Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Kryptik und andere UNDINGER auf meinem nun leeren Rechner...

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 27.01.2012, 15:57   #1
unwissende00
 
Kryptik und andere UNDINGER auf meinem nun leeren Rechner... - Icon27

Kryptik und andere UNDINGER auf meinem nun leeren Rechner...



Halli Hallo liebes Forum,

nachdem eine wohl nette Trojaner-Software getarnt als ANTI-VIRUS Software meinemComputerwohl den Rest gegeben hat, wende ich mich hilfesuchend an euch.

C ist leer... Zumindestens offensichtlich, alle Dateien sind versteckt, Start ist leer, Bildschirm ist blau (nachdem er mal schwarz war) imHintergrund...

ICh denke, da läuft die Pest auf meinem Rechner. SpyBot&Destroy hat ein paar sachen gefunden und auch beseitigt, aber es ist immer noch so, wie vorher. Microsoft security essentials meckert immer noch.

hier Hijack-File:

Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:43:24, on 27.01.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Gemeinsame Dateien\DATA BECKER Shared\DBService.exe
C:\Programme\ThinkPad\Utilities\DOZESVC.EXE
C:\QSTART.SYS\config\DVMExportService.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
C:\Programme\USB Camera\VM331_STI.EXE
C:\Programme\Apoint2K\Apoint.exe
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\igfxext.exe
C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programme\Lexmark 1200 Series\lxczbmgr.exe
C:\Programme\Lexmark 1200 Series\lxczbmon.exe
C:\Programme\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe
C:\Programme\Microsoft Security Client\msseces.exe
C:\Programme\Lenovo\System Update\SUService.exe
C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
C:\Programme\Apoint2K\ApMsgFwd.exe
C:\Programme\Apoint2K\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Lenovo\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programme\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =  127.0.0.1;*.local
R3 - URLSearchHook: (no name) -  - (no file)
R3 - URLSearchHook: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
O4 - HKLM\..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [331BigDog] C:\Programme\USB Camera\VM331_STI.EXE
O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe
O4 - HKLM\..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Programme\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSC] "c:\Programme\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_93C8148BBB233F43.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: LENOVO - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - hxxp://www.lenovo.com (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=hxxp://www.lenovo.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1271851683671
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - hxxp://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\Lenovo\Bluetooth Software\bin\btwdins.exe
O23 - Service: DATA BECKER Update Service (DBService) - DATA BECKER GmbH & Co KG - C:\Programme\Gemeinsame Dateien\DATA BECKER Shared\DBService.exe
O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Programme\ThinkPad\Utilities\DOZESVC.EXE
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM - C:\QSTART.SYS\config\DVMExportService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Programme\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Unknown owner - C:\Programme\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Programme\Lenovo\System Update\SUService.exe
O23 - Service: System Repair Windows Update Monitor (System_Repair_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe

--
End of file - 11562 bytes
         

eset logfile:

Code:
ATTFilter
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f17ca1ad8065e049afc24c37e119ae26
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-26 11:28:35
# local_time=2012-01-27 12:28:35 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1280 16777215 100 0 0 0 0 0
# compatibility_mode=5891 16776533 42 87 16033 36152151 0 0
# compatibility_mode=8192 67108863 100 0 3781 3781 0 0
# scanned=59080
# found=3
# cleaned=0
# scan_time=9583
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UHUteKeMQKxWUoQ.exe	a variant of Win32/Kryptik.ZMQ trojan (unable to clean)	00000000000000000000000000000000	I
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\yre2SQ72VWK650.exe	a variant of Win32/Kryptik.ZMQ trojan (unable to clean)	00000000000000000000000000000000	I
C:\System Volume Information\_restore{41490380-0DA4-4E9A-8680-224945C69265}\RP612\A0196551.exe	Win32/SoftonicDownloader.C application (unable to clean)	00000000000000000000000000000000	I
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f17ca1ad8065e049afc24c37e119ae26
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-01-27 01:19:12
# local_time=2012-01-27 02:19:12 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1031
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1280 16777215 100 0 0 0 0 0
# compatibility_mode=5891 16776533 42 87 3792 36163076 0 0
# compatibility_mode=8192 67108863 100 0 14706 14706 0 0
# scanned=44868
# found=1
# cleaned=1
# scan_time=5295
C:\System Volume Information\_restore{41490380-0DA4-4E9A-8680-224945C69265}\RP612\A0196551.exe	Win32/SoftonicDownloader.C Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)	00000000000000000000000000000000	C
         


HILFE!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!





Sarah

Alt 27.01.2012, 15:58   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Kryptik und andere UNDINGER auf meinem nun leeren Rechner... - Standard

Kryptik und andere UNDINGER auf meinem nun leeren Rechner...



Bitte keine Hijackthis-Log posten!
Und die Logs von Spybot und MSE müsste ich mal sehen.

Mach mal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________

__________________

Alt 27.01.2012, 16:25   #3
unwissende00
 
Kryptik und andere UNDINGER auf meinem nun leeren Rechner... - Icon27

Kryptik und andere UNDINGER auf meinem nun leeren Rechner...



Spybot alle die ich habe...

Code:
ATTFilter
27.01.2012 00:51:46 - ##### check started #####
27.01.2012 00:51:46 - ### Version: 1.6.2
27.01.2012 00:51:46 - ### Date: 27.01.2012 00:51:46
27.01.2012 00:51:52 - ##### checking bots #####
27.01.2012 00:54:04 - found: Babylon.Toolbar Einstellungen 
27.01.2012 00:54:04 - found: Babylon.Toolbar Einstellungen 
27.01.2012 00:54:04 - found: Babylon.Toolbar Root class 
27.01.2012 00:54:04 - found: Babylon.Toolbar Root class 
27.01.2012 00:54:04 - found: Babylon.Toolbar Root class 
27.01.2012 00:54:04 - found: Babylon.Toolbar Root class 
27.01.2012 00:54:05 - found: Babylon.Toolbar Einstellungen 
27.01.2012 00:54:05 - found: Babylon.Toolbar IE Suchseite 
27.01.2012 00:54:05 - found: Babylon.Toolbar IE Suchseite 
27.01.2012 01:56:25 - ##### check finished #####
         
Code:
ATTFilter
--- Report generated: 2012-01-27 01:56 ---

Babylon.Toolbar: [SBI $3BE29F71] Einstellungen (Registrierungsdatenbank-Schlüssel, nothing done)
  HKEY_CLASSES_ROOT\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}

Babylon.Toolbar: [SBI $AA4747ED] Einstellungen (Registrierungsdatenbank-Schlüssel, nothing done)
  HKEY_CLASSES_ROOT\AppID\escort.DLL

Babylon.Toolbar: [SBI $B04483F7] Root class (Registrierungsdatenbank-Schlüssel, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr

Babylon.Toolbar: [SBI $B04483F7] Root class (Registrierungsdatenbank-Schlüssel, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1

Babylon.Toolbar: [SBI $B04483F7] Root class (Registrierungsdatenbank-Schlüssel, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1

Babylon.Toolbar: [SBI $B04483F7] Root class (Registrierungsdatenbank-Schlüssel, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr

Babylon.Toolbar: [SBI $5FA838EA] Einstellungen (Registrierungsdatenbank-Schlüssel, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Google\chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb

Babylon.Toolbar: [SBI $DC3E8AFA] IE Suchseite (Registrierungsdatenbank-Änderung, nothing done)
  HKEY_LOCAL_MACHINESoftware\Microsoft\Internet Explorer\Search\SearchAssistant=about:blank

Babylon.Toolbar: [SBI $DC3E8AFA] IE Suchseite (Registrierungsdatenbank-Änderung, nothing done)
  HKEY_LOCAL_MACHINESoftware\Microsoft\Internet Explorer\Search\SearchAssistant=about:blank


--- Spybot - Search & Destroy version: 1.6.2  (build: 20090126) ---

2010-04-22 unins000.exe (51.49.0.0)
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-01-26 SDShred.exe (1.0.2.5)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-01-26 SDHelper.dll (1.6.2.14)
2009-01-26 Tools.dll (2.1.6.10)
2008-06-14 DelZip179.dll (1.79.11.1)
2007-04-02 aports.dll (2.1.0.0)
2008-06-19 sqlite3.dll
2009-11-04 advcheck.dll (1.6.5.20)
2004-11-29 Includes\LSP.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2012-01-10 Includes\Malware.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-02-24 Includes\Security.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2012-01-17 Includes\Spyware.sbi (*)
2012-01-16 Includes\Adware.sbi (*)
2011-09-28 Includes\Trojans.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2011-11-29 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2011-10-04 Includes\HijackersC.sbi (*)
2012-01-24 Includes\KeyloggersC.sbi (*)
2012-01-24 Includes\MalwareC.sbi (*)
2011-12-27 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2011-12-13 Includes\SecurityC.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-01-17 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2012-01-16 Includes\TrojansC-02.sbi (*)
2012-01-24 Includes\TrojansC-03.sbi (*)
2012-01-25 Includes\TrojansC-04.sbi (*)
2012-01-24 Includes\TrojansC-05.sbi (*)
2012-01-17 Includes\TrojansC.sbi (*)
2012-01-17 Includes\AdwareC.sbi (*)
2007-12-24 Plugins\TCPIPAddress.dll
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
         
Code:
ATTFilter
--- Report generated: 2012-01-27 08:00 ---


--- Spybot - Search & Destroy version: 1.6.2  (build: 20090126) ---

2010-04-22 unins000.exe (51.49.0.0)
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-01-26 SDShred.exe (1.0.2.5)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-01-26 SDHelper.dll (1.6.2.14)
2009-01-26 Tools.dll (2.1.6.10)
2008-06-14 DelZip179.dll (1.79.11.1)
2007-04-02 aports.dll (2.1.0.0)
2008-06-19 sqlite3.dll
2009-11-04 advcheck.dll (1.6.5.20)
2004-11-29 Includes\LSP.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2012-01-10 Includes\Malware.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-02-24 Includes\Security.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2012-01-17 Includes\Spyware.sbi (*)
2012-01-16 Includes\Adware.sbi (*)
2011-09-28 Includes\Trojans.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2011-11-29 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2011-10-04 Includes\HijackersC.sbi (*)
2012-01-24 Includes\KeyloggersC.sbi (*)
2012-01-24 Includes\MalwareC.sbi (*)
2011-12-27 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2011-12-13 Includes\SecurityC.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-01-17 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2012-01-16 Includes\TrojansC-02.sbi (*)
2012-01-24 Includes\TrojansC-03.sbi (*)
2012-01-25 Includes\TrojansC-04.sbi (*)
2012-01-24 Includes\TrojansC-05.sbi (*)
2012-01-17 Includes\TrojansC.sbi (*)
2012-01-17 Includes\AdwareC.sbi (*)
2007-12-24 Plugins\TCPIPAddress.dll
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
         
