetFilter)       
C:\WINDOWS\system32\drivers\BTNetFilter.sys        File found, but it contains
no detailed information
        ||||||        "Bluetooth PAN Network Adapter" (BT)        "IVT Corporation"
C:\WINDOWS\System32\DRIVERS\btnetdrv.sys        File exists
        ||||||        "Bluetooth SCO Audio Service" (BlueletSCOAudio)        "IVT
Corporation"        C:\WINDOWS\System32\DRIVERS\BlueletSCOAudio.sys        File exists
        ||||||        "Bluetooth USB For Bluetooth Service" (Btcsrusb)        "IVT
Corporation"        C:\WINDOWS\System32\Drivers\btcusb.sys        File exists
        ||||||        "Bluetooth VComm Manager Service" (VcommMgr)        "IVT
Corporation"        C:\WINDOWS\System32\Drivers\VcommMgr.sys        File exists
                      "catchme" (catchme)                C:\ComboFix\catchme.sys        File not found
                      "Changer" (Changer)                C:\WINDOWS\system32\drivers\Changer.sys
File not found
        ||||||        "DLABOIOM" (DLABOIOM)        "Sonic Solutions"
C:\WINDOWS\System32\DLA\DLABOIOM.SYS        File exists
        ||||||        "DLACDBHM" (DLACDBHM)        "Sonic Solutions"
C:\WINDOWS\System32\Drivers\DLACDBHM.SYS        File exists
        ||||||        "DLADResN" (DLADResN)        "Sonic Solutions"
C:\WINDOWS\System32\DLA\DLADResN.SYS        File exists
        ||||||        "DLAIFS_M" (DLAIFS_M)        "Sonic Solutions"
C:\WINDOWS\System32\DLA\DLAIFS_M.SYS        File exists
        ||||||        "DLAOPIOM" (DLAOPIOM)        "Sonic Solutions"
C:\WINDOWS\System32\DLA\DLAOPIOM.SYS        File exists
        ||||||        "DLAPoolM" (DLAPoolM)        "Sonic Solutions"
C:\WINDOWS\System32\DLA\DLAPoolM.SYS        File exists
        ||||||        "DLARTL_N" (DLARTL_N)        "Sonic Solutions"
C:\WINDOWS\System32\Drivers\DLARTL_N.SYS        File exists
        ||||||        "DLAUDFAM" (DLAUDFAM)        "Sonic Solutions"
C:\WINDOWS\System32\DLA\DLAUDFAM.SYS        File exists
        ||||||        "DLAUDF_M" (DLAUDF_M)        "Sonic Solutions"
C:\WINDOWS\System32\DLA\DLAUDF_M.SYS        File exists
        ||||||        "DRVMCDB" (DRVMCDB)        "Sonic Solutions"
C:\WINDOWS\System32\Drivers\DRVMCDB.SYS        File exists
        ||||||        "DRVNDDM" (DRVNDDM)        "Sonic Solutions"
C:\WINDOWS\System32\Drivers\DRVNDDM.SYS        File exists
        ||||||        "IBMTPCHK" (IBMTPCHK)       
C:\WINDOWS\system32\Drivers\IBMBLDID.sys        File found, but it contains no
detailed information
        ||||||        "IVI ASPI Shell" (Iviaspi)        "InterVideo, Inc."
C:\WINDOWS\System32\drivers\iviaspi.sys        File exists
                      "kwddqpoc" (kwddqpoc)       
C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\kwddqpoc.sys        Hidden registry entry,
rootkit activity | File not found
                      "lbrtfdc" (lbrtfdc)                C:\WINDOWS\system32\drivers\lbrtfdc.sys
File not found
        ||||||        "Lenovo System Interface Driver" (lenovo.smi)        "Lenovo Group
Limited"        C:\WINDOWS\System32\DRIVERS\smiif32.sys        File exists
                      "MBAMProtector" (MBAMProtector)        "Malwarebytes Corporation"
C:\WINDOWS\system32\drivers\mbam.sys        File exists
                      "Microsoft UAA Function Driver for High Definition Audio
Service" (HdAudAddService)                C:\WINDOWS\System32\drivers\CHDAudN.sys
File not found
                      "PCIDump" (PCIDump)                C:\WINDOWS\system32\drivers\PCIDump.sys
File not found
                      "PDCOMP" (PDCOMP)                C:\WINDOWS\system32\drivers\PDCOMP.sys
File not found
                      "PDFRAME" (PDFRAME)                C:\WINDOWS\system32\drivers\PDFRAME.sys
File not found
                      "PDRELI" (PDRELI)                C:\WINDOWS\system32\drivers\PDRELI.sys
File not found
                      "PDRFRAME" (PDRFRAME)       
C:\WINDOWS\system32\drivers\PDRFRAME.sys        File not found
        ||||||        "pmem" (pmem)        "Microsoft Corporation"
C:\WINDOWS\System32\drivers\pmemnt.sys        File exists
        ||||||        "PSI" (PSI)        "Secunia"
C:\WINDOWS\System32\DRIVERS\psi_mf.sys        File exists
        ||||||        "PxHelp20" (PxHelp20)        "Sonic Solutions"
C:\WINDOWS\System32\Drivers\PxHelp20.sys        File exists
        ||||||        "Shockprf" (Shockprf)        "Lenovo."
C:\WINDOWS\System32\DRIVERS\Apsx86.sys        File exists
        ||||||        "SMI Helper Driver (smihlp)" (smihlp)        "UPEK Inc."
C:\Programme\Gemeinsame Dateien\ThinkVantage Fingerprint
Software\Drivers\smihlp.sys        File exists
        ||||||        "TPPWRIF" (TPPWRIF)                C:\WINDOWS\System32\drivers\Tppwrif.sys
File found, but it contains no detailed information
        ||||||        "TSMAPIP" (TSMAPIP)                C:\WINDOWS\System32\drivers\TSMAPIP.SYS
File found, but it contains no detailed information
                      "TVT Packet Filter Service" (TVTPktFilter)       
C:\WINDOWS\System32\DRIVERS\tvtpktfilter.sys        File not found
        ||||||        "Virtual Serial port driver" (VComm)        "IVT Corporation"
C:\WINDOWS\System32\DRIVERS\VComm.sys        File exists
                      "WDICA" (WDICA)                C:\WINDOWS\system32\drivers\WDICA.sys        File
not found
        ||||||        "WLAN-Transport" (s24trans)        "Intel Corporation"
C:\WINDOWS\System32\DRIVERS\s24trans.sys        File exists
Explorer
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
        ||||||        {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath"        "Microsoft
Corporation"        c:\WINDOWS\system32\Rundll32.exe
c:\WINDOWS\system32\mscories.dll,Install        File exists
HKLM\Software\Classes\Folder\shellex\ColumnHandlers
        ||||||        {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension"
"Adobe Systems, Inc."        C:\Programme\Gemeinsame
Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll        File exists
HKLM\Software\Classes\Protocols\Filter
        ||||||        {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter,
CorFltr, CorFltr 1"        "Microsoft Corporation"
C:\WINDOWS\system32\mscoree.dll        File exists
        ||||||        {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter,
CorFltr, CorFltr 1"        "Microsoft Corporation"
C:\WINDOWS\system32\mscoree.dll        File exists
        ||||||        {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter,
CorFltr, CorFltr 1"        "Microsoft Corporation"
C:\WINDOWS\system32\mscoree.dll        File exists
        ||||||        {807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office
InfoPath XML Mime Filter"        "Microsoft Corporation"
C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
File exists
HKLM\Software\Classes\Protocols\Handler
        ||||||        {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class"
"Microsoft Corporation"        C:\Programme\Gemeinsame Dateien\Microsoft
Shared\Help\hxds.dll        File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
        ||||||        {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell
Extension"        "Igor Pavlov"        C:\Programme\7-Zip\7-zip.dll        File exists
