|
Plagegeister aller Art und deren Bekämpfung: Kryptik und andere UNDINGER auf meinem nun leeren Rechner...Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
27.01.2012, 15:57 | #1 |
| Kryptik und andere UNDINGER auf meinem nun leeren Rechner... Halli Hallo liebes Forum, nachdem eine wohl nette Trojaner-Software getarnt als ANTI-VIRUS Software meinemComputerwohl den Rest gegeben hat, wende ich mich hilfesuchend an euch. C ist leer... Zumindestens offensichtlich, alle Dateien sind versteckt, Start ist leer, Bildschirm ist blau (nachdem er mal schwarz war) imHintergrund... ICh denke, da läuft die Pest auf meinem Rechner. SpyBot&Destroy hat ein paar sachen gefunden und auch beseitigt, aber es ist immer noch so, wie vorher. Microsoft security essentials meckert immer noch. hier Hijack-File: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:43:24, on 27.01.2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\Gemeinsame Dateien\DATA BECKER Shared\DBService.exe C:\Programme\ThinkPad\Utilities\DOZESVC.EXE C:\QSTART.SYS\config\DVMExportService.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe C:\WINDOWS\RTHDCPL.EXE C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe C:\Programme\USB Camera\VM331_STI.EXE C:\Programme\Apoint2K\Apoint.exe C:\Program Files\Lenovo\Energy Management\utility.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Lenovo\Energy Management\Energy Management.exe C:\WINDOWS\system32\rundll32.exe C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe C:\WINDOWS\system32\igfxext.exe C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe C:\Programme\Lexmark 1200 Series\lxczbmgr.exe C:\Programme\Lexmark 1200 Series\lxczbmon.exe C:\Programme\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe C:\Programme\Microsoft Security Client\msseces.exe C:\Programme\Lenovo\System Update\SUService.exe C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe C:\Programme\Apoint2K\ApMsgFwd.exe C:\Programme\Apoint2K\Apntex.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Lenovo\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Internet Explorer\iexplore.exe C:\WINDOWS\system32\msiexec.exe C:\Programme\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local R3 - URLSearchHook: (no name) - - (no file) R3 - URLSearchHook: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - (no file) O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file) O4 - HKLM\..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [331BigDog] C:\Programme\USB Camera\VM331_STI.EXE O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe O4 - HKLM\..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Programme\Lexmark 1200 Series\lxczbmgr.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MSC] "c:\Programme\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_93C8148BBB233F43.dll/cmsidewiki.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: LENOVO - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - hxxp://www.lenovo.com (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing) O14 - IERESET.INF: START_PAGE_URL=hxxp://www.lenovo.com O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1271851683671 O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - hxxp://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\Lenovo\Bluetooth Software\bin\btwdins.exe O23 - Service: DATA BECKER Update Service (DBService) - DATA BECKER GmbH & Co KG - C:\Programme\Gemeinsame Dateien\DATA BECKER Shared\DBService.exe O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Programme\ThinkPad\Utilities\DOZESVC.EXE O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM - C:\QSTART.SYS\config\DVMExportService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Programme\Google\Update\GoogleUpdate.exe (file missing) O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Unknown owner - C:\Programme\Google\Update\GoogleUpdate.exe (file missing) O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Power Manager DBC Service - Unknown owner - C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Programme\Lenovo\System Update\SUService.exe O23 - Service: System Repair Windows Update Monitor (System_Repair_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe -- End of file - 11562 bytes eset logfile: Code:
ATTFilter ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=f17ca1ad8065e049afc24c37e119ae26 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-01-26 11:28:35 # local_time=2012-01-27 12:28:35 (+0100, Westeuropäische Normalzeit) # country="Germany" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1280 16777215 100 0 0 0 0 0 # compatibility_mode=5891 16776533 42 87 16033 36152151 0 0 # compatibility_mode=8192 67108863 100 0 3781 3781 0 0 # scanned=59080 # found=3 # cleaned=0 # scan_time=9583 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UHUteKeMQKxWUoQ.exe a variant of Win32/Kryptik.ZMQ trojan (unable to clean) 00000000000000000000000000000000 I C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\yre2SQ72VWK650.exe a variant of Win32/Kryptik.ZMQ trojan (unable to clean) 00000000000000000000000000000000 I C:\System Volume Information\_restore{41490380-0DA4-4E9A-8680-224945C69265}\RP612\A0196551.exe Win32/SoftonicDownloader.C application (unable to clean) 00000000000000000000000000000000 I esets_scanner_update returned -1 esets_gle=1 esets_scanner_update returned -1 esets_gle=53251 # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=f17ca1ad8065e049afc24c37e119ae26 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2012-01-27 01:19:12 # local_time=2012-01-27 02:19:12 (+0100, Westeuropäische Normalzeit) # country="Germany" # lang=1031 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1280 16777215 100 0 0 0 0 0 # compatibility_mode=5891 16776533 42 87 3792 36163076 0 0 # compatibility_mode=8192 67108863 100 0 14706 14706 0 0 # scanned=44868 # found=1 # cleaned=1 # scan_time=5295 C:\System Volume Information\_restore{41490380-0DA4-4E9A-8680-224945C69265}\RP612\A0196551.exe Win32/SoftonicDownloader.C Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert) 00000000000000000000000000000000 C HILFE!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Sarah |
27.01.2012, 15:58 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Kryptik und andere UNDINGER auf meinem nun leeren Rechner... Bitte keine Hijackthis-Log posten!
__________________Und die Logs von Spybot und MSE müsste ich mal sehen. Mach mal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________ |
27.01.2012, 16:25 | #3 |
| Kryptik und andere UNDINGER auf meinem nun leeren Rechner... Spybot alle die ich habe...
__________________Code:
ATTFilter 27.01.2012 00:51:46 - ##### check started ##### 27.01.2012 00:51:46 - ### Version: 1.6.2 27.01.2012 00:51:46 - ### Date: 27.01.2012 00:51:46 27.01.2012 00:51:52 - ##### checking bots ##### 27.01.2012 00:54:04 - found: Babylon.Toolbar Einstellungen 27.01.2012 00:54:04 - found: Babylon.Toolbar Einstellungen 27.01.2012 00:54:04 - found: Babylon.Toolbar Root class 27.01.2012 00:54:04 - found: Babylon.Toolbar Root class 27.01.2012 00:54:04 - found: Babylon.Toolbar Root class 27.01.2012 00:54:04 - found: Babylon.Toolbar Root class 27.01.2012 00:54:05 - found: Babylon.Toolbar Einstellungen 27.01.2012 00:54:05 - found: Babylon.Toolbar IE Suchseite 27.01.2012 00:54:05 - found: Babylon.Toolbar IE Suchseite 27.01.2012 01:56:25 - ##### check finished ##### Code:
ATTFilter --- Report generated: 2012-01-27 01:56 --- Babylon.Toolbar: [SBI $3BE29F71] Einstellungen (Registrierungsdatenbank-Schlüssel, nothing done) HKEY_CLASSES_ROOT\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB} Babylon.Toolbar: [SBI $AA4747ED] Einstellungen (Registrierungsdatenbank-Schlüssel, nothing done) HKEY_CLASSES_ROOT\AppID\escort.DLL Babylon.Toolbar: [SBI $B04483F7] Root class (Registrierungsdatenbank-Schlüssel, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr Babylon.Toolbar: [SBI $B04483F7] Root class (Registrierungsdatenbank-Schlüssel, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1 Babylon.Toolbar: [SBI $B04483F7] Root class (Registrierungsdatenbank-Schlüssel, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1 Babylon.Toolbar: [SBI $B04483F7] Root class (Registrierungsdatenbank-Schlüssel, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr Babylon.Toolbar: [SBI $5FA838EA] Einstellungen (Registrierungsdatenbank-Schlüssel, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Google\chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb Babylon.Toolbar: [SBI $DC3E8AFA] IE Suchseite (Registrierungsdatenbank-Änderung, nothing done) HKEY_LOCAL_MACHINESoftware\Microsoft\Internet Explorer\Search\SearchAssistant=about:blank Babylon.Toolbar: [SBI $DC3E8AFA] IE Suchseite (Registrierungsdatenbank-Änderung, nothing done) HKEY_LOCAL_MACHINESoftware\Microsoft\Internet Explorer\Search\SearchAssistant=about:blank --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) --- 2010-04-22 unins000.exe (51.49.0.0) 2009-01-26 blindman.exe (1.0.0.8) 2009-01-26 SDMain.exe (1.0.0.6) 2009-01-26 Update.exe (1.6.0.7) 2009-01-26 SDFiles.exe (1.6.1.7) 2009-01-26 SDUpdate.exe (1.6.0.12) 2009-01-26 SpybotSD.exe (1.6.2.46) 2009-01-26 SDShred.exe (1.0.2.5) 2009-03-05 TeaTimer.exe (1.6.6.32) 2009-01-16 UninsSrv.dll (1.0.0.0) 2009-01-26 SDHelper.dll (1.6.2.14) 2009-01-26 Tools.dll (2.1.6.10) 2008-06-14 DelZip179.dll (1.79.11.1) 2007-04-02 aports.dll (2.1.0.0) 2008-06-19 sqlite3.dll 2009-11-04 advcheck.dll (1.6.5.20) 2004-11-29 Includes\LSP.sbi (*) 2010-12-14 Includes\Dialer.sbi (*) 2011-03-29 Includes\Hijackers.sbi (*) 2010-09-15 Includes\iPhone.sbi (*) 2010-12-14 Includes\Keyloggers.sbi (*) 2012-01-10 Includes\Malware.sbi (*) 2011-02-24 Includes\PUPS.sbi (*) 2011-02-24 Includes\Security.sbi (*) 2008-06-03 Includes\Spybots.sbi (*) 2012-01-17 Includes\Spyware.sbi (*) 2012-01-16 Includes\Adware.sbi (*) 2011-09-28 Includes\Trojans.sbi (*) 2010-08-13 Includes\Cookies.sbi (*) 2011-11-29 Includes\DialerC.sbi (*) 2011-02-24 Includes\HeavyDuty.sbi (*) 2011-10-04 Includes\HijackersC.sbi (*) 2012-01-24 Includes\KeyloggersC.sbi (*) 2012-01-24 Includes\MalwareC.sbi (*) 2011-12-27 Includes\PUPSC.sbi (*) 2010-01-25 Includes\Revision.sbi (*) 2011-12-13 Includes\SecurityC.sbi (*) 2008-06-03 Includes\SpybotsC.sbi (*) 2012-01-17 Includes\SpywareC.sbi (*) 2010-03-08 Includes\Tracks.uti 2012-01-16 Includes\TrojansC-02.sbi (*) 2012-01-24 Includes\TrojansC-03.sbi (*) 2012-01-25 Includes\TrojansC-04.sbi (*) 2012-01-24 Includes\TrojansC-05.sbi (*) 2012-01-17 Includes\TrojansC.sbi (*) 2012-01-17 Includes\AdwareC.sbi (*) 2007-12-24 Plugins\TCPIPAddress.dll 2008-03-04 Plugins\Chai.dll 2008-03-05 Plugins\Fennel.dll 2008-02-26 Plugins\Mate.dll Code:
ATTFilter --- Report generated: 2012-01-27 08:00 --- --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) --- 2010-04-22 unins000.exe (51.49.0.0) 2009-01-26 blindman.exe (1.0.0.8) 2009-01-26 SDMain.exe (1.0.0.6) 2009-01-26 Update.exe (1.6.0.7) 2009-01-26 SDFiles.exe (1.6.1.7) 2009-01-26 SDUpdate.exe (1.6.0.12) 2009-01-26 SpybotSD.exe (1.6.2.46) 2009-01-26 SDShred.exe (1.0.2.5) 2009-03-05 TeaTimer.exe (1.6.6.32) 2009-01-16 UninsSrv.dll (1.0.0.0) 2009-01-26 SDHelper.dll (1.6.2.14) 2009-01-26 Tools.dll (2.1.6.10) 2008-06-14 DelZip179.dll (1.79.11.1) 2007-04-02 aports.dll (2.1.0.0) 2008-06-19 sqlite3.dll 2009-11-04 advcheck.dll (1.6.5.20) 2004-11-29 Includes\LSP.sbi (*) 2010-12-14 Includes\Dialer.sbi (*) 2011-03-29 Includes\Hijackers.sbi (*) 2010-09-15 Includes\iPhone.sbi (*) 2010-12-14 Includes\Keyloggers.sbi (*) 2012-01-10 Includes\Malware.sbi (*) 2011-02-24 Includes\PUPS.sbi (*) 2011-02-24 Includes\Security.sbi (*) 2008-06-03 Includes\Spybots.sbi (*) 2012-01-17 Includes\Spyware.sbi (*) 2012-01-16 Includes\Adware.sbi (*) 2011-09-28 Includes\Trojans.sbi (*) 2010-08-13 Includes\Cookies.sbi (*) 2011-11-29 Includes\DialerC.sbi (*) 2011-02-24 Includes\HeavyDuty.sbi (*) 2011-10-04 Includes\HijackersC.sbi (*) 2012-01-24 Includes\KeyloggersC.sbi (*) 2012-01-24 Includes\MalwareC.sbi (*) 2011-12-27 Includes\PUPSC.sbi (*) 2010-01-25 Includes\Revision.sbi (*) 2011-12-13 Includes\SecurityC.sbi (*) 2008-06-03 Includes\SpybotsC.sbi (*) 2012-01-17 Includes\SpywareC.sbi (*) 2010-03-08 Includes\Tracks.uti 2012-01-16 Includes\TrojansC-02.sbi (*) 2012-01-24 Includes\TrojansC-03.sbi (*) 2012-01-25 Includes\TrojansC-04.sbi (*) 2012-01-24 Includes\TrojansC-05.sbi (*) 2012-01-17 Includes\TrojansC.sbi (*) 2012-01-17 Includes\AdwareC.sbi (*) 2007-12-24 Plugins\TCPIPAddress.dll 2008-03-04 Plugins\Chai.dll 2008-03-05 Plugins\Fennel.dll 2008-02-26 Plugins\Mate.dll Code:
ATTFilter --- Report generated: 2012-01-27 07:04 --- Babylon.Toolbar: [SBI $3BE29F71] Einstellungen (Registrierungsdatenbank-Schlüssel, fixed) HKEY_CLASSES_ROOT\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB} Babylon.Toolbar: [SBI $AA4747ED] Einstellungen (Registrierungsdatenbank-Schlüssel, fixed) HKEY_CLASSES_ROOT\AppID\escort.DLL Babylon.Toolbar: [SBI $B04483F7] Root class (Registrierungsdatenbank-Schlüssel, fixed) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr Babylon.Toolbar: [SBI $B04483F7] Root class (Registrierungsdatenbank-Schlüssel, fixed) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1 Babylon.Toolbar: [SBI $B04483F7] Root class (Registrierungsdatenbank-Schlüssel, fixing failed) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1 Babylon.Toolbar: [SBI $B04483F7] Root class (Registrierungsdatenbank-Schlüssel, fixing failed) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr Babylon.Toolbar: [SBI $5FA838EA] Einstellungen (Registrierungsdatenbank-Schlüssel, fixed) HKEY_LOCAL_MACHINE\SOFTWARE\Google\chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb Babylon.Toolbar: [SBI $DC3E8AFA] IE Suchseite (Registrierungsdatenbank-Änderung, fixed) HKEY_LOCAL_MACHINESoftware\Microsoft\Internet Explorer\Search\SearchAssistant=about:blank Babylon.Toolbar: [SBI $DC3E8AFA] IE Suchseite (Registrierungsdatenbank-Änderung, fixed) HKEY_LOCAL_MACHINESoftware\Microsoft\Internet Explorer\Search\SearchAssistant=about:blank --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) --- 2010-04-22 unins000.exe (51.49.0.0) 2009-01-26 blindman.exe (1.0.0.8) 2009-01-26 SDMain.exe (1.0.0.6) 2009-01-26 Update.exe (1.6.0.7) 2009-01-26 SDFiles.exe (1.6.1.7) 2009-01-26 SDUpdate.exe (1.6.0.12) |
27.01.2012, 17:29 | #4 |
| Kryptik und andere UNDINGER auf meinem nun leeren Rechner...Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2012.01.27.03 Windows XP Service Pack 3 x86 FAT32 Internet Explorer 8.0.6001.18702 Sarah :: IDEAPAD-S12 [Administrator] Schutz: Aktiviert 27.01.2012 16:05:33 mbam-log-2012-01-27 (17-28-30).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 207436 Laufzeit: 1 Stunde(n), 3 Minute(n), 51 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 6 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRun (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Keine Aktion durchgeführt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
27.01.2012, 20:20 | #5 |
| Kryptik und andere UNDINGER auf meinem nun leeren Rechner... War das falsch??? |
27.01.2012, 22:04 | #6 |
| Kryptik und andere UNDINGER auf meinem nun leeren Rechner... Ich mach echt alles... OTL Code:
ATTFilter OTL logfile created on: 27.01.2012 21:37:14 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Dokumente und Einstellungen\Sarah\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,49 Gb Total Physical Memory | 0,73 Gb Available Physical Memory | 49,19% Memory free 2,83 Gb Paging File | 2,12 Gb Available in Paging File | 74,71% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 103,89 Gb Total Space | 81,11 Gb Free Space | 78,07% Space Free | Partition Type: FAT32 Drive D: | 30,38 Gb Total Space | 29,40 Gb Free Space | 96,77% Space Free | Partition Type: NTFS Computer Name: IDEAPAD-S12 | User Name: Sarah | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.01.27 21:28:10 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sarah\Desktop\OTL.exe PRC - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.12.24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.06.15 15:16:48 | 000,997,920 | -H-- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe PRC - [2011.04.27 15:39:26 | 000,228,520 | -H-- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\MpCmdRun.exe PRC - [2011.04.27 15:39:26 | 000,011,736 | -H-- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe PRC - [2011.04.08 12:59:52 | 000,254,696 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2010.05.30 21:53:18 | 000,187,456 | -H-- | M] (DATA BECKER GmbH & Co KG) -- C:\Programme\Gemeinsame Dateien\DATA BECKER Shared\DBService.exe PRC - [2010.03.03 01:20:00 | 000,132,456 | -H-- | M] (Lenovo.) -- C:\Programme\ThinkPad\Utilities\DOZESVC.EXE PRC - [2010.03.03 01:20:00 | 000,053,248 | -H-- | M] () -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe PRC - [2009.06.12 10:55:48 | 000,028,672 | -H-- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\System Update\SUService.exe PRC - [2009.03.26 10:20:40 | 000,315,392 | -H-- | M] (DeviceVM) -- C:\QSTART.SYS\config\DVMExportService.exe PRC - [2009.02.11 04:13:52 | 000,532,480 | -H-- | M] (Vimicro) -- C:\Programme\USB Camera\VM331_STI.EXE PRC - [2009.01.16 17:56:42 | 000,346,720 | -H-- | M] (Broadcom Corporation.) -- C:\Programme\Lenovo\Bluetooth Software\bin\btwdins.exe PRC - [2009.01.04 12:57:28 | 004,462,464 | -H-- | M] (Lenovo(Beijing)Limited) -- C:\Program Files\Lenovo\Energy Management\utility.exe PRC - [2008.12.26 10:05:46 | 001,277,952 | -H-- | M] (Lenovo (Beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\Energy Management.exe PRC - [2008.09.27 11:00:24 | 000,430,080 | -H-- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe PRC - [2008.07.20 17:45:06 | 000,354,840 | -H-- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2008.07.20 17:45:06 | 000,182,808 | -H-- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2008.04.14 04:00:00 | 001,036,800 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008.03.04 10:34:20 | 000,487,424 | -H-- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe PRC - [2008.03.04 10:34:12 | 001,122,304 | -H-- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe PRC - [2007.09.26 17:34:46 | 000,644,408 | -H-- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe PRC - [2006.07.13 13:33:14 | 000,053,248 | -H-- | M] (Lexmark International, Inc.) -- C:\Programme\Lexmark 1200 Series\lxczbmon.exe PRC - [2006.07.13 13:26:10 | 000,057,344 | -H-- | M] (Lexmark International, Inc.) -- C:\Programme\Lexmark 1200 Series\lxczbmgr.exe ========== Modules (No Company Name) ========== MOD - [2011.10.14 17:33:20 | 000,212,992 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll MOD - [2011.10.14 17:28:48 | 005,450,752 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll MOD - [2011.10.14 17:28:16 | 007,950,848 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll MOD - [2011.10.14 17:27:36 | 011,490,816 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll MOD - [2010.04.21 17:48:30 | 000,315,392 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.04.21 17:48:24 | 000,040,960 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll MOD - [2010.03.03 01:20:00 | 000,053,248 | -H-- | M] () -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe MOD - [2010.03.03 01:20:00 | 000,043,008 | -H-- | M] () -- C:\Programme\ThinkPad\Utilities\GR\PWRMGRRT.DLL MOD - [2009.02.27 16:41:26 | 000,311,296 | -H-- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU MOD - [2008.05.21 17:33:22 | 000,045,056 | -H-- | M] () -- C:\Program Files\Lenovo\Energy Management\KbdHook.dll MOD - [2008.01.03 19:23:06 | 000,167,936 | -H-- | M] () -- C:\Program Files\Lenovo\OneKey App\System Repair\LenovoAPI.dll MOD - [2007.08.21 13:32:44 | 000,098,304 | -H-- | M] () -- C:\WINDOWS\system32\redmonnt.dll MOD - [2006.01.19 12:33:38 | 000,078,336 | -H-- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LXCZPP5C.DLL MOD - [2005.06.24 03:05:02 | 000,045,056 | -H-- | M] () -- C:\Program Files\Lenovo\Energy Management\HookLib.