Code:
ATTFilter
--- Report generated: 2012-01-27 07:04 ---

Babylon.Toolbar: [SBI $3BE29F71] Einstellungen (Registrierungsdatenbank-Schlüssel, fixed)
  HKEY_CLASSES_ROOT\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}

Babylon.Toolbar: [SBI $AA4747ED] Einstellungen (Registrierungsdatenbank-Schlüssel, fixed)
  HKEY_CLASSES_ROOT\AppID\escort.DLL

Babylon.Toolbar: [SBI $B04483F7] Root class (Registrierungsdatenbank-Schlüssel, fixed)
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr

Babylon.Toolbar: [SBI $B04483F7] Root class (Registrierungsdatenbank-Schlüssel, fixed)
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1

Babylon.Toolbar: [SBI $B04483F7] Root class (Registrierungsdatenbank-Schlüssel, fixing failed)
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1

Babylon.Toolbar: [SBI $B04483F7] Root class (Registrierungsdatenbank-Schlüssel, fixing failed)
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr

Babylon.Toolbar: [SBI $5FA838EA] Einstellungen (Registrierungsdatenbank-Schlüssel, fixed)
  HKEY_LOCAL_MACHINE\SOFTWARE\Google\chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb

Babylon.Toolbar: [SBI $DC3E8AFA] IE Suchseite (Registrierungsdatenbank-Änderung, fixed)
  HKEY_LOCAL_MACHINESoftware\Microsoft\Internet Explorer\Search\SearchAssistant=about:blank

Babylon.Toolbar: [SBI $DC3E8AFA] IE Suchseite (Registrierungsdatenbank-Änderung, fixed)
  HKEY_LOCAL_MACHINESoftware\Microsoft\Internet Explorer\Search\SearchAssistant=about:blank


--- Spybot - Search & Destroy version: 1.6.2  (build: 20090126) ---

2010-04-22 unins000.exe (51.49.0.0)
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDUpdate.exe (1.6.0.12)
         
__________________

Alt 27.01.2012, 17:29   #4
unwissende00
 
Kryptik und andere UNDINGER auf meinem nun leeren Rechner... - Standard

Kryptik und andere UNDINGER auf meinem nun leeren Rechner...



Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.27.03

Windows XP Service Pack 3 x86 FAT32
Internet Explorer 8.0.6001.18702
Sarah :: IDEAPAD-S12 [Administrator]

Schutz: Aktiviert

27.01.2012 16:05:33
mbam-log-2012-01-27 (17-28-30).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 207436
Laufzeit: 1 Stunde(n), 3 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 6
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRun (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Alt 27.01.2012, 20:20   #5
unwissende00
 
Kryptik und andere UNDINGER auf meinem nun leeren Rechner... - Icon35

Kryptik und andere UNDINGER auf meinem nun leeren Rechner...



War das falsch???


Alt 27.01.2012, 22:04   #6
unwissende00
 
Kryptik und andere UNDINGER auf meinem nun leeren Rechner... - Daumen hoch

Kryptik und andere UNDINGER auf meinem nun leeren Rechner...



Ich mach echt alles...

OTL

Code:
ATTFilter
OTL logfile created on: 27.01.2012 21:37:14 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Dokumente und Einstellungen\Sarah\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,49 Gb Total Physical Memory | 0,73 Gb Available Physical Memory | 49,19% Memory free
2,83 Gb Paging File | 2,12 Gb Available in Paging File | 74,71% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 103,89 Gb Total Space | 81,11 Gb Free Space | 78,07% Space Free | Partition Type: FAT32
Drive D: | 30,38 Gb Total Space | 29,40 Gb Free Space | 96,77% Space Free | Partition Type: NTFS
 
Computer Name: IDEAPAD-S12 | User Name: Sarah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.27 21:28:10 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sarah\Desktop\OTL.exe
PRC - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.12.24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.06.15 15:16:48 | 000,997,920 | -H-- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2011.04.27 15:39:26 | 000,228,520 | -H-- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\MpCmdRun.exe
PRC - [2011.04.27 15:39:26 | 000,011,736 | -H-- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011.04.08 12:59:52 | 000,254,696 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2010.05.30 21:53:18 | 000,187,456 | -H-- | M] (DATA BECKER GmbH & Co KG) -- C:\Programme\Gemeinsame Dateien\DATA BECKER Shared\DBService.exe
PRC - [2010.03.03 01:20:00 | 000,132,456 | -H-- | M] (Lenovo.) -- C:\Programme\ThinkPad\Utilities\DOZESVC.EXE
PRC - [2010.03.03 01:20:00 | 000,053,248 | -H-- | M] () -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2009.06.12 10:55:48 | 000,028,672 | -H-- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\System Update\SUService.exe
PRC - [2009.03.26 10:20:40 | 000,315,392 | -H-- | M] (DeviceVM) -- C:\QSTART.SYS\config\DVMExportService.exe
PRC - [2009.02.11 04:13:52 | 000,532,480 | -H-- | M] (Vimicro) -- C:\Programme\USB Camera\VM331_STI.EXE
PRC - [2009.01.16 17:56:42 | 000,346,720 | -H-- | M] (Broadcom Corporation.) -- C:\Programme\Lenovo\Bluetooth Software\bin\btwdins.exe
PRC - [2009.01.04 12:57:28 | 004,462,464 | -H-- | M] (Lenovo(Beijing)Limited) -- C:\Program Files\Lenovo\Energy Management\utility.exe
PRC - [2008.12.26 10:05:46 | 001,277,952 | -H-- | M] (Lenovo (Beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\Energy Management.exe
PRC - [2008.09.27 11:00:24 | 000,430,080 | -H-- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
PRC - [2008.07.20 17:45:06 | 000,354,840 | -H-- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008.07.20 17:45:06 | 000,182,808 | -H-- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008.04.14 04:00:00 | 001,036,800 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.03.04 10:34:20 | 000,487,424 | -H-- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
PRC - [2008.03.04 10:34:12 | 001,122,304 | -H-- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
PRC - [2007.09.26 17:34:46 | 000,644,408 | -H-- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2006.07.13 13:33:14 | 000,053,248 | -H-- | M] (Lexmark International, Inc.) -- C:\Programme\Lexmark 1200 Series\lxczbmon.exe
PRC - [2006.07.13 13:26:10 | 000,057,344 | -H-- | M] (Lexmark International, Inc.) -- C:\Programme\Lexmark 1200 Series\lxczbmgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.10.14 17:33:20 | 000,212,992 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2011.10.14 17:28:48 | 005,450,752 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011.10.14 17:28:16 | 007,950,848 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011.10.14 17:27:36 | 011,490,816 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2010.04.21 17:48:30 | 000,315,392 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.04.21 17:48:24 | 000,040,960 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll
MOD - [2010.03.03 01:20:00 | 000,053,248 | -H-- | M] () -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe
MOD - [2010.03.03 01:20:00 | 000,043,008 | -H-- | M] () -- C:\Programme\ThinkPad\Utilities\GR\PWRMGRRT.DLL
MOD - [2009.02.27 16:41:26 | 000,311,296 | -H-- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU
MOD - [2008.05.21 17:33:22 | 000,045,056 | -H-- | M] () -- C:\Program Files\Lenovo\Energy Management\KbdHook.dll
MOD - [2008.01.03 19:23:06 | 000,167,936 | -H-- | M] () -- C:\Program Files\Lenovo\OneKey App\System Repair\LenovoAPI.dll
MOD - [2007.08.21 13:32:44 | 000,098,304 | -H-- | M] () -- C:\WINDOWS\system32\redmonnt.dll
MOD - [2006.01.19 12:33:38 | 000,078,336 | -H-- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LXCZPP5C.DLL
MOD - [2005.06.24 03:05:02 | 000,045,056 | -H-- | M] () -- C:\Program Files\Lenovo\Energy Management\HookLib.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] --  -- (HidServ)
SRV - File not found [On_Demand | Stopped] --  -- (gupdatem) Google Update-Dienst (gupdatem)
SRV - File not found [Auto | Stopped] --  -- (gupdate) Google Update Service (gupdate)
SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)
SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.04.27 15:39:26 | 000,011,736 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010.05.30 21:53:18 | 000,187,456 | -H-- | M] (DATA BECKER GmbH & Co KG) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\DATA BECKER Shared\DBService.exe -- (DBService)
SRV - [2010.03.03 01:20:00 | 000,132,456 | -H-- | M] (Lenovo.) [Auto | Running] -- C:\Programme\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc)
SRV - [2010.03.03 01:20:00 | 000,053,248 | -H-- | M] () [Auto | Running] -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2009.06.12 10:55:48 | 000,028,672 | -H-- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2009.03.26 10:20:40 | 000,315,392 | -H-- | M] (DeviceVM) [Auto | Running] -- C:\QSTART.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2009.01.16 17:56:42 | 000,346,720 | -H-- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\Lenovo\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2008.11.04 01:06:28 | 000,441,712 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008.09.27 11:00:24 | 000,430,080 | -H-- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe -- (System_Repair_UpdateMonitor)
SRV - [2008.07.20 17:45:06 | 000,354,840 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008.03.04 10:34:12 | 001,122,304 | -H-- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2007.09.26 17:34:46 | 000,644,408 | -H-- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2006.10.26 14:03:08 | 000,145,184 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010.03.03 01:20:00 | 000,024,304 | -H-- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\DozeHDD.sys -- (DozeHDD)
DRV - [2010.03.03 01:20:00 | 000,004,442 | -H-- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2010.02.24 12:22:10 | 000,185,472 | -H-- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2009.05.08 03:06:10 | 000,203,312 | -H-- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009.03.02 08:57:22 | 000,995,328 | -H-- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vm331avs.sys -- (vm331avs)
DRV - [2009.02.03 07:42:32 | 000,162,816 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009.01.07 23:19:00 | 000,991,784 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008.10.30 21:19:16 | 000,047,272 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008.09.10 19:14:48 | 001,386,624 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008.08.28 18:39:08 | 000,048,192 | -H-- | M] (Lenovo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tvtumon.sys -- (tvtumon)
DRV - [2008.07.24 10:37:12 | 000,156,816 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2008.05.30 04:46:14 | 000,534,568 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008.04.02 08:00:02 | 005,056,000 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.04.02 08:00:02 | 001,684,736 | -H-- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008.04.02 08:00:02 | 001,389,056 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2008.02.04 09:57:46 | 000,037,160 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2008.01.11 14:58:42 | 000,009,472 | -H-- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2008.01.10 10:59:08 | 000,081,192 | -H-- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WSVD.sys -- (WSVD)
DRV - [2007.09.17 13:00:12 | 000,161,792 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007.05.23 16:33:58 | 000,128,104 | -H-- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007.02.19 07:56:46 | 000,021,376 | -H-- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =  127.0.0.1;*.local
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Programme\Google\Update\1.2.183.29\npGoogleOneClick8.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
 