        ||||||        {472083B0-C522-11CF-8763-00608CC02F24} "avast"        "AVAST
Software"        C:\Programme\AVAST Software\Avast\ashShell.dll        File exists
        ||||||        {6af09ec9-b429-11d4-a1fb-0090960218cb} "Bluetooth-Umgebung"
"Broadcom Corporation."        C:\WINDOWS\system32\btneighborhood.dll        File
exists
        ||||||        {D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt
Class"        "Microsoft Corporation"        C:\Programme\Microsoft
Office\Office14\VISSHE.DLL        File exists
                      {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für
Anzeigeverschiebung"                        File not found | COM-object registry key not found
        ||||||        {5CA3D70E-1895-11CF-8E15-001234567890} "DriveLetterAccess"
"Sonic Solutions"        C:\WINDOWS\System32\DLA\DLASHX_W.DLL        File exists
        ||||||        {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache"
"Microsoft Corporation"        c:\WINDOWS\system32\mscoree.dll        File exists
        ||||||        {506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt
Class"        "Microsoft Corporation"        C:\Programme\Microsoft
Office\Office14\VISSHE.DLL        File exists
                      {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die
Verschlüsselung"                        File not found | COM-object registry key not found
        ||||||        {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML
Icon Handler"        "Microsoft Corporation"        C:\Programme\Microsoft
Office\Office14\msohevi.dll        File exists
        ||||||        {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office
Metadata Handler"        "Microsoft Corporation"        C:\Programme\Gemeinsame
Dateien\Microsoft Shared\OFFICE14\msoshext.dll        File exists
        ||||||        {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office
Thumbnail Handler"        "Microsoft Corporation"        C:\Programme\Gemeinsame
Dateien\Microsoft Shared\OFFICE14\msoshext.dll        File exists
        ||||||        {0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote
Namespace Extension for Windows Desktop Search"        "Microsoft
Corporation"        C:\Programme\Microsoft Office\Office14\ONFILTER.DLL        File
exists
        ||||||        {00020D75-0000-0000-C000-000000000046} "Microsoft Outlook"
"Microsoft Corporation"        C:\PROGRA~1\MICROS~2\Office14\MLSHEXT.DLL        File
exists
        ||||||        {7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class"
"Broadcom Corporation."        C:\WINDOWS\system32\btncopy.dll        File exists
        ||||||        {0006F045-0000-0000-C000-000000000046} "Outlook File Icon
Extension"        "Microsoft Corporation"        C:\Programme\Microsoft
Office\Office14\OLKFSTUB.DLL        File exists
                      {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context
Menu Class"        "RealNetworks, Inc."
c:\programme\real\realplayer\rpshell.dll        File exists
                      {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for
Malware scanning"                        File not found | COM-object registry key not found
        ||||||        {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for
Application References"        "Microsoft Corporation"
c:\WINDOWS\system32\dfshim.dll        File exists
                      {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für
die Dateikomprimierung"                        File not found | COM-object registry key not
found
        ||||||        {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for
Application References"        "Microsoft Corporation"
c:\WINDOWS\system32\dfshim.dll        File exists
        ||||||        {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders"
"Microsoft Corporation"        C:\Programme\Gemeinsame Dateien\Microsoft
Shared\Web Folders\MSONSEXT.DLL        File exists
        ||||||        {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR"        "Alexander
Roshal"        C:\Programme\WinRAR\rarext.dll        File exists
Internet Explorer
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
                      ITBar7Height "ITBar7Height"                        File not found | COM-object
registry key not found
                      "ITBar7Layout"                        File not found | COM-object registry key not
found
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units
        ||            {2DAD3559-2923-4935-AD49-B673D2539944} "IASRunner Class"
hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect.cab
                C:\WINDOWS\Downloaded Program Files\acpir2.dll        File exists
        ||||          {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.5.0_06"
hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
"Sun Microsystems, Inc."
C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll        File exists
        ||||          {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
"Sun Microsystems, Inc."        C:\Programme\Java\jre6\bin\npjpi160_31.dll
File exists
        ||||          {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
"Sun Microsystems, Inc."        C:\Programme\Java\jre6\bin\npjpi160_31.dll
File exists
        ||||          {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
"Sun Microsystems, Inc."        C:\Programme\Java\jre6\bin\npjpi160_31.dll
File exists
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
                      {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden"
"Microsoft Corporation"        C:\Programme\Microsoft
Office\Office14\ONBttnIE.dll        File exists
        ||||||        {609D670F-B735-4da7-AC6D-F3BD358E325E} "Citavi Picker"
"Microsoft Corporation"        C:\WINDOWS\system32\mscoree.dll        File exists
        ||||||        {0FE81B52-73FA-425F-8F06-3F32451AC73F} "ClsidExtension"
"Lenovo Group Limited"        C:\Programme\Lenovo\Client Security
Solution\tvtpwm_ie_com.dll        File exists
        ||||||        {FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte
&OneNote-Notizen"        "Microsoft Corporation"        C:\Programme\Microsoft
Office\Office14\ONBttnIELinkedNotes.dll        File exists
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
        ||||||        "avast! WebRep"        "AVAST Software"        C:\Programme\AVAST
Software\Avast\aswWebRepIE.dll        File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
Objects
        ||||||        {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader"
"Adobe Systems Incorporated"        C:\Programme\Gemeinsame
Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll        File exists
        ||||||        {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} "avast! WebRep"        "AVAST
Software"        C:\Programme\AVAST Software\Avast\aswWebRepIE.dll        File exists
        ||||||        {F040E541-A427-4CF7-85D8-75E3E0F476C5} "CPwmIEBrowserHelper
Object"        "Lenovo Group Limited"        C:\Programme\Lenovo\Client Security
Solution\tvtpwm_ie_com.dll        File exists
        ||||||        {5CA3D70E-1895-11CF-8E15-001234567890} "DriveLetterAccess"