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - File not found [On_Demand | Stopped] -- -- (gupdatem) Google Update-Dienst (gupdatem) SRV - File not found [Auto | Stopped] -- -- (gupdate) Google Update Service (gupdate) SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt) SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.04.27 15:39:26 | 000,011,736 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) SRV - [2010.05.30 21:53:18 | 000,187,456 | -H-- | M] (DATA BECKER GmbH & Co KG) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\DATA BECKER Shared\DBService.exe -- (DBService) SRV - [2010.03.03 01:20:00 | 000,132,456 | -H-- | M] (Lenovo.) [Auto | Running] -- C:\Programme\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc) SRV - [2010.03.03 01:20:00 | 000,053,248 | -H-- | M] () [Auto | Running] -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service) SRV - [2009.06.12 10:55:48 | 000,028,672 | -H-- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\System Update\SUService.exe -- (SUService) SRV - [2009.03.26 10:20:40 | 000,315,392 | -H-- | M] (DeviceVM) [Auto | Running] -- C:\QSTART.SYS\config\DVMExportService.exe -- (DvmMDES) SRV - [2009.01.16 17:56:42 | 000,346,720 | -H-- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\Lenovo\Bluetooth Software\bin\btwdins.exe -- (btwdins) SRV - [2008.11.04 01:06:28 | 000,441,712 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008.09.27 11:00:24 | 000,430,080 | -H-- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe -- (System_Repair_UpdateMonitor) SRV - [2008.07.20 17:45:06 | 000,354,840 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2008.03.04 10:34:12 | 001,122,304 | -H-- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler) SRV - [2007.09.26 17:34:46 | 000,644,408 | -H-- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service) SRV - [2006.10.26 14:03:08 | 000,145,184 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2010.03.03 01:20:00 | 000,024,304 | -H-- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\DozeHDD.sys -- (DozeHDD) DRV - [2010.03.03 01:20:00 | 000,004,442 | -H-- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF) DRV - [2010.02.24 12:22:10 | 000,185,472 | -H-- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acedrv11.sys -- (acedrv11) DRV - [2009.05.08 03:06:10 | 000,203,312 | -H-- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2009.03.02 08:57:22 | 000,995,328 | -H-- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vm331avs.sys -- (vm331avs) DRV - [2009.02.03 07:42:32 | 000,162,816 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2009.01.07 23:19:00 | 000,991,784 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2008.10.30 21:19:16 | 000,047,272 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2008.09.10 19:14:48 | 001,386,624 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2008.08.28 18:39:08 | 000,048,192 | -H-- | M] (Lenovo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tvtumon.sys -- (tvtumon) DRV - [2008.07.24 10:37:12 | 000,156,816 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS) DRV - [2008.05.30 04:46:14 | 000,534,568 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio) DRV - [2008.04.02 08:00:02 | 005,056,000 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008.04.02 08:00:02 | 001,684,736 | -H-- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2008.04.02 08:00:02 | 001,389,056 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) DRV - [2008.02.04 09:57:46 | 000,037,160 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver) DRV - [2008.01.11 14:58:42 | 000,009,472 | -H-- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AcpiVpc.sys -- (ACPIVPC) DRV - [2008.01.10 10:59:08 | 000,081,192 | -H-- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WSVD.sys -- (WSVD) DRV - [2007.09.17 13:00:12 | 000,161,792 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2007.05.23 16:33:58 | 000,128,104 | -H-- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr) DRV - [2007.02.19 07:56:46 | 000,021,376 | -H-- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Programme\Google\Update\1.2.183.29\npGoogleOneClick8.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( ) O1 HOSTS File: ([2012.01.26 23:55:34 | 000,392,788 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 13564 more lines... O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found. O2 - BHO: (no name) - {326E768D-4182-46FD-9C16-1449A49795F4} - No CLSID value found. O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - No CLSID value found. O2 - BHO: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found. O4 - HKLM..