 
 
O1 HOSTS File: ([2012.01.26 23:55:34 | 000,392,788 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 13564 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O2 - BHO: (no name) - {326E768D-4182-46FD-9C16-1449A49795F4} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - No CLSID value found.
O2 - BHO: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
O4 - HKLM..\Run: [331BigDog] C:\Programme\USB Camera\VM331_STI.EXE (Vimicro)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Lexmark 1200 Series] C:\Programme\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_93C8148BBB233F43.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Mit FRITZ!Box Anrufen - Reg Error: Value error. File not found
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: LENOVO - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - hxxp://www.lenovo.com File not found
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1271851683671 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{84753FCB-80EF-4817-88AB-33A577F161E8}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Sarah\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Sarah\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.07.03 00:42:14 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{833f6520-48ea-11dd-a2d1-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{833f6520-48ea-11dd-a2d1-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{833f6520-48ea-11dd-a2d1-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{8af4ed36-47d3-11e0-9aab-002100edc2b5}\Shell - "" = AutoRun
O33 - MountPoints2\{8af4ed36-47d3-11e0-9aab-002100edc2b5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8af4ed36-47d3-11e0-9aab-002100edc2b5}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - 
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.0
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package - 
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt -  File not found
NetSvcs: HidServ -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.27 21:28:00 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sarah\Desktop\OTL.exe
[2012.01.27 16:04:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Malwarebytes
[2012.01.27 16:03:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.01.27 16:03:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.01.27 16:03:42 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.01.27 16:03:42 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.01.27 15:42:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sarah\Desktop\hijack
[2012.01.27 15:41:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sarah\Startmenü\Programme\HiJackThis
[2012.01.27 15:41:10 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2012.01.27 07:08:40 | 000,000,000 | -HSD | C] -- C:\FOUND.014
[2012.01.27 00:39:29 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Sarah\Recent
[2012.01.26 21:45:53 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.01.26 09:45:26 | 000,000,000 | -HSD | C] -- C:\FOUND.013
[2012.01.24 21:24:47 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Sarah\.thumbnails
[2012.01.17 16:19:22 | 000,000,000 | -HSD | C] -- C:\FOUND.012
[2012.01.15 21:33:49 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Sarah\Desktop\HOCHZEIT
[2012.01.11 10:46:48 | 000,000,000 | -HSD | C] -- C:\FOUND.011
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.27 21:56:02 | 000,000,382 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012.01.27 21:36:22 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\tjc3ltwv.exe
[2012.01.27 21:34:54 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.01.27 21:30:18 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2012.01.27 21:29:02 | 000,001,088 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.27 21:28:10 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sarah\Desktop\OTL.exe
[2012.01.27 21:27:38 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Sarah\defogger_reenable
[2012.01.27 21:26:12 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\Defogger.exe
[2012.01.27 21:20:44 | 000,000,056 | -HS- | M] () -- C:\_PartitionInfo
[2012.01.27 21:20:04 | 000,001,084 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.27 21:19:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.01.27 16:03:58 | 000,000,660 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.26 22:07:30 | 000,001,434 | ---- | M] () -- C:\WINDOWS\System32\drivers\slkjsdth.dat
[2012.01.26 09:46:08 | 003,610,120 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.01.22 11:45:22 | 000,036,877 | -H-- | M] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\Bild 049.jpg
[2012.01.08 08:01:22 | 000,535,426 | -H-- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.01.08 08:01:22 | 000,483,380 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.01.08 08:01:22 | 000,115,726 | -H-- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.01.08 08:01:22 | 000,087,090 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.01.27 21:36:06 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\tjc3ltwv.exe
[2012.01.27 21:27:36 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Sarah\defogger_reenable
[2012.01.27 21:26:16 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\Defogger.exe
[2012.01.27 16:03:56 | 000,000,660 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.27 00:57:30 | 000,000,177 | -H-- | C] () -- C:\dvmexp.idx
[2012.01.26 22:07:28 | 000,001,434 | ---- | C] () -- C:\WINDOWS\System32\drivers\slkjsdth.dat
[2012.01.22 11:45:20 | 000,036,877 | -H-- | C] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\Bild 049.jpg
[2011.04.11 21:17:31 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011.03.06 15:14:49 | 000,027,648 | -H-- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010.11.27 17:20:12 | 000,098,304 | -H-- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2010.08.15 16:50:41 | 000,014,336 | -H-- | C] () -- C:\Dokumente und Einstellungen\Sarah\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.05 11:15:29 | 000,000,076 | -H-- | C] () -- C:\WINDOWS\dellstat.ini
[2010.07.05 11:13:51 | 000,000,393 | -H-- | C] () -- C:\WINDOWS\lexstat.ini
[2010.07.05 11:12:07 | 000,155,648 | -H-- | C] () -- C:\WINDOWS\System32\LEXPING.EXE
[2010.07.05 11:12:07 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\lxczvs.dll
[2010.07.05 11:12:07 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\INSTMON.EXE
[2010.07.05 11:10:46 | 000,000,270 | -H-- | C] () -- C:\WINDOWS\System32\lxczcoin.ini
[2010.06.09 14:53:24 | 001,126,560 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2010.04.23 04:31:02 | 000,065,308 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010.04.21 15:36:44 | 000,196,608 | -H-- | C] () -- C:\WINDOWS\PWMBTHLP.EXE
[2010.04.21 15:36:43 | 000,004,442 | -H-- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2010.04.21 13:13:32 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2009.06.21 21:52:10 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2009.06.21 17:03:16 | 000,036,864 | -H-- | C] () -- C:\WINDOWS\setbt.exe
[2009.06.21 16:20:14 | 009,338,880 | -H-- | C] () -- C:\WINDOWS\System32\Facev.dll
[2009.06.21 16:20:14 | 000,495,616 | -H-- | C] () -- C:\WINDOWS\System32\picn.dll
[2009.06.21 16:20:14 | 000,208,896 | -H-- | C] () -- C:\WINDOWS\System32\image.dll
[2009.06.21 16:20:13 | 001,564,672 | -H-- | C] () -- C:\WINDOWS\System32\MainOp.dll
[2009.06.21 16:20:13 | 000,655,360 | -H-- | C] () -- C:\WINDOWS\System32\EncIcons.dll
[2009.06.21 16:20:13 | 000,507,904 | -H-- | C] () -- C:\WINDOWS\System32\SimpleExt.dll
[2009.06.21 16:20:13 | 000,241,752 | -H-- | C] () -- C:\WINDOWS\System32\IcnOvrly.dll
[2009.06.21 16:20:13 | 000,221,184 | -H-- | C] () -- C:\WINDOWS\System32\SetDev.dll
[2009.06.21 16:20:13 | 000,126,976 | -H-- | C] () -- C:\WINDOWS\System32\VideoOp.dll
[2009.06.21 16:20:13 | 000,053,248 | -H-- | C] () -- C:\WINDOWS\System32\FunFrm.dll
[2009.06.21 16:20:12 | 009,502,720 | -H-- | C] () -- C:\WINDOWS\System32\FaceVerify.dll
[2009.06.21 16:20:12 | 001,974,272 | -H-- | C] () -- C:\WINDOWS\System32\Imagereog.dll
[2009.06.21 16:20:12 | 001,167,360 | -H-- | C] () -- C:\WINDOWS\System32\PicNotify.dll
[2009.06.21 16:20:12 | 000,974,848 | -H-- | C] () -- C:\WINDOWS\System32\Apblend.dll
[2009.06.21 16:20:12 | 000,094,208 | -H-- | C] () -- C:\WINDOWS\System32\Momo.dll
[2009.06.21 16:20:12 | 000,049,152 | -H-- | C] () -- C:\WINDOWS\System32\DevFilt.dll
[2009.06.21 16:20:10 | 000,241,664 | -H-- | C] () -- C:\WINDOWS\System32\3DImageRenderer.dll
[2009.06.21 15:57:32 | 000,001,282 | -H-- | C] () -- C:\WINDOWS\vm331Rmv.ini
[2009.06.21 15:46:32 | 000,147,456 | -H-- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009.01.16 17:55:38 | 002,854,976 | -H-- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008.11.07 18:08:20 | 000,362,029 | -H-- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2008.07.21 18:30:37 | 000,001,650 | -H-- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008.07.03 01:34:14 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008.07.03 01:33:08 | 003,610,120 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008.07.03 00:44:15 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008.07.03 00:39:50 | 000,021,740 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008.05.26 22:23:36 | 000,016,834 | -H-- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008.05.26 22:23:34 | 000,024,188 | -H-- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008.05.26 22:23:32 | 000,016,568 | -H-- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008.05.26 21:59:42 | 000,018,904 | -H-- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008.05.26 21:59:40 | 000,106,605 | -H-- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008.04.14 04:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008.04.14 04:00:00 | 000,535,426 | -H-- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2008.04.14 04:00:00 | 000,483,380 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008.04.14 04:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008.04.14 04:00:00 | 000,269,480 | -H-- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2008.04.14 04:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008.04.14 04:00:00 | 000,115,726 | -H-- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2008.04.14 04:00:00 | 000,087,090 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008.04.14 04:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2008.04.14 04:00:00 | 000,034,478 | -H-- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2008.04.14 04:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008.04.14 04:00:00 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008.04.14 04:00:00 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008.04.14 04:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2001.11.14 12:56:00 | 001,802,240 | -H-- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001.10.09 23:36:22 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.10.09 23:35:30 | 000,004,492 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
 