"Sonic Solutions"        C:\WINDOWS\System32\DLA\DLASHX_W.DLL        File exists
                      {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV
Helper"        "Oracle Corporation"        C:\Programme\Oracle\JavaFX 2.1
Runtime\bin\jp2ssv.dll        File exists
                      {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV
Helper"        "Oracle Corporation"        C:\Programme\Oracle\JavaFX 2.1
Runtime\bin\ssv.dll        File exists
        ||||||        {B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache
Handler"        "Microsoft Corporation"
C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL        File exists
                      {3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and
Record Plugin for Internet Explorer"        "RealPlayer"        C:\Dokumente und
Einstellungen\All
Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
        File exists
        ||||||        {609D670F-B735-4da7-AC6D-F3BD358E325E}
"SwissAcademic.Citavi.Picker.IEPicker"        "Microsoft Corporation"
C:\WINDOWS\system32\mscoree.dll        File exists
LSA Providers
HKLM\SYSTEM\CurrentControlSet\Control\Lsa
        ||||||        "Notification packages"        "UPEK Inc."
C:\WINDOWS\system32\psqlpwd.dll        File exists
Logon
%AllUsersProfile%\Startmenü\Programme\Autostart
        ||||          "Adobe Reader Synchronizer.lnk"        "Adobe Systems Incorporated"
C:\Programme\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe        Shortcut
exists | File exists
        ||||          "BlueSoleil.lnk"        "IVT Corporation"        C:\Programme\IVT
Corporation\BlueSoleil\BlueSoleil.exe        Shortcut exists | File exists
        ||||||        "desktop.ini"                C:\Dokumente und Einstellungen\All
Users\Startmenü\Programme\Autostart\desktop.ini        File exists
        ||||          "HP Digital Imaging Monitor.lnk"        "Hewlett-Packard Co."
C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe        Shortcut exists | File
exists
                      "Secunia PSI Tray.lnk"        "Secunia"
C:\Programme\Secunia\PSI\psi_tray.exe        Shortcut exists | File exists
        ||||          "BTTray.lnk"        "Broadcom Corporation."
C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe        Shortcut exists |
File exists
%UserProfile%\Startmenü\Programme\Autostart
        ||||          "OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk"
"Microsoft Corporation"        C:\Programme\Microsoft
Office\Office14\ONENOTEM.EXE        Shortcut exists | File exists
        ||||||        "desktop.ini"                C:\Dokumente und
Einstellungen\Administrator\Startmenü\Programme\Autostart\desktop.ini
File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
        ||||          "ACTray"        "Lenovo "
C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe        File exists
        ||||          "ACWLIcon"        "Lenovo "
C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe        File exists
        ||||          "AMSG"        "LENOVO"        C:\Programme\ThinkVantage\AMSG\Amsg.exe
/startup        File exists
        ||||||        "avast"        "AVAST Software"        "C:\Programme\AVAST
Software\Avast\avastUI.exe" /nogui        File exists
        ||||          "AwaySch"        "Lenovo Group Limited"
C:\Programme\Lenovo\AwayTask\AwaySch.EXE        File exists
        ||||          "BLOG"                rundll32
C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog        File found, but
it contains no detailed information
        ||||||        "cssauth"        "Lenovo Group Limited"        "C:\Programme\Lenovo\Client
Security Solution\cssauth.exe" silent        File exists
        ||||          "DiskeeperSystray"        "Diskeeper Corporation"
"C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe"        File exists
        ||||          "DLA"        "Sonic Solutions"
C:\WINDOWS\System32\DLA\DLACTRLW.EXE        File exists
        ||||          "EZEJMNAP"        "Lenovo Group Ltd."
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe        File exists
        ||||          "HP Software Update"        "Hewlett-Packard"        C:\Programme\HP\HP
Software Update\HPWuSchd2.exe        File exists
        ||||          "ISUSPM Startup"        "InstallShield Software Corporation"
C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup        File exists
        ||||          "ISUSScheduler"        "InstallShield Software Corporation"
"C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe"
-start        File exists
        ||||          "LenovoAutoScrollUtility"        "Lenovo Group Limited"
C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe        File exists
        ||||          "LPManager"        "Lenovo Group Limited"
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe        File exists
        ||||          "PWRMGRTR"        "Lenovo Group Limited"        rundll32
C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor        File exists
                      "Reader Application Helper"        "Sony Corporation"
C:\Programme\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe        File exists
        ||||          "SoundMAXPnP"        "Analog Devices, Inc."        C:\Programme\Analog
Devices\Core\smax4pnp.exe        File exists
        ||||          "SunJavaUpdateSched"        "Sun Microsystems, Inc."
"C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"        File exists
                      "TkBellExe"        "RealNetworks, Inc."
"c:\programme\real\realplayer\update\realsched.exe" -osboot        File exists
        ||||          "TPFNF7"        "Lenovo Group Limited"
C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe /r        File exists
        ||||||        "TpShocks"        "Lenovo."        TpShocks.exe        File exists
        ||||          "TVT Scheduler Proxy"        "Lenovo Group Limited"
C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
File exists
Print Monitors
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
        ||||||        "Bluetooth-Druckeranschluss"        "Broadcom Corporation."
C:\WINDOWS\system32\bthcrp.dll        File exists
        ||||||        "HP Standard TCP/IP Port"        "Hewlett Packard"
C:\WINDOWS\system32\HpTcpMon.dll        File exists
Services
HKLM\SYSTEM\CurrentControlSet\Services
        ||||||        ".NET Runtime Optimization Service v2.0.50727_X86"
(clr_optimization_v2.0.50727_32)        "Microsoft Corporation"
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe        File exists
        ||||||        "Ac Profile Manager Service" (AcPrfMgrSvc)        "Lenovo "
C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe        File exists
        ||||||        "Access Connections Main Service" (AcSvc)        "Lenovo "
C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe        File exists
        ||||||        "Anzeige am Bildschirm" (TPHKSVC)        "Lenovo Group Limited"
C:\Programme\LENOVO\HOTKEY\TPHKSVC.exe        File exists
        ||||||        "ASP.NET-Zustandsdienst" (aspnet_state)        "Microsoft
Corporation"
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe        File exists