\Run: [331BigDog] C:\Programme\USB Camera\VM331_STI.EXE (Vimicro) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [Lexmark 1200 Series] C:\Programme\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSC] c:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0 O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_93C8148BBB233F43.dll/cmsidewiki.html File not found O8 - Extra context menu item: Mit FRITZ!Box Anrufen - Reg Error: Value error. File not found O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: LENOVO - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - hxxp://www.lenovo.com File not found O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe File not found O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1271851683671 (MUWebControl Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{84753FCB-80EF-4817-88AB-33A577F161E8}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Sarah\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Sarah\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.07.03 00:42:14 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ] O33 - MountPoints2\{833f6520-48ea-11dd-a2d1-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{833f6520-48ea-11dd-a2d1-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{833f6520-48ea-11dd-a2d1-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe O33 - MountPoints2\{8af4ed36-47d3-11e0-9aab-002100edc2b5}\Shell - "" = AutoRun O33 - MountPoints2\{8af4ed36-47d3-11e0-9aab-002100edc2b5}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{8af4ed36-47d3-11e0-9aab-002100edc2b5}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.0 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ActiveX: Microsoft Base Smart Card Crypto Provider Package - NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - File not found NetSvcs: HidServ - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2012.01.27 21:28:00 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sarah\Desktop\OTL.exe [2012.01.27 16:04:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Malwarebytes [2012.01.27 16:03:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.01.27 16:03:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.01.27 16:03:42 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.01.27 16:03:42 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.01.27 15:42:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sarah\Desktop\hijack [2012.01.27 15:41:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sarah\Startmenü\Programme\HiJackThis [2012.01.27 15:41:10 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro [2012.01.27 07:08:40 | 000,000,000 | -HSD | C] -- C:\FOUND.014 [2012.01.27 00:39:29 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Sarah\Recent [2012.01.26 21:45:53 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2012.01.26 09:45:26 | 000,000,000 | -HSD | C] -- C:\FOUND.013 [2012.01.24 21:24:47 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Sarah\.thumbnails [2012.01.17 16:19:22 | 000,000,000 | -HSD | C] -- C:\FOUND.012 [2012.01.15 21:33:49 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Sarah\Desktop\HOCHZEIT [2012.01.11 10:46:48 | 000,000,000 | -HSD | C] -- C:\FOUND.011 [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.01.27 21:56:02 | 000,000,382 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job [2012.01.27 21:36:22 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\tjc3ltwv.exe [2012.01.27 21:34:54 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.01.27 21:30:18 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx [2012.01.27 21:29:02 | 000,001,088 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.01.27 21:28:10 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sarah\Desktop\OTL.exe [2012.01.27 21:27:38 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Sarah\defogger_reenable [2012.01.27 21:26:12 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\Defogger.exe [2012.01.27 21:20:44 | 000,000,056 | -HS- | M] () -- C:