========== LOP Check ==========
 
[2010.04.21 15:29:54 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCDr
[2010.04.22 00:32:52 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Azureus
[2010.04.22 01:09:50 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Laplink
[2010.04.22 01:10:10 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spearit
[2010.04.23 10:46:18 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2010.04.29 09:30:22 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.05.30 21:53:16 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DATA BECKER Downloads
[2010.06.12 13:30:14 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010.06.12 13:30:22 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2010.08.27 12:07:56 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MySQL
[2011.01.19 21:07:16 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular
[2011.12.24 08:17:10 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RavensburgerTipToi
[2010.04.21 14:48:02 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Windows Desktop Search
[2010.04.21 15:01:48 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Windows Search
[2010.04.22 01:10:10 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Spearit
[2010.05.30 21:52:40 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\ProtectDisc
[2010.05.31 07:56:12 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\mresreg
[2010.06.01 21:41:38 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\VSO
[2010.06.10 13:50:04 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\SmartTools
[2010.06.12 13:30:48 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\TuneUp Software
[2010.08.21 08:25:08 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\OCS
[2011.12.24 08:17:10 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\RavensburgerTipToi
[2012.01.27 21:56:02 | 000,000,382 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job
[2011.08.05 20:26:04 | 000,000,300 | -H-- | M] () -- C:\WINDOWS\Tasks\PMTask.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010.10.16 11:56:58 | 000,000,000 | -H-D | M] -- C:\dvmexp
[2008.07.03 00:45:22 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen
[2008.07.03 01:34:44 | 000,000,000 | -H-D | M] -- C:\DRIVER
[2008.07.03 00:45:30 | 000,000,000 | RH-D | M] -- C:\Programme
[2008.07.03 02:32:20 | 000,000,000 | -H-D | M] -- C:\UPDATE
[2008.07.03 01:08:54 | 000,000,000 | -H-D | M] -- C:\WINDOWS
[2010.10.22 07:14:22 | 000,000,000 | -HSD | M] -- C:\FOUND.000
[2009.06.21 15:43:08 | 000,000,000 | -H-D | M] -- C:\Intel
[2011.03.22 12:22:54 | 000,000,000 | -HSD | M] -- C:\FOUND.004
[2010.11.25 16:41:14 | 000,000,000 | -HSD | M] -- C:\FOUND.002
[2011.04.11 13:08:24 | 000,000,000 | -HSD | M] -- C:\FOUND.003
[2011.01.18 20:38:02 | 000,000,000 | -HSD | M] -- C:\FOUND.001
[2011.09.06 23:00:00 | 000,000,000 | -HSD | M] -- C:\FOUND.006
[2011.09.13 06:50:04 | 000,000,000 | -HSD | M] -- C:\FOUND.007
[2010.07.05 11:09:32 | 000,000,000 | -H-D | M] -- C:\Lexmark
[2011.05.12 14:24:44 | 000,000,000 | -HSD | M] -- C:\FOUND.005
[2011.10.12 19:27:48 | 000,000,000 | -HSD | M] -- C:\FOUND.008
[2011.11.11 15:59:02 | 000,000,000 | -HSD | M] -- C:\FOUND.009
[2011.12.12 19:18:04 | 000,000,000 | -HSD | M] -- C:\FOUND.010
[2012.01.11 10:46:48 | 000,000,000 | -HSD | M] -- C:\FOUND.011
[2012.01.17 16:19:22 | 000,000,000 | -HSD | M] -- C:\FOUND.012
[2012.01.26 09:45:26 | 000,000,000 | -HSD | M] -- C:\FOUND.013
[2012.01.27 07:08:40 | 000,000,000 | -HSD | M] -- C:\FOUND.014
[2009.06.21 16:19:08 | 000,000,000 | -H-D | M] -- C:\QSTART.SYS
[2009.06.21 16:19:34 | 000,000,000 | -H-D | M] -- C:\QSTART.000
[2009.06.21 16:20:00 | 000,000,000 | -H-D | M] -- C:\temp
[2009.06.21 16:33:52 | 000,000,000 | -H-D | M] -- C:\Program Files
[2009.06.21 17:02:48 | 000,000,000 | -HSD | M] -- C:\Recycled
[2010.04.21 11:47:16 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.04.21 15:36:10 | 000,000,000 | -H-D | M] -- C:\DRIVERS
[2010.04.21 16:33:06 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2010.04.22 01:49:54 | 000,000,000 | -H-D | M] -- C:\PCmover
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
 
< MD5 for: AFD.SYS  >
[2011.08.17 15:49:54 | 000,138,496 | -H-- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\dllcache\afd.sys
[2011.08.17 15:49:54 | 000,138,496 | -H-- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\drivers\afd.sys
[2008.04.14 04:00:00 | 000,138,112 | -H-- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\$NtUninstallKB951748$\afd.sys
[2011.02.16 15:22:48 | 000,138,496 | -H-- | M] (Microsoft Corporation) MD5=355556D9E580915118CD7EF736653A89 -- C:\WINDOWS\$NtUninstallKB2592799$\afd.sys
[2008.10.16 17:07:58 | 000,138,496 | -H-- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys
[2008.08.14 12:34:26 | 000,138,496 | -H-- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
[2008.10.16 16:43:02 | 000,138,496 | -H-- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\$NtUninstallKB2503665$\afd.sys
[2008.08.14 12:04:36 | 000,138,496 | -H-- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$NtUninstallKB2509553$\afd.sys
[2011.02.16 15:25:06 | 000,138,496 | -H-- | M] (Microsoft Corporation) MD5=8D499B1276012EB907E7A9E0F4D8FDA4 -- C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys
[2008.06.20 13:48:04 | 000,138,496 | -H-- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
[2008.06.20 13:40:08 | 000,138,496 | -H-- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$NtUninstallKB956803$\afd.sys
[2011.08.17 15:41:46 | 000,138,496 | -H-- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys
 
< MD5 for: EXPLORER.EXE  >
[2008.04.14 04:00:00 | 001,036,800 | -H-- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 04:00:00 | 001,036,800 | -H-- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\system32\dllcache\explorer.exe
 
< MD5 for: IPSEC.SYS  >
[2008.04.14 04:00:00 | 000,075,264 | -H-- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\dllcache\ipsec.sys
[2008.04.14 04:00:00 | 000,075,264 | -H-- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\drivers\ipsec.sys
 
< MD5 for: REGEDIT.EXE  >
[2008.04.14 04:00:00 | 000,153,600 | -H-- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\regedit.exe
[2008.04.14 04:00:00 | 000,153,600 | -H-- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\system32\dllcache\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 04:00:00 | 000,026,624 | -H-- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 04:00:00 | 000,026,624 | -H-- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 04:00:00 | 000,513,024 | -H-- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 04:00:00 | 000,513,024 | -H-- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2011.11.23 15:40:14 | 001,859,712 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-01-12 11:52:28

< End of report >
         

EXTRAS

Code:
ATTFilter
OTL Extras logfile created on: 27.01.2012 21:37:14 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Dokumente und Einstellungen\Sarah\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,49 Gb Total Physical Memory | 0,73 Gb Available Physical Memory | 49,19% Memory free
2,83 Gb Paging File | 2,12 Gb Available in Paging File | 74,71% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 103,89 Gb Total Space | 81,11 Gb Free Space | 78,07% Space Free | Partition Type: FAT32
Drive D: | 30,38 Gb Total Space | 29,40 Gb Free Space | 96,77% Space Free | Partition Type: NTFS
 
Computer Name: IDEAPAD-S12 | User Name: Sarah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth
"C:\xampp\mysql\bin\mysqld.exe" = C:\xampp\mysql\bin\mysqld.exe:*:Enabled:The MySQL Server
"C:\xampp\apache\bin\httpd.exe" = C:\xampp\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server
"C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth
"C:\Dokumente und Einstellungen\Sarah\Desktop\AviConverterSetup.exe" = C:\Dokumente und Einstellungen\Sarah\Desktop\AviConverterSetup.exe:*:Enabled:InstallCore™
"C:\Dokumente und Einstellungen\Sarah\Eigene Dateien\Xampp\mysql\bin\mysqld.exe" = C:\Dokumente und Einstellungen\Sarah\Eigene Dateien\Xampp\mysql\bin\mysqld.exe:*:Enabled:mysqld
"C:\Dokumente und Einstellungen\Sarah\Eigene Dateien\Xampp\apache\bin\httpd.exe" = C:\Dokumente und Einstellungen\Sarah\Eigene Dateien\Xampp\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 26
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{357B11ED-5417-4CF3-8EB2-386299BC30E0}" = Lenovo Quick Start
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{49FC50FC-F965-40D9-89B4-CBFF80941031}" = Windows Movie Maker 2.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{717E0AD5-91EB-459F-AB8B-1B5219BAF7CE}" = Lenovo System Repair - Windows Update Monitor
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8991E763-21F5-4DEA-A938-5D9D77DCB488}" = Broadcom WLAN
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{909B62B0-8ACA-4061-A83B-09CAEF609619}" = MSXML 6.0 Parser
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Energie-Manager
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}" = Lenovo EasyCamera
"{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom Gigabit Integrated Controller
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"7-Zip" = 7-Zip 9.13 beta
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CCleaner" = CCleaner
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"Lexmark 1200 Series" = Lexmark 1200 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Ravensburger tiptoi" = Ravensburger tiptoi
"SmartToolsLockOutlookv2.00" = SmartTools Publishing • Outlook LockOutlook
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.9
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 24.01.2012 15:45:42 | Computer Name = IDEAPAD-S12 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
 Modul mshtml.dll, Version 8.0.6001.19170, Fehleradresse 0x00067978.
 