        ||||||        "avast! Antivirus" (avast! Antivirus)        "AVAST Software"
C:\Programme\AVAST Software\Avast\AvastSvc.exe        File exists
        ||||||        "BlueSoleil Hid Service" (BlueSoleil Hid Service)       
C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe        File found, but
it contains no detailed information
        ||||||        "Bluetooth Service" (btwdins)        "Broadcom Corporation."
C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe        File exists
        ||||||        "Diskeeper" (Diskeeper)        "Diskeeper Corporation"
C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe        File exists
        ||||          "Google Update-Dienst (gupdate)" (gupdate)        "Google Inc."
C:\Programme\Google\Update\GoogleUpdate.exe        File exists
        ||||          "Google Update-Dienst (gupdatem)" (gupdatem)        "Google Inc."
C:\Programme\Google\Update\GoogleUpdate.exe        File exists
        ||||          "Google Updater Service" (gusvc)        "Google"
C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe        File
exists
        ||||          "InstallDriver Table Manager" (IDriverT)        "Macrovision
Corporation"        C:\Programme\Gemeinsame
Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe        File exists
        ||||||        "Intel(R) PROSet/Wireless Event Log" (EvtEng)        "Intel
Corporation"        C:\Programme\Intel\Wireless\Bin\EvtEng.exe        File exists
        ||||||        "Intel(R) PROSet/Wireless Registry Service" (RegSrvc)        "Intel
Corporation"        C:\Programme\Intel\Wireless\Bin\RegSrvc.exe        File exists
        ||||||        "Intel(R) PROSet/Wireless Service" (S24EventMonitor)        "Intel
Corporation "        C:\Programme\Intel\Wireless\Bin\S24EvMon.exe        File exists
        ||||||        "IPS-Basisservice" (IPSSVC)        "Lenovo Group Limited"
C:\WINDOWS\system32\IPSSVC.EXE        File exists
        ||||||        "IviRegMgr" (IviRegMgr)        "InterVideo"        C:\Programme\Gemeinsame
Dateien\InterVideo\RegMgr\iviRegMgr.exe        File exists
                      "Java Quick Starter" (JavaQuickStarterService)        "Oracle
Corporation"        C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe        File
exists
        ||||||        "Lenovo Hotkey Client Loader" (TPHKLOAD)        "Lenovo Group
Limited"        C:\Programme\LENOVO\HOTKEY\TPHKLOAD.exe        File exists
        ||||||        "Lenovo Microphone Mute" (LENOVO.MICMUTE)        "Lenovo Group
Limited"        C:\Programme\LENOVO\HOTKEY\MICMUTE.exe        File exists
                      "MBAMScheduler" (MBAMScheduler)        "Malwarebytes Corporation"
C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe        File exists
                      "MBAMService" (MBAMService)        "Malwarebytes Corporation"
C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe        File exists
                      "Mozilla Maintenance Service" (MozillaMaintenance)        "Mozilla
Foundation"        C:\Programme\Mozilla Maintenance
Service\maintenanceservice.exe        File exists
        ||||||        "Office Source Engine" (ose)        "Microsoft Corporation"
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
File exists
        ||||||        "Office Software Protection Platform" (osppsvc)        "Microsoft
Corporation"        C:\Programme\Gemeinsame Dateien\Microsoft
Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE        File exists
        ||||||        "Pml Driver HPZ12" (Pml Driver HPZ12)        "HP"
C:\WINDOWS\system32\HPZipm12.exe        File exists
                      "Secunia PSI Agent" (Secunia PSI Agent)        "Secunia"
C:\Programme\Secunia\PSI\PSIA.exe        File exists
                      "Secunia Update Agent" (Secunia Update Agent)        "Secunia"
C:\Programme\Secunia\PSI\sua.exe        File exists
        ||||||        "Sony SCSI Helper Service" (Sony SCSI Helper Service)        "Sony
Corporation"        C:\Programme\Gemeinsame Dateien\Sony
Shared\Fsk\SonySCSIHelperService.exe        File exists
        ||||||        "SQL Server (MSSMLBIZ)" (MSSQL$MSSMLBIZ)        "Microsoft
Corporation"        c:\Programme\Microsoft SQL
Server\MSSQL.1\MSSQL\Binn\sqlservr.exe        File exists
        ||||||        "SQL Server VSS Writer" (SQLWriter)        "Microsoft Corporation"
c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe        File exists
        ||||||        "SQL Server-Browser" (SQLBrowser)        "Microsoft Corporation"
c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe        File exists
        ||||||        "SQL Server-Startdienst für Business Contact Manager"
(BcmSqlStartupSvc)        "Microsoft Corporation"        C:\Programme\Microsoft
Small Business\Business Contact Manager\BcmSqlStartupSvc.exe        File exists
                      "System Update" (SUService)        "Lenovo Group Limited"
c:\programme\lenovo\system update\suservice.exe        File exists
        ||||||        "ThinkPad HDD APS Logging Service" (TPHDEXLGSVC)        "Lenovo."
C:\WINDOWS\System32\TPHDEXLG.exe        File exists
        ||||||        "ThinkVantage Registry Monitor Service" (ThinkVantage Registry
Monitor Service)        "Lenovo Group Limited"        C:\Programme\Gemeinsame
Dateien\Lenovo\tvt_reg_monitor_svc.exe        File exists
        ||||||        "TSS Core Service" (TSSCoreService)        "IBM"
C:\Programme\Lenovo\Client Security Solution\tvttcsd.exe        File exists
        ||||||        "TVT Backup Protection Service" (TVT Backup Protection
Service)                C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe        File
exists
        ||||||        "TVT Backup Service" (TVT Backup Service)        "Lenovo Group
Limited"        C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe        File
exists
        ||||||        "TVT Scheduler" (TVT Scheduler)        "Lenovo Group Limited"
c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe        File exists
        ||||||        "tvtnetwk" (tvtnetwk)                C:\Programme\Lenovo\Rescue and
Recovery\ADM\IUService.exe        File found, but it contains no detailed
information
        ||||||        "Windows CardSpace" (idsvc)        "Microsoft Corporation"
c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication
Foundation\infocard.exe        File exists
        ||||          "Windows Media Connect-Dienst" (WMConnectCDS)        "Microsoft
Corporation"        C:\Programme\Windows Media Connect 2\wmccds.exe        File exists
        ||||||        "Windows Presentation Foundation Font Cache 3.0.0.0"
(FontCache3.0.0.0)        "Microsoft Corporation"
c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
File exists
Winlogon
HKCU\Control Panel\Desktop
                      "SCRNSAVE.EXE"        "Google Inc."
C:\WINDOWS\system32\GPhotos.scr        File exists
HKCU\Control Panel\IOProcs
                      "MVB"                mvfs32.dll        File not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
        ||||||        "psfus"        "UPEK Inc."        C:\WINDOWS\system32\psqlpwd.dll        File exists
        ||||          "WgaLogon"        "Microsoft Corporation"
C:\WINDOWS\system32\WgaLogon.dll        File exists