Error - 25.01.2012 03:13:34 | Computer Name = IDEAPAD-S12 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
 P2 3.0.8402.0, P3 timeout, P4 1.1.8001.0, P5 fixed, P6 2 _ 2048, P7 5 _ not boot,
 P8 NIL, P9 NIL, P10 NIL.
 
Error - 26.01.2012 17:52:30 | Computer Name = IDEAPAD-S12 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung sdupdate.exe, Version 1.6.0.12, fehlgeschlagenes
 Modul kernel32.dll, Version 5.1.2600.5781, Fehleradresse 0x00012afb.
 
Error - 26.01.2012 17:53:09 | Computer Name = IDEAPAD-S12 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung sdupdate.exe, Version 1.6.0.12, fehlgeschlagenes
 Modul kernel32.dll, Version 5.1.2600.5781, Fehleradresse 0x00012afb.
 
Error - 26.01.2012 17:53:42 | Computer Name = IDEAPAD-S12 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung sdupdate.exe, Version 1.6.0.12, fehlgeschlagenes
 Modul kernel32.dll, Version 5.1.2600.5781, Fehleradresse 0x00012afb.
 
Error - 26.01.2012 17:54:14 | Computer Name = IDEAPAD-S12 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung sdupdate.exe, Version 1.6.0.12, fehlgeschlagenes
 Modul kernel32.dll, Version 5.1.2600.5781, Fehleradresse 0x00012afb.
 
Error - 26.01.2012 19:31:00 | Computer Name = IDEAPAD-S12 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung SpybotSD.exe, Version 1.6.2.46, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 27.01.2012 11:04:07 | Computer Name = IDEAPAD-S12 | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 27.01.2012 11:04:07 | Computer Name = IDEAPAD-S12 | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 27.01.2012 16:36:54 | Computer Name = IDEAPAD-S12 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.31.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
[ OSession Events ]
Error - 28.12.2010 07:50:21 | Computer Name = IDEAPAD-S12 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2183
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 27.01.2012 16:20:38 | Computer Name = IDEAPAD-S12 | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
 
Error - 27.01.2012 16:21:19 | Computer Name = IDEAPAD-S12 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%3
 
Error - 27.01.2012 16:21:19 | Computer Name = IDEAPAD-S12 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
 beendet:   %%5
 
Error - 27.01.2012 16:23:37 | Computer Name = IDEAPAD-S12 | Source = DCOM | ID = 10010
Description = Der Server "{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 27.01.2012 16:34:56 | Computer Name = IDEAPAD-S12 | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
 
Error - 27.01.2012 16:34:56 | Computer Name = IDEAPAD-S12 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
 beendet:   %%5
 
Error - 27.01.2012 16:42:03 | Computer Name = IDEAPAD-S12 | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
 
Error - 27.01.2012 16:42:03 | Computer Name = IDEAPAD-S12 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
 beendet:   %%5
 
Error - 27.01.2012 16:53:47 | Computer Name = IDEAPAD-S12 | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
 
Error - 27.01.2012 16:53:48 | Computer Name = IDEAPAD-S12 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
 beendet:   %%5
 
 
< End of report >
         

GMER.log

Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-01-27 22:12:40
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD16 rev.11.0
Running: tjc3ltwv.exe; Driver: C:\DOKUME~1\Sarah\LOKALE~1\Temp\uwrdrpow.sys


---- Kernel code sections - GMER 1.0.15 ----

.vmp2           C:\WINDOWS\system32\drivers\acedrv11.sys                            entry point in ".vmp2" section [0xA6EA769D]

---- User code sections - GMER 1.0.15 ----

.text           C:\WINDOWS\system32\SearchIndexer.exe[2992] kernel32.dll!WriteFile  7C810E27 7 Bytes  JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                              tvtumon.sys (Windows Update Monitor Driver/Lenovo)
AttachedDevice  \FileSystem\Fastfat \Fat                                            fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice  \FileSystem\Fastfat \Fat                                            tvtumon.sys (Windows Update Monitor Driver/Lenovo)

---- EOF - GMER 1.0.15 ----
         

CCleaner intall.txt

Code:
ATTFilter
7-Zip 9.13 beta		
Adobe Flash Player 10 Plugin	Adobe Systems Incorporated	10.0.45.2
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	11.0.1.152
Adobe Reader 9.5.0 - Deutsch	Adobe Systems Incorporated	9.5.0
ALPS Touch Pad Driver		
Bonjour	Apple Inc.	2.0.4.0
Broadcom Gigabit Integrated Controller	Broadcom Corporation	10.52.04
Broadcom WLAN	Lenovo Electronics Inc.	5.10.38.14 Round2
CCleaner	Piriform	2.30
Energy Management	Lenovo	3.0.2.5
ESET Online Scanner v3		
HiJackThis	Trend Micro	1.0.0
Intel(R) Graphics Media Accelerator Driver		
Intel(R) Matrix Storage Manager	Intel Corporation	
Java(TM) 6 Update 26	Oracle	6.0.260
Lenovo Bluetooth with Enhanced Data Rate Software	Lenovo.	5.5.0.6100
Lenovo Care System Update	Lenovo	3.14.0024
Lenovo EasyCamera	Vimicro Corporation	1.9.0217.01
Lenovo OneKey Recovery	CyberLink Corp.	6.0.2215
Lenovo Quick Start	DeviceVM, Inc.	1.1.8.7
Lenovo System Repair - Windows Update Monitor	Lenovo	1.3.0.2127
Lexmark 1200 Series		
Malwarebytes Anti-Malware Version 1.60.0.1800	Malwarebytes Corporation	1.60.0.1800
Microsoft .NET Framework 2.0 Service Pack 2	Microsoft Corporation	2.2.30729
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU	Microsoft Corporation	2.2.30729
Microsoft .NET Framework 3.0 Service Pack 2	Microsoft Corporation	3.2.30729
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU	Microsoft Corporation	3.2.30729
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU	Microsoft Corporation	
Microsoft .NET Framework 3.5 SP1	Microsoft Corporation	
Microsoft Compression Client Pack 1.0 for Windows XP	Microsoft Corporation	1
Microsoft Office Enterprise 2007	Microsoft Corporation	12.0.6425.1000
Microsoft Office File Validation Add-In	Microsoft Corporation	14.0.5130.5003
Microsoft Office Small Business Connectivity Components	Microsoft Corporation	2.0.7024.0
Microsoft Security Essentials	Microsoft Corporation	2.1.1116.0
Microsoft Silverlight	Microsoft Corporation	4.0.60831.0
Microsoft SQL Server 2005	Microsoft Corporation	
Microsoft SQL Server Native Client	Microsoft Corporation	9.00.5000.00
Microsoft SQL Server VSS Writer	Microsoft Corporation	9.00.5000.00
Microsoft User-Mode Driver Framework Feature Pack 1.0	Microsoft Corporation	
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	8.0.61001
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148	Microsoft Corporation	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570	Microsoft Corporation	9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729	Microsoft Corporation	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	9.0.30729.6161
Microsoft-Basissmartcard-Kryptografiedienstanbieterpaket	Microsoft Corporation	
MSXML 6.0 Parser	Microsoft Corporation	6.10.1129.0
Protect Disc License Helper 1.0.125 (IE)	Protect Disc	1.0.125
ProtectDisc Driver, Version 11	ProtectDisc Software GmbH	11.0.0.14
QuickTime	Apple Inc.	7.69.80.9
Ravensburger tiptoi		
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	5.10.0.5817
Security Update for Windows Search 4 - KB963093	Microsoft Corporation	
SmartTools Publishing • Outlook LockOutlook	SmartTools Publishing	v2.00
Spelling Dictionaries Support For Adobe Reader 9	Adobe Systems Incorporated	9.0.0
Spybot - Search & Destroy	Safer Networking Limited	1.6.2
ThinkPad Energie-Manager		1.80
Uninstall 1.0.0.1		
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)	Microsoft Corporation	9.00.5000.00
USB2.0 Card Reader Software	Realtek Semiconductor Corp.	6.0.6000.81
VLC media player 1.1.9	VideoLAN	1.1.9
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray	Microsoft Corporation	1.0
Windows Genuine Advantage Validation Tool (KB892130)	Microsoft Corporation	
Windows Internet Explorer 8	Microsoft Corporation	20090308.140743
Windows Media Format 11 runtime		
Windows Media Player 11		
Windows Search 4.0	Microsoft Corporation	04.00.6001.503
         

Geändert von unwissende00 (27.01.2012 um 22:39 Uhr)

Alt 29.01.2012, 18:14   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Kryptik und andere UNDINGER auf meinem nun leeren Rechner... - Standard

Kryptik und andere UNDINGER auf meinem nun leeren Rechner...



Zitat:
Keine Aktion durchgeführt.
-> No action taken.
Die Funde müssen mit Malwarebytes entfernt waren! Bitte nachholen falls noch nicht getan!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 29.01.2012, 21:07   #8
unwissende00
 
Kryptik und andere UNDINGER auf meinem nun leeren Rechner... - Standard

Kryptik und andere UNDINGER auf meinem nun leeren Rechner...



Ja die hatte ichim nachhinein gelöscht.

Also jetzt ist wohl nichts mehr drauf... Allerdings sind alle meine dateien/ordner eigentlich alles immer noch versteckte ordner.Nur weil ich sie sichtbar gemacht habe,sind sie da.

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.28.03

Windows XP Service Pack 3 x86 FAT32
Internet Explorer 8.0.6001.18702
Sarah :: IDEAPAD-S12 [Administrator]

Schutz: Aktiviert

29.01.2012 19:46:17
mbam-log-2012-01-29 (19-46-17).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 206913
Laufzeit: 1 Stunde(n), 2 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Auch mein Start menü hat sich gefüllt... allerdings ist das,was auf dem bild drauf ist, alles was da ist... Keine Programme kein Nichts....