If You have questions or want to get some help, You can visit
hxxp://forum.online-solutions.ru

und ASWmbr:
Code:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-25 17:46:08
-----------------------------
17:46:08.512    OS Version: Windows 5.1.2600 Service Pack 3
17:46:08.512    Number of processors: 2 586 0xE08
17:46:08.512    ComputerName: LENOVO-6E136213  UserName: Administrator
17:46:11.168    Initialize success
17:46:23.324    AVAST engine defs: 12092500
17:46:29.699    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:46:29.699    Disk 0 Vendor: TOSHIBA_MK8032GSX AS114E Size: 76319MB BusType: 3
17:46:29.746    Disk 0 MBR read successfully
17:46:29.746    Disk 0 MBR scan
17:46:29.996    Disk 0 unknown MBR code
17:46:30.012    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        69619 MB offset 63
17:46:30.090    Disk 0 Partition 2 00    12  Compaq diag MSDOS5.0    6696 MB offset 142581600
17:46:30.152    Disk 0 scanning sectors +156295440
17:46:30.418    Disk 0 scanning C:\WINDOWS\system32\drivers
17:47:53.543    Service scanning
17:49:25.496    Modules scanning
17:50:15.809    Module: C:\WINDOWS\System32\DLA\DLADResN.SYS  **SUSPICIOUS**
17:50:22.840    Disk 0 trace - called modules:
17:50:22.871    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
17:50:22.871    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86b2bab8]
17:50:22.871    3 CLASSPNP.SYS[f763cfd7] -> nt!IofCallDriver -> \Device\000000a1[0x86b2f1b8]
17:50:22.871    5 ACPI.sys[f74d2620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86b5fd98]
17:50:26.293    AVAST engine scan C:\WINDOWS
17:51:06.637    AVAST engine scan C:\WINDOWS\system32
18:05:24.324    AVAST engine scan C:\WINDOWS\system32\drivers
18:06:40.902    AVAST engine scan C:\Dokumente und Einstellungen\Administrator
18:16:36.949    AVAST engine scan C:\Dokumente und Einstellungen\All Users
18:17:51.887    Scan finished successfully
18:33:18.871    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Administrator\Desktop\MBR.dat"
18:33:18.918    The log file has been saved successfully to "C:\Dokumente und Einstellungen\Administrator\Desktop\aswMBR 2012-09-25.txt"


cosinus 26.09.2012 11:37

Ja das ist ok, bitte nur die nicht passenden als Anhang. Aber nur wenn sie sich übere viele Beiträge erstrecken, ansonsten das Log zB in drei Teile aufsplitten und auch dann über drei Postings jew. Teil für Teil in CODE-Tags posten

Kalinewirsch 27.09.2012 19:22

Hallo Cosinus,
geht es nun irgendwie weiter?
Ist alles wieder ok?
Danke für Info bzw. weitere Hilfe

cosinus 27.09.2012 20:51

Sry, ich dachte ich hätte die Anweisung gepostet, naja da hab ich mich geirrt

Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast


Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Anschließend Windows neu starten und ein neues Log mit aswMBR machen.

Kalinewirsch 28.09.2012 21:26

MBR fix war sehr schnell beendet. Kann das richtig sein?

Code:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-28 20:26:20
-----------------------------
20:26:20.796    OS Version: Windows 5.1.2600 Service Pack 3
20:26:20.796    Number of processors: 2 586 0xE08
20:26:20.796    ComputerName: LENOVO-6E136213  UserName: Administrator
20:26:22.765    Initialize success
20:26:23.125    AVAST engine defs: 12092700
20:26:27.453    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:26:27.453    Disk 0 Vendor: TOSHIBA_MK8032GSX AS114E Size: 76319MB BusType: 3
20:26:27.484    Disk 0 MBR read successfully
20:26:27.484    Disk 0 MBR scan
20:26:27.500    Disk 0 Windows XP default MBR code
20:26:27.500    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        69619 MB offset 63
20:26:27.531    Disk 0 Partition 2 00    12  Compaq diag MSDOS5.0    6696 MB offset 142581600
20:26:27.546    Disk 0 scanning sectors +156295440
20:26:27.687    Disk 0 scanning C:\WINDOWS\system32\drivers
20:27:03.062    Service scanning
20:28:25.578    Modules scanning
20:28:53.578    Module: C:\WINDOWS\System32\DLA\DLADResN.SYS  **SUSPICIOUS**
20:28:59.656    Disk 0 trace - called modules:
20:28:59.687    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
20:28:59.687    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86b05978]
20:28:59.687    3 CLASSPNP.SYS[f763cfd7] -> nt!IofCallDriver -> \Device\000000a1[0x86b3e9e8]
20:28:59.703    5 ACPI.sys[f74d2620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86b3fd98]
20:29:01.406    AVAST engine scan C:\WINDOWS
20:29:28.562    AVAST engine scan C:\WINDOWS\system32
20:40:16.265    AVAST engine scan C:\WINDOWS\system32\drivers
20:40:59.796    AVAST engine scan C:\Dokumente und Einstellungen\Administrator
20:48:52.890    AVAST engine scan C:\Dokumente und Einstellungen\All Users
20:51:33.468    Scan finished successfully
20:57:59.437    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Administrator\Desktop\MBR.dat"
20:57:59.734    The log file has been saved successfully to "C:\Dokumente und Einstellungen\Administrator\Desktop\aswMBR 12-09-28.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-28 21:52:40
-----------------------------
21:52:40.609    OS Version: Windows 5.1.2600 Service Pack 3
21:52:40.609    Number of processors: 2 586 0xE08
21:52:40.609    ComputerName: LENOVO-6E136213  UserName: Administrator
21:52:42.390    Initialize success
21:52:42.578    AVAST engine defs: 12092800
21:52:45.515    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:52:45.515    Disk 0 Vendor: TOSHIBA_MK8032GSX AS114E Size: 76319MB BusType: 3
21:52:45.546    Disk 0 MBR read successfully
21:52:45.546    Disk 0 MBR scan
21:52:45.546    Disk 0 Windows XP default MBR code
21:52:45.593    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        69619 MB offset 63
21:52:45.625    Disk 0 Partition 2 00    12  Compaq diag MSDOS5.0    6696 MB offset 142581600
21:52:45.718    Disk 0 scanning sectors +156295440
21:52:45.984    Disk 0 scanning C:\WINDOWS\system32\drivers
21:53:21.187    Service scanning
21:54:41.671    Modules scanning
21:55:11.484    Module: C:\WINDOWS\System32\DLA\DLADResN.SYS  **SUSPICIOUS**
21:55:15.265    Disk 0 trace - called modules:
21:55:15.296    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
21:55:15.296    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86b0eab8]
21:55:15.296    3 CLASSPNP.SYS[f763cfd7] -> nt!IofCallDriver -> \Device\000000a1[0x86b1c9e8]
21:55:15.296    5 ACPI.sys[f74d2620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86b3a940]
21:55:16.953    AVAST engine scan C:\WINDOWS
21:55:35.734    AVAST engine scan C:\WINDOWS\system32
22:05:19.953    AVAST engine scan C:\WINDOWS\system32\drivers
22:06:04.500    AVAST engine scan C:\Dokumente und Einstellungen\Administrator
22:14:00.343    AVAST engine scan C:\Dokumente und Einstellungen\All Users
22:15:06.234    Scan finished successfully
22:19:52.390    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Administrator\Desktop\MBR.dat"
22:19:52.406    The log file has been saved successfully to "C:\Dokumente und Einstellungen\Administrator\Desktop\aswMBR 12-09-28.txt"