Wie bekomme ich das wieder hin??

Angehängte Grafiken
Dateityp: jpg Unbenannt.jpg (116,7 KB, 155x aufgerufen)

Alt 30.01.2012, 10:15   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Kryptik und andere UNDINGER auf meinem nun leeren Rechner... - Standard

Kryptik und andere UNDINGER auf meinem nun leeren Rechner...



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 30.01.2012, 19:45   #10
unwissende00
 
Kryptik und andere UNDINGER auf meinem nun leeren Rechner... - Standard

Kryptik und andere UNDINGER auf meinem nun leeren Rechner...



So hier die otl.txt datei

[CODE]zzzzzzzzrhthgawsgtetvfwbgdmthfggfcxcfhtfthwerfdysdg4rdfaaaaaaaaassssssssssddddddOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 30.01.2012 19:08:42 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Dokumente und Einstellungen\Sarah\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,49 Gb Total Physical Memory | 0,78 Gb Available Physical Memory | 52,55% Memory free
2,83 Gb Paging File | 2,19 Gb Available in Paging File | 77,52% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 103,89 Gb Total Space | 81,08 Gb Free Space | 78,04% Space Free | Partition Type: FAT32
Drive D: | 30,38 Gb Total Space | 29,40 Gb Free Space | 96,77% Space Free | Partition Type: NTFS
 
Computer Name: IDEAPAD-S12 | User Name: Sarah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.27 21:28:10 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sarah\Desktop\OTL.exe
PRC - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.12.24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.04.27 15:39:26 | 000,011,736 | -H-- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011.04.08 12:59:52 | 000,254,696 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2010.05.30 21:53:18 | 000,187,456 | -H-- | M] (DATA BECKER GmbH & Co KG) -- C:\Programme\Gemeinsame Dateien\DATA BECKER Shared\DBService.exe
PRC - [2010.03.03 01:20:00 | 000,132,456 | -H-- | M] (Lenovo.) -- C:\Programme\ThinkPad\Utilities\DOZESVC.EXE
PRC - [2010.03.03 01:20:00 | 000,053,248 | -H-- | M] () -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2009.06.12 10:55:48 | 000,028,672 | -H-- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\System Update\SUService.exe
PRC - [2009.03.26 10:20:40 | 000,315,392 | -H-- | M] (DeviceVM) -- C:\QSTART.SYS\config\DVMExportService.exe
PRC - [2009.02.11 04:13:52 | 000,532,480 | -H-- | M] (Vimicro) -- C:\Programme\USB Camera\VM331_STI.EXE
PRC - [2009.01.16 17:56:42 | 000,346,720 | -H-- | M] (Broadcom Corporation.) -- C:\Programme\Lenovo\Bluetooth Software\bin\btwdins.exe
PRC - [2009.01.04 12:57:28 | 004,462,464 | -H-- | M] (Lenovo(Beijing)Limited) -- C:\Program Files\Lenovo\Energy Management\utility.exe
PRC - [2008.12.26 10:05:46 | 001,277,952 | -H-- | M] (Lenovo (Beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\Energy Management.exe
PRC - [2008.09.27 11:00:24 | 000,430,080 | -H-- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
PRC - [2008.07.20 17:45:06 | 000,354,840 | -H-- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008.07.20 17:45:06 | 000,182,808 | -H-- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008.04.14 04:00:00 | 001,036,800 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.03.04 10:34:20 | 000,487,424 | -H-- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
PRC - [2008.03.04 10:34:12 | 001,122,304 | -H-- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
PRC - [2007.09.26 17:34:46 | 000,644,408 | -H-- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2006.07.13 13:33:14 | 000,053,248 | -H-- | M] (Lexmark International, Inc.) -- C:\Programme\Lexmark 1200 Series\lxczbmon.exe
PRC - [2006.07.13 13:26:10 | 000,057,344 | -H-- | M] (Lexmark International, Inc.) -- C:\Programme\Lexmark 1200 Series\lxczbmgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.10.14 17:33:20 | 000,212,992 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2011.10.14 17:28:48 | 005,450,752 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011.10.14 17:28:16 | 007,950,848 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011.10.14 17:27:36 | 011,490,816 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2010.04.21 17:48:30 | 000,315,392 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.04.21 17:48:24 | 000,040,960 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll
MOD - [2010.03.03 01:20:00 | 000,053,248 | -H-- | M] () -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe
MOD - [2010.03.03 01:20:00 | 000,043,008 | -H-- | M] () -- C:\Programme\ThinkPad\Utilities\GR\PWRMGRRT.DLL
MOD - [2009.02.27 16:41:26 | 000,311,296 | -H-- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU
MOD - [2008.05.21 17:33:22 | 000,045,056 | -H-- | M] () -- C:\Program Files\Lenovo\Energy Management\KbdHook.dll
MOD - [2008.01.03 19:23:06 | 000,167,936 | -H-- | M] () -- C:\Program Files\Lenovo\OneKey App\System Repair\LenovoAPI.dll
MOD - [2007.08.21 13:32:44 | 000,098,304 | -H-- | M] () -- C:\WINDOWS\system32\redmonnt.dll
MOD - [2006.01.19 12:33:38 | 000,078,336 | -H-- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LXCZPP5C.DLL
MOD - [2005.06.24 03:05:02 | 000,045,056 | -H-- | M] () -- C:\Program Files\Lenovo\Energy Management\HookLib.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] --  -- (HidServ)
SRV - File not found [On_Demand | Stopped] --  -- (gupdatem) Google Update-Dienst (gupdatem)
SRV - File not found [Auto | Stopped] --  -- (gupdate) Google Update Service (gupdate)
SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)
SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.04.27 15:39:26 | 000,011,736 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010.05.30 21:53:18 | 000,187,456 | -H-- | M] (DATA BECKER GmbH & Co KG) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\DATA BECKER Shared\DBService.exe -- (DBService)
SRV - [2010.03.03 01:20:00 | 000,132,456 | -H-- | M] (Lenovo.) [Auto | Running] -- C:\Programme\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc)
SRV - [2010.03.03 01:20:00 | 000,053,248 | -H-- | M] () [Auto | Running] -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2009.06.12 10:55:48 | 000,028,672 | -H-- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2009.03.26 10:20:40 | 000,315,392 | -H-- | M] (DeviceVM) [Auto | Running] -- C:\QSTART.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2009.01.16 17:56:42 | 000,346,720 | -H-- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\Lenovo\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2008.11.04 01:06:28 | 000,441,712 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008.09.27 11:00:24 | 000,430,080 | -H-- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe -- (System_Repair_UpdateMonitor)
SRV - [2008.07.20 17:45:06 | 000,354,840 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008.03.04 10:34:12 | 001,122,304 | -H-- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2007.09.26 17:34:46 | 000,644,408 | -H-- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2006.10.26 14:03:08 | 000,145,184 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010.03.03 01:20:00 | 000,024,304 | -H-- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\DozeHDD.sys -- (DozeHDD)
DRV - [2010.03.03 01:20:00 | 000,004,442 | -H-- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2010.02.24 12:22:10 | 000,185,472 | -H-- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2009.05.08 03:06:10 | 000,203,312 | -H-- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009.03.02 08:57:22 | 000,995,328 | -H-- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vm331avs.sys -- (vm331avs)
DRV - [2009.02.03 07:42:32 | 000,162,816 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009.01.07 23:19:00 | 000,991,784 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008.10.30 21:19:16 | 000,047,272 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008.09.10 19:14:48 | 001,386,624 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008.08.28 18:39:08 | 000,048,192 | -H-- | M] (Lenovo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tvtumon.sys -- (tvtumon)
DRV - [2008.07.24 10:37:12 | 000,156,816 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2008.05.30 04:46:14 | 000,534,568 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008.04.02 08:00:02 | 005,056,000 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.04.02 08:00:02 | 001,684,736 | -H-- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008.04.02 08:00:02 | 001,389,056 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2008.02.04 09:57:46 | 000,037,160 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2008.01.11 14:58:42 | 000,009,472 | -H-- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2008.01.10 10:59:08 | 000,081,192 | -H-- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WSVD.sys -- (WSVD)
DRV - [2007.09.17 13:00:12 | 000,161,792 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007.05.23 16:33:58 | 000,128,104 | -H-- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007.02.19 07:56:46 | 000,021,376 | -H-- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =  127.0.0.1;*.local
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Programme\Google\Update\1.2.183.29\npGoogleOneClick8.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
 
 
 
O1 HOSTS File: ([2012.01.26 23:55:34 | 000,392,788 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 13564 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
O4 - HKLM..\Run: [331BigDog] C:\Programme\USB Camera\VM331_STI.EXE (Vimicro)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Lexmark 1200 Series] C:\Programme\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil11c_ActiveX.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_93C8148BBB233F43.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Mit FRITZ!Box Anrufen - Reg Error: Value error. File not found
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: LENOVO - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - hxxp://www.lenovo.com File not found
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1271851683671 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{84753FCB-80EF-4817-88AB-33A577F161E8}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Sarah\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Sarah\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.07.03 00:42:14 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{833f6520-48ea-11dd-a2d1-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{833f6520-48ea-11dd-a2d1-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{833f6520-48ea-11dd-a2d1-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{8af4ed36-47d3-11e0-9aab-002100edc2b5}\Shell - "" = AutoRun
O33 - MountPoints2\{8af4ed36-47d3-11e0-9aab-002100edc2b5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8af4ed36-47d3-11e0-9aab-002100edc2b5}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt -  File not found
NetSvcs: HidServ -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0
 
SafeBootMin: AppMgmt -  File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MsMpSvc - c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: AppMgmt -  File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: MsMpSvc - c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - 
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.0
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package - 
 
Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.27 22:35:18 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Sarah\Recent
[2012.01.27 21:28:00 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sarah\Desktop\OTL.exe
[2012.01.27 16:04:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Malwarebytes
[2012.01.27 16:03:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.01.27 16:03:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.01.27 16:03:42 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.01.27 16:03:42 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.01.27 15:42:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sarah\Desktop\hijack
[2012.01.27 15:41:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sarah\Startmenü\Programme\HiJackThis
[2012.01.27 15:41:10 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2012.01.27 07:08:40 | 000,000,000 | -HSD | C] -- C:\FOUND.014
[2012.01.26 21:45:53 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.01.26 09:45:26 | 000,000,000 | -HSD | C] -- C:\FOUND.013
[2012.01.24 21:24:47 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Sarah\.thumbnails
[2012.01.17 16:19:22 | 000,000,000 | -HSD | C] -- C:\FOUND.012
[2012.01.15 21:33:49 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Sarah\Desktop\HOCHZEIT
[2012.01.11 10:46:48 | 000,000,000 | -HSD | C] -- C:\FOUND.011
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.30 19:30:30 | 000,000,382 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012.01.30 19:29:02 | 000,001,088 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.30 19:08:24 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2012.01.29 21:06:38 | 000,146,589 | ---- | M] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\Unbenannt.PNG
[2012.01.29 20:58:34 | 000,077,634 | ---- | M] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\das ist alles.pdf
[2012.01.28 12:48:40 | 000,000,056 | -HS- | M] () -- C:\_PartitionInfo
[2012.01.28 12:48:08 | 000,001,084 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.28 12:47:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.01.27 21:36:22 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\tjc3ltwv.exe
[2012.01.27 21:34:54 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.01.27 21:28:10 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sarah\Desktop\OTL.exe
[2012.01.27 21:27:38 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Sarah\defogger_reenable
[2012.01.27 21:26:12 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\Defogger.exe
[2012.01.27 16:03:58 | 000,000,660 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.26 22:07:30 | 000,001,434 | ---- | M] () -- C:\WINDOWS\System32\drivers\slkjsdth.dat
[2012.01.26 09:46:08 | 003,610,120 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.01.22 11:45:22 | 000,036,877 | -H-- | M] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\Bild 049.jpg
[2012.01.08 08:01:22 | 000,535,426 | -H-- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.01.08 08:01:22 | 000,483,380 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.01.08 08:01:22 | 000,115,726 | -H-- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.01.08 08:01:22 | 000,087,090 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.01.29 21:06:36 | 000,146,589 | ---- | C] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\Unbenannt.PNG
[2012.01.29 20:58:31 | 000,077,634 | ---- | C] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\das ist alles.pdf
[2012.01.27 21:36:06 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\tjc3ltwv.exe
[2012.01.27 21:27:36 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Sarah\defogger_reenable
[2012.01.27 21:26:16 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\Defogger.exe
[2012.01.27 16:03:56 | 000,000,660 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.27 00:57:30 | 000,000,177 | -H-- | C] () -- C:\dvmexp.idx
[2012.01.26 22:07:28 | 000,001,434 | ---- | C] () -- C:\WINDOWS\System32\drivers\slkjsdth.dat
[2012.01.22 11:45:20 | 000,036,877 | -H-- | C] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\Bild 049.jpg
[2011.04.11 21:17:31 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011.03.06 15:14:49 | 000,027,648 | -H-- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010.11.27 17:20:12 | 000,098,304 | -H-- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2010.08.15 16:50:41 | 000,014,336 | -H-- | C] () -- C:\Dokumente und Einstellungen\Sarah\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.05 11:15:29 | 000,000,076 | -H-- | C] () -- C:\WINDOWS\dellstat.ini
[2010.07.05 11:13:51 | 000,000,393 | -H-- | C] () -- C:\WINDOWS\lexstat.ini
[2010.07.05 11:12:07 | 000,155,648 | -H-- | C] () -- C:\WINDOWS\System32\LEXPING.EXE
[2010.07.05 11:12:07 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\lxczvs.dll
[2010.07.05 11:12:07 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\INSTMON.EXE
[2010.07.05 11:10:46 | 000,000,270 | -H-- | C] () -- C:\WINDOWS\System32\lxczcoin.ini
[2010.06.09 14:53:24 | 001,126,560 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2010.04.23 04:31:02 | 000,065,308 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010.04.21 15:36:44 | 000,196,608 | -H-- | C] () -- C:\WINDOWS\PWMBTHLP.EXE
[2010.04.21 15:36:43 | 000,004,442 | -H-- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2010.04.21 13:13:32 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2009.06.21 21:52:10 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2009.06.21 17:03:16 | 000,036,864 | -H-- | C] () -- C:\WINDOWS\setbt.exe
[2009.06.21 16:20:14 | 009,338,880 | -H-- | C] () -- C:\WINDOWS\System32\Facev.dll
[2009.06.21 16:20:14 | 000,495,616 | -H-- | C] () -- C:\WINDOWS\System32\picn.dll
[2009.06.21 16:20:14 | 000,208,896 | -H-- | C] () -- C:\WINDOWS\System32\image.dll
[2009.06.21 16:20:13 | 001,564,672 | -H-- | C] () -- C:\WINDOWS\System32\MainOp.dll
[2009.06.21 16:20:13 | 000,655,360 | -H-- | C] () -- C:\WINDOWS\System32\EncIcons.dll
[2009.06.21 16:20:13 | 000,507,904 | -H-- | C] () -- C:\WINDOWS\System32\SimpleExt.dll
[2009.06.21 16:20:13 | 000,241,752 | -H-- | C] () -- C:\WINDOWS\System32\IcnOvrly.dll
[2009.06.21 16:20:13 | 000,221,184 | -H-- | C] () -- C:\WINDOWS\System32\SetDev.dll
[2009.06.21 16:20:13 | 000,126,976 | -H-- | C] () -- C:\WINDOWS\System32\VideoOp.dll
[2009.06.21 16:20:13 | 000,053,248 | -H-- | C] () -- C:\WINDOWS\System32\FunFrm.dll
[2009.06.21 16:20:12 | 009,502,720 | -H-- | C] () -- C:\WINDOWS\System32\FaceVerify.dll
[2009.06.21 16:20:12 | 001,974,272 | -H-- | C] () -- C:\WINDOWS\System32\Imagereog.dll
[2009.06.21 16:20:12 | 001,167,360 | -H-- | C] () -- C:\WINDOWS\System32\PicNotify.dll
[2009.06.21 16:20:12 | 000,974,848 | -H-- | C] () -- C:\WINDOWS\System32\Apblend.dll
[2009.06.21 16:20:12 | 000,094,208 | -H-- | C] () -- C:\WINDOWS\System32\Momo.dll
[2009.06.21 16:20:12 | 000,049,152 | -H-- | C] () -- C:\WINDOWS\System32\DevFilt.dll
[2009.06.21 16:20:10 | 000,241,664 | -H-- | C] () -- C:\WINDOWS\System32\3DImageRenderer.dll
[2009.06.21 15:57:32 | 000,001,282 | -H-- | C] () -- C:\WINDOWS\vm331Rmv.ini
[2009.06.21 15:46:32 | 000,147,456 | -H-- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009.01.16 17:55:38 | 002,854,976 | -H-- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008.11.07 18:08:20 | 000,362,029 | -H-- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2008.07.21 18:30:37 | 000,001,650 | -H-- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008.07.03 01:34:14 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008.07.03 01:33:08 | 003,610,120 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008.07.03 00:44:15 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008.07.03 00:39:50 | 000,021,740 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008.05.26 22:23:36 | 000,016,834 | -H-- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008.05.26 22:23:34 | 000,024,188 | -H-- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008.05.26 22:23:32 | 000,016,568 | -H-- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008.05.26 21:59:42 | 000,018,904 | -H-- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008.05.26 21:59:40 | 000,106,605 | -H-- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008.04.14 04:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008.04.14 04:00:00 | 000,535,426 | -H-- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2008.04.14 04:00:00 | 000,483,380 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008.04.14 04:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008.04.14 04:00:00 | 000,269,480 | -H-- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2008.04.14 04:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008.04.14 04:00:00 | 000,115,726 | -H-- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2008.04.14 04:00:00 | 000,087,090 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008.04.14 04:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2008.04.14 04:00:00 | 000,034,478 | -H-- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2008.04.14 04:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008.04.14 04:00:00 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008.04.14 04:00:00 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008.04.14 04:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2001.11.14 12:56:00 | 001,802,240 | -H-- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001.10.09 23:36:22 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.10.09 23:35:30 | 000,004,492 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
 
========== LOP Check ==========
 
[2010.04.21 15:29:54 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCDr
[2010.04.22 00:32:52 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Azureus
[2010.04.22 01:09:50 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Laplink
[2010.04.22 01:10:10 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spearit
[2010.04.23 10:46:18 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2010.04.29 09:30:22 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.05.30 21:53:16 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DATA BECKER Downloads
[2010.06.12 13:30:14 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010.06.12 13:30:22 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2010.08.27 12:07:56 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MySQL
[2011.01.19 21:07:16 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular
[2011.12.24 08:17:10 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RavensburgerTipToi
[2010.04.21 14:48:02 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Windows Desktop Search
[2010.04.21 15:01:48 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Windows Search
[2010.04.22 01:10:10 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Spearit
[2010.05.30 21:52:40 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\ProtectDisc
[2010.05.31 07:56:12 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\mresreg
[2010.06.01 21:41:38 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\VSO
[2010.06.10 13:50:04 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\SmartTools
[2010.06.12 13:30:48 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\TuneUp Software
[2010.08.21 08:25:08 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\OCS
[2011.12.24 08:17:10 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\RavensburgerTipToi
[2012.01.30 19:30:30 | 000,000,382 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job
[2011.08.05 20:26:04 | 000,000,300 | -H-- | M] () -- C:\WINDOWS\Tasks\PMTask.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2008.07.03 00:45:32 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Identities
[2009.06.21 15:43:06 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\InstallShield
[2008.07.03 00:52:08 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Microsoft
[2010.04.21 12:21:04 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Adobe
[2010.04.21 14:48:02 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Windows Desktop Search
[2010.04.21 15:01:48 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Windows Search
[2010.04.21 15:25:00 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Macromedia
[2010.04.22 01:10:10 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Spearit
[2010.04.23 06:15:38 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Help
[2010.05.30 21:52:40 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\ProtectDisc
[2010.05.31 07:56:12 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\mresreg
[2010.06.01 21:41:38 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\VSO
[2010.06.10 13:50:04 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\SmartTools
[2010.06.12 13:30:48 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\TuneUp Software
[2010.08.21 08:25:08 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\OCS
[2010.09.08 22:24:36 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Sun
[2011.05.02 18:55:04 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\vlc
[2011.12.24 08:17:10 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\RavensburgerTipToi
[2012.01.27 16:04:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Malwarebytes
 
< %APPDATA%\*.exe /s >
[2012.01.27 15:41:16 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
[2010.08.21 08:25:08 | 000,106,496 | -H-- | M] (OCS) -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\OCS\SM\SearchAnonymizer.exe
[2010.08.21 08:25:08 | 000,040,960 | -H-- | M] () -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\OCS\SM\SearchAnonymizerHelper.exe
[2009.07.22 17:28:36 | 000,477,976 | -H-- | M] (Protect GmbH) -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\ProtectDisc\License Helper v2\PDLicenseHelperBroker.exe
[2010.05.30 21:52:44 | 000,059,043 | -H-- | M] () -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\ProtectDisc\License Helper v2\uninst.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.04.14 04:00:00 | 020,108,202 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.13 14:06:40 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008.04.13 14:06:40 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\AGP440.SYS
 
< MD5 for: ATAPI.SYS  >
[2008.04.14 04:00:00 | 020,108,202 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008.04.13 14:10:32 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 04:00:00 | 000,056,320 | -H-- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 04:00:00 | 000,056,320 | -H-- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
 
< MD5 for: IASTOR.SYS  >
[2008.07.20 17:44:44 | 000,324,120 | -H-- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\Programme\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2008.07.20 17:44:44 | 000,324,120 | -H-- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\WINDOWS\system32\drivers\iaStor.sys
[2008.07.20 17:44:44 | 000,324,120 | -H-- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\WINDOWS\system32\DRVSTORE\iaAHCI_80FADF59B996DEF517513B0713A4AB06CE0D38E2\iaStor.sys
[2008.07.20 17:44:54 | 000,402,456 | -H-- | M] (Intel Corporation) MD5=FC28E90F2204D8FD147FA9BFA8A51C01 -- C:\Programme\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 04:00:00 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 04:00:00 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 04:00:00 | 000,187,904 | -H-- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 04:00:00 | 000,187,904 | -H-- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.04.14 04:00:00 | 000,580,096 | -H-- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\dllcache\user32.dll
[2008.04.14 04:00:00 | 000,580,096 | -H-- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 04:00:00 | 000,026,624 | -H-- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 04:00:00 | 000,026,624 | -H-- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 04:00:00 | 000,513,024 | -H-- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 04:00:00 | 000,513,024 | -H-- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.04.14 04:00:00 | 000,012,032 | -H-- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2008.04.14 04:00:00 | 000,012,032 | -H-- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[1 C:\WINDOWS\system32\drivers\*.tmp files -> C:\WINDOWS\system32\drivers\*.tmp -> ]
 
< %systemroot%\System32\config\*.sav >
[2008.07.03 02:32:28 | 000,094,208 | -H-- | M] () -- C:\WINDOWS\System32\config\default.sav
[2008.07.03 02:32:28 | 001,069,056 | -H-- | M] () -- C:\WINDOWS\System32\config\software.sav
[2008.07.03 02:32:26 | 000,471,040 | -H-- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< End of report >
         
--- --- ---



UND? wie siehts aus???


OH MEIN GOTT:

- Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com

Wo kommen die denn her???????????????????????????? DA werde ich mit meinemMAnn aber ein Wort reden.........

Geändert von unwissende00 (30.01.2012 um 19:50 Uhr)

Alt 30.01.2012, 22:05   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Kryptik und andere UNDINGER auf meinem nun leeren Rechner... - Standard

Kryptik und andere UNDINGER auf meinem nun leeren Rechner...



Zitat:
DA werde ich mit meinemMAnn aber ein Wort reden.........
Nee, du ziehst da falsche Schlüsse weil du nicht weiß was die Hosts Datei für eine Aufgabe hat
Mit deinem Mann brauchst du nicht zu reden, die Einträge sorgen eben dafür dass o.g. Seiten NICHTMEHR aufrufbar sind!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 31.01.2012, 08:48   #12
unwissende00
 
Kryptik und andere UNDINGER auf meinem nun leeren Rechner... - Standard

Kryptik und andere UNDINGER auf meinem nun leeren Rechner...



aha... ;-) IS klar... naja soll mir erstmal egal sein.

Ist der Rechner jetzt sauber??? Bzw. wieso sind alle Dateien immer noch "versteckt"???

Alt 31.01.2012, 09:19   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Kryptik und andere UNDINGER auf meinem nun leeren Rechner... - Standard

Kryptik und andere UNDINGER auf meinem nun leeren Rechner...



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =  127.0.0.1;*.local
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_93C8148BBB233F43.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Mit FRITZ!Box Anrufen - Reg Error: Value error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.07.03 00:42:14 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{833f6520-48ea-11dd-a2d1-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{833f6520-48ea-11dd-a2d1-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{833f6520-48ea-11dd-a2d1-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{8af4ed36-47d3-11e0-9aab-002100edc2b5}\Shell - "" = AutoRun
O33 - MountPoints2\{8af4ed36-47d3-11e0-9aab-002100edc2b5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8af4ed36-47d3-11e0-9aab-002100edc2b5}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
[2012.01.30 19:30:30 | 000,000,382 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job
[2011.08.05 20:26:04 | 000,000,300 | -H-- | M] () -- C:\WINDOWS\Tasks\PMTask.job
:Files
C:\FOUND.???
C:\dvmexp.idx
C:\WINDOWS\System32\drivers\slkjsdth.dat
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 31.01.2012, 22:13   #14
unwissende00
 
Kryptik und andere UNDINGER auf meinem nun leeren Rechner... - Standard

Kryptik und andere UNDINGER auf meinem nun leeren Rechner...



Ich habe es jetzt 2 Mal probiert. Erst passiert gar nichts groß und dann hängt sich das Programm auf. (KEINE RÜCKMELDUNG)

Was nun??

Alt 31.01.2012, 22:27   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Kryptik und andere UNDINGER auf meinem nun leeren Rechner... - Standard

Kryptik und andere UNDINGER auf meinem nun leeren Rechner...



Probier es im abgesicherten Modus bitte aus
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Kryptik und andere UNDINGER auf meinem nun leeren Rechner...
adobe, becker, bho, bildschirm, bonjour, browser, dll, einstellungen, explorer, hijackthis, hkus\s-1-5-18, internet, internet explorer, kryptik, lenovo, logfile, löschen, microsoft security, microsoft security essentials, object, performance, plug-in, programme, registry, rundll, security, senden, server, system, usb, windows, windows xp




Ähnliche Themen: Kryptik und andere UNDINGER auf meinem nun leeren Rechner...


  1. AOL Mail: Spam-Mails in meinem Namen (andere Mailadresse) an komplettes Adressbuch
    Log-Analyse und Auswertung - 11.04.2015 (19)
  2. OptimizerPro und andere Schadsoftware auf meinem PC
    Log-Analyse und Auswertung - 28.11.2014 (3)
  3. Win 8: Sweet-Page und andere Malware auf meinem Rechner
    Log-Analyse und Auswertung - 26.09.2014 (9)
  4. qvo6 und andere Plaggeister auf meinem Laptop
    Plagegeister aller Art und deren Bekämpfung - 21.08.2013 (19)
  5. QV 06 und Spyhunter 4 auf meinem Rechner...
    Log-Analyse und Auswertung - 06.07.2013 (9)
  6. JS/Kryptik.LX Trojaner auf meinem webspace
    Plagegeister aller Art und deren Bekämpfung - 14.04.2012 (5)
  7. TR/Crypt.ULPM.Gen und andere diverse viren auf meinem pc was soll ich tun?
    Plagegeister aller Art und deren Bekämpfung - 11.04.2012 (1)
  8. TR/Spy.Banker.Gen2 und andere Malware auf meinem laptop gefunden
    Log-Analyse und Auswertung - 02.04.2012 (3)
  9. Trojaner, Virus, Malware Rechner zeigt keine Daten mehr, leeren Desktop
    Plagegeister aller Art und deren Bekämpfung - 26.01.2012 (4)
  10. Trojaner, Virus, Malware Rechner zeigt keine Daten mehr, leeren Desktop
    Alles rund um Windows - 25.01.2012 (1)
  11. rechner gekapert: mediashift.com + sirefef.ch + rootkit.kryptik.gx
    Plagegeister aller Art und deren Bekämpfung - 18.01.2012 (45)
  12. TR/ATRAPS.Gen2, TR/Kryptik.FYC, TR/Kazy.47207.1 und andere Trojaner gefunden.
    Log-Analyse und Auswertung - 09.12.2011 (5)
  13. XP REchner: kann nicht erkennen, ob ich immer noch Trojaner auf meinem Rechner habe
    Plagegeister aller Art und deren Bekämpfung - 13.09.2011 (43)
  14. Searchqu.com/410 auf meinem Rechner
    Plagegeister aller Art und deren Bekämpfung - 19.08.2011 (1)
  15. Ein Rechner im Netzwerk hat langsame Internetverbindung, andere Rechner sind okay
    Alles rund um Windows - 18.02.2011 (4)
  16. Was hab ich auf meinem Rechner?
    Plagegeister aller Art und deren Bekämpfung - 15.10.2008 (2)
  17. Was ist nur los mit meinem Rechner???
    Log-Analyse und Auswertung - 16.01.2005 (3)

Zum Thema Kryptik und andere UNDINGER auf meinem nun leeren Rechner... - Halli Hallo liebes Forum, nachdem eine wohl nette Trojaner-Software getarnt als ANTI-VIRUS Software meinemComputerwohl den Rest gegeben hat, wende ich mich hilfesuchend an euch. C ist leer... Zumindestens offensichtlich, alle - Kryptik und andere UNDINGER auf meinem nun leeren Rechner......
Archiv
Du betrachtest: Kryptik und andere UNDINGER auf meinem nun leeren Rechner... auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.