cosinus 28.09.2012 21:33

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Kalinewirsch 29.09.2012 20:14

Code:

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 09/29/2012 at 09:03 PM

Application Version : 5.5.1022

Core Rules Database Version : 9316
Trace Rules Database Version: 7128

Scan type      : Quick Scan
Total Scan Time : 00:26:53

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned      : 734
Memory threats detected  : 0
Registry items scanned    : 29473
Registry threats detected : 0
File items scanned        : 7185
File threats detected    : 157

Adware.Tracking Cookie
        C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@adviva[1].txt [ /adviva ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@specificclick[1].txt [ /specificclick ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\U6BTNIDW.txt [ /atdmt.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\PDBAIZPR.txt [ /apmebf.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\MPTQTUX4.txt [ /ru4.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\3PNSGPI9.txt [ /tracking.quisma.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\D80UFMFD.txt [ /clicks.coolsearchnow.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\RN9SFSAG.txt [ /ads4adult.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\Q0QO4LS4.txt [ /youporn.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\LJYOJMUJ.txt [ /ad1.adfarm1.adition.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\0S442Y4F.txt [ /ads.creative-serving.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\GHYLT493.txt [ /ads.lzjl.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\N5J8PAOP.txt [ /ad3.adfarm1.adition.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\PJAVIQX1.txt [ /mediaplex.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\V35KKHHQ.txt [ /media.neodau.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\ODVE8FW6.txt [ /s2.trafficno.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\KL8KN89M.txt [ /ox-d.enveromedia.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\45E320SU.txt [ /myroitracking.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\UH45GI8S.txt [ /de.sitestat.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\QLO65I81.txt [ /media6degrees.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\FDLFDD4L.txt [ /ad.zanox.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\A401ZHY7.txt [ /ad.yieldmanager.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\2NTETT0O.txt [ /revsci.net ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\H866WA86.txt [ /ad4.adfarm1.adition.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\UBZ2UDB4.txt [ /goclicker.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\TKQTGTLQ.txt [ /eas.apm.emediate.eu ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\2MQGPCGO.txt [ /ad.zanox.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\LK7R9XWI.txt [ /tracking.quisma.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\XHVQRLJQ.txt [ /atdmt.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\N2L53XVS.txt [ /invitemedia.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\2TPA5NZ8.txt [ /2o7.net ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\M1D657MS.txt [ /serving-sys.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\31RXPRVH.txt [ /ad.ad-srv.net ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\UT6716SS.txt [ /ads.pixfuture.net ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\I6VFZ4CV.txt [ /s4.mediaadserver.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\UAAK1HH5.txt [ /ad.adition.net ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\53PEHWEM.txt [ /doubleclick.net ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\MZ0IDV5Y.txt [ /eclickz.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\X7WRXUC3.txt [ /avatraffic.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\TI2G4L5P.txt [ /lucidmedia.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\D9HTYI3L.txt [ /adfarm1.adition.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\6EH6TBMI.txt [ /bs.serving-sys.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\X8SH4SFD.txt [ /adfarm1.adition.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\9VX14NOC.txt [ /ads.ghettvocab.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\Q7GUVBIJ.txt [ /imrworldwide.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\H9ANL5C0.txt [ /ad.jokeroo.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\UFL8K8QN.txt [ /ad.360yield.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\FS3HW6Q5.txt [ /ox-d.matchflowmedia.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\AW2WHMV2.txt [ /68378.findfastnow.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\3IY9C0XN.txt [ /ad.dyntracker.de ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\P0F9A5S1.txt [ /eas.apm.emediate.eu ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\IMMX3Z4S.txt [ /harrenmedianetwork.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\PDA2FGP4.txt [ /search.eclickz.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\103ZTPP5.txt [ /click.expandsearchanswers.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\YW8JEV8J.txt [ /at.atwola.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\AUP8A36A.txt [ /histats.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\I634L1R7.txt [ /doubleclick.net ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\0EV1E3W7.txt [ /adbrite.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\5Z5UW5H9.txt [ /s4.trafficno.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\P0SH0JU9.txt [ /adjuggler.net ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\93GKU3PU.txt [ /tradedoubler.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\02NWCPWV.txt [ /aim4media.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\I0XVH67H.txt [ /dyntracker.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\WR792IIK.txt [ /www.enveromedia.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\S1L4LRN7.txt [ /serving-sys.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\2KEGYFE2.txt [ /yieldmanager.net ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\AX39D3ND.txt [ /apmebf.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\AS471T92.txt [ /fastclick.net ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\TLDZ03I7.txt [ /zanox.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\4R8ZWTO2.txt [ /ad2.adfarm1.adition.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\306NV3YK.txt [ /ads2.247activemedia.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\2QNM2M73.txt [ /zanox-affiliate.de ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\IX9LBTRM.txt [ /mediaplex.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\M37DGLAW.txt [ /casalemedia.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\8SSFT9O3.txt [ /www.zanox-affiliate.de ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\S1SS6ZXZ.txt [ /vidasco.rotator.hadj7.adjuggler.net ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\DFBY92R3.txt [ /adserver.adtechus.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\D0G2QK0R.txt [ /s3.trafficno.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\JBAOXKFN.txt [ /ad1.adfarm1.adition.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\GVHD2TFD.txt [ /tracking982.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\W1O8I02M.txt [ /ads.us.e-planning.net ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\JIJU1QB5.txt [ /statcounter.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\8NQU79M8.txt [ /tribalfusion.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\Q45KLI32.txt [ /zanox.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\BLXKTAHU.txt [ /ad.yieldmanager.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\00CNUUTZ.txt [ /s3.mediaadserver.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\SZHVMNR7.txt [ /ads.fulltraffic.net ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\XFXCE9NO.txt [ /adtech.de ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\CUML1EF1.txt [ /www.ads4adult.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\RJ571AXY.txt [ /unitymedia.de ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\3K8X0LXR.txt [ /clicksor.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\JK4LKU9Z.txt [ /ad.adc-serv.net ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\37VHFXOV.txt [ /histats.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\Y5KIMG2O.txt [ /webmasterplan.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\FJJ2B34Z.txt [ /track.adform.net ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\G4TZTUYT.txt [ /advertising.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\TN2GYU9H.txt [ /smartadserver.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\YO287UJT.txt [ /click.get-answers-fast.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\1LN93QIH.txt [ /server.adform.net ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\W22DZMKK.txt [ /track.right-ads.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\SIV3X15U.txt [ /adform.net ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\UQ6KSREI.txt [ /adform.net ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\5EC4YN2L.txt [ /imrworldwide.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\91TQW14U.txt [ /traffictrack.de ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\E2VX92HK.txt [ /ads.adoptimized.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\NGYVV3T6.txt [ /filter.vespymedia.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\CG7ZGKSN.txt [ /findfastnow.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\0AZ77MTE.txt [ /kontera.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\J8I4NDB8.txt [ /trafficengine.net ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\O6GS750W.txt [ /test.sem-tracking-analytics.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\7LX2FRJQ.txt [ /xml.trafficengine.net ]
        .libri.112.2o7.net [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        .xiti.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        .sonyeurope.112.2o7.net [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        .guj.122.2o7.net [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wnmyggajeho.stats.esomniture.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        partners.webmasterplan.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        .olympiaverlag.122.2o7.net [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        .toplist.cz [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        in.getclicky.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wjloqgcjghp.stats.esomniture.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        .yadro.ru [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        .yadro.ru [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        ad.dyntracker.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        .cheaptickets.122.2o7.net [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        .liveperson.net [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        server.iad.liveperson.net [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        .liveperson.net [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        statse.webtrendslive.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        www.counter.de [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        .opodo.122.2o7.net [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        .tracker.vinsight.de [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]

Die scans
Code:

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.29.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: LENOVO-6E136213 [Administrator]

29.09.2012 19:38:20
mbam-log-2012-09-29 (19-38-20).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 195290
Laufzeit: 28 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


cosinus 01.10.2012 12:10

Warum machst du nur Quickscan, ich hab doch extra mit roter Fettschrift Vollscans hervorgehoben :(

Kalinewirsch 03.10.2012 12:41

zuviel rot ...
Code:

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.03.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: LENOVO-6E136213 [Administrator]

03.10.2012 09:08:41
mbam-log-2012-10-03 (09-08-41).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 267207
Laufzeit: 3 Stunde(n), 31 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


cosinus 03.10.2012 19:18

Mit sasw hast du auch nur einen Quickscan gemacht!

Kalinewirsch 03.10.2012 21:25

Ist erst jetzt fertig:
Code:

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 10/03/2012 at 10:00 PM

Application Version : 5.5.1022

Core Rules Database Version : 9331
Trace Rules Database Version: 7143

Scan type      : Complete Scan
Total Scan Time : 06:23:55

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned      : 717
Memory threats detected  : 0
Registry items scanned    : 36414
Registry threats detected : 0
File items scanned        : 76446
File threats detected    : 161

Adware.Tracking Cookie
        C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@adviva[1].txt [ /adviva ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@specificclick[1].txt [ /specificclick ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\U6BTNIDW.txt [ /atdmt.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\PDBAIZPR.txt [ /apmebf.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\MPTQTUX4.txt [ /ru4.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\3PNSGPI9.txt [ /tracking.quisma.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\D80UFMFD.txt [ /clicks.coolsearchnow.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\RN9SFSAG.txt [ /ads4adult.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\Q0QO4LS4.txt [ /youporn.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\LJYOJMUJ.txt [ /ad1.adfarm1.adition.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\0S442Y4F.txt [ /ads.creative-serving.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\GHYLT493.txt [ /ads.lzjl.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\N5J8PAOP.txt [ /ad3.adfarm1.adition.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\PJAVIQX1.txt [ /mediaplex.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\V35KKHHQ.txt [ /media.neodau.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\ODVE8FW6.txt [ /s2.trafficno.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\KL8KN89M.txt [ /ox-d.enveromedia.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\45E320SU.txt [ /myroitracking.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\UH45GI8S.txt [ /de.sitestat.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\QLO65I81.txt [ /media6degrees.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\FDLFDD4L.txt [ /ad.zanox.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\A401ZHY7.txt [ /ad.yieldmanager.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\2NTETT0O.txt [ /revsci.net ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\H866WA86.txt [ /ad4.adfarm1.adition.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\UBZ2UDB4.txt [ /goclicker.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\TKQTGTLQ.txt [ /eas.apm.emediate.eu ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\2MQGPCGO.txt [ /ad.zanox.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\LK7R9XWI.txt [ /tracking.quisma.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\XHVQRLJQ.txt [ /atdmt.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\N2L53XVS.txt [ /invitemedia.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\2TPA5NZ8.txt [ /2o7.net ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\M1D657MS.txt [ /serving-sys.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\31RXPRVH.txt [ /ad.ad-srv.net ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\UT6716SS.txt [ /ads.pixfuture.net ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\I6VFZ4CV.txt [ /s4.mediaadserver.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\UAAK1HH5.txt [ /ad.adition.net ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\53PEHWEM.txt [ /doubleclick.net ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\MZ0IDV5Y.txt [ /eclickz.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\X7WRXUC3.txt [ /avatraffic.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\TI2G4L5P.txt [ /lucidmedia.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\D9HTYI3L.txt [ /adfarm1.adition.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\6EH6TBMI.txt [ /bs.serving-sys.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\X8SH4SFD.txt [ /adfarm1.adition.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\9VX14NOC.txt [ /ads.ghettvocab.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\Q7GUVBIJ.txt [ /imrworldwide.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\H9ANL5C0.txt [ /ad.jokeroo.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\UFL8K8QN.txt [ /ad.360yield.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\FS3HW6Q5.txt [ /ox-d.matchflowmedia.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\AW2WHMV2.txt [ /68378.findfastnow.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\3IY9C0XN.txt [ /ad.dyntracker.de ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\P0F9A5S1.txt [ /eas.apm.emediate.eu ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\IMMX3Z4S.txt [ /harrenmedianetwork.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\PDA2FGP4.txt [ /search.eclickz.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\103ZTPP5.txt [ /click.expandsearchanswers.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\YW8JEV8J.txt [ /at.atwola.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\AUP8A36A.txt [ /histats.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\I634L1R7.txt [ /doubleclick.net ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\0EV1E3W7.txt [ /adbrite.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\5Z5UW5H9.txt [ /s4.trafficno.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\P0SH0JU9.txt [ /adjuggler.net ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\93GKU3PU.txt [ /tradedoubler.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\02NWCPWV.txt [ /aim4media.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\I0XVH67H.txt [ /dyntracker.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\WR792IIK.txt [ /www.enveromedia.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\S1L4LRN7.txt [ /serving-sys.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\2KEGYFE2.txt [ /yieldmanager.net ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\AX39D3ND.txt [ /apmebf.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\AS471T92.txt [ /fastclick.net ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\TLDZ03I7.txt [ /zanox.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\4R8ZWTO2.txt [ /ad2.adfarm1.adition.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\306NV3YK.txt [ /ads2.247activemedia.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\2QNM2M73.txt [ /zanox-affiliate.de ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\IX9LBTRM.txt [ /mediaplex.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\M37DGLAW.txt [ /casalemedia.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\8SSFT9O3.txt [ /www.zanox-affiliate.de ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\S1SS6ZXZ.txt [ /vidasco.rotator.hadj7.adjuggler.net ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\DFBY92R3.txt [ /adserver.adtechus.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\D0G2QK0R.txt [ /s3.trafficno.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\JBAOXKFN.txt [ /ad1.adfarm1.adition.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\GVHD2TFD.txt [ /tracking982.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\W1O8I02M.txt [ /ads.us.e-planning.net ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\JIJU1QB5.txt [ /statcounter.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\8NQU79M8.txt [ /tribalfusion.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\Q45KLI32.txt [ /zanox.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\BLXKTAHU.txt [ /ad.yieldmanager.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\00CNUUTZ.txt [ /s3.mediaadserver.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\SZHVMNR7.txt [ /ads.fulltraffic.net ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\XFXCE9NO.txt [ /adtech.de ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\CUML1EF1.txt [ /www.ads4adult.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\RJ571AXY.txt [ /unitymedia.de ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\3K8X0LXR.txt [ /clicksor.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\JK4LKU9Z.txt [ /ad.adc-serv.net ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\37VHFXOV.txt [ /histats.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\Y5KIMG2O.txt [ /webmasterplan.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\FJJ2B34Z.txt [ /track.adform.net ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\G4TZTUYT.txt [ /advertising.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\TN2GYU9H.txt [ /smartadserver.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\YO287UJT.txt [ /click.get-answers-fast.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\1LN93QIH.txt [ /server.adform.net ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\W22DZMKK.txt [ /track.right-ads.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\SIV3X15U.txt [ /adform.net ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\UQ6KSREI.txt [ /adform.net ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\5EC4YN2L.txt [ /imrworldwide.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\91TQW14U.txt [ /traffictrack.de ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\E2VX92HK.txt [ /ads.adoptimized.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\NGYVV3T6.txt [ /filter.vespymedia.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\CG7ZGKSN.txt [ /findfastnow.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\0AZ77MTE.txt [ /kontera.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\J8I4NDB8.txt [ /trafficengine.net ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\O6GS750W.txt [ /test.sem-tracking-analytics.com ]
        C:\Dokumente und Einstellungen\Administrator\Cookies\7LX2FRJQ.txt [ /xml.trafficengine.net ]
        .libri.112.2o7.net [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        .xiti.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        .sonyeurope.112.2o7.net [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        .guj.122.2o7.net [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wnmyggajeho.stats.esomniture.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        partners.webmasterplan.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        .olympiaverlag.122.2o7.net [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        .toplist.cz [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        in.getclicky.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wjloqgcjghp.stats.esomniture.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        .yadro.ru [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        .yadro.ru [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        ad.dyntracker.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        .cheaptickets.122.2o7.net [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        .liveperson.net [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        server.iad.liveperson.net [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        .liveperson.net [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        statse.webtrendslive.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        www.counter.de [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        .opodo.122.2o7.net [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        .tracker.vinsight.de [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]

Trojan.Agent/Gen-Nullo[Short]
        C:\SYSTEM VOLUME INFORMATION\_RESTORE{B991F27A-883F-42A9-A172-EAAB1D37FFFA}\RP114\A0039127.EXE
        C:\SYSTEM VOLUME INFORMATION\_RESTORE{B991F27A-883F-42A9-A172-EAAB1D37FFFA}\RP114\A0039128.EXE
        C:\SYSTEM VOLUME INFORMATION\_RESTORE{B991F27A-883F-42A9-A172-EAAB1D37FFFA}\RP116\A0043517.EXE
        C:\SYSTEM VOLUME INFORMATION\_RESTORE{B991F27A-883F-42A9-A172-EAAB1D37FFFA}\RP116\A0043518.EXE


cosinus 04.10.2012 09:08

Wenn überhaupt nur Überreste in Wiederherstellungspunkten, aber sasw ist recht fehlalarmlastig, lass die Funde so

Ansonsten nur Cookies, kann weg

Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Kalinewirsch 04.10.2012 20:26

Vielen Dank für die geduldige Hilfe.
Ich habe keine Probleme mehr bemerkt. Das Avira habe ich gegen Avast ausgewechselt.
Vielen Dank auch für die Infos zum Thema Cookies ich habe zunächst mal die Einstellung in FF verändert die empfohlenen Seiten schaue ich mir noch an.
Schöne Grüße
kalinewirsch

Vielen Dank für die geduldige Hilfe.
Ich habe keine Probleme mehr bemerkt. Das Avira habe ich gegen Avast ausgewechselt.
Vielen Dank auch für die Infos zum Thema Cookies ich habe zunächst mal die Einstellung in FF verändert die empfohlenen Seiten schaue ich mir noch an.
Schöne Grüße
kalinewirsch

cosinus 05.10.2012 11:04

Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.


Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks => Adobe Flash Player Distribution | Adobe

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 05:00 Uhr.

Copyright ©2000-2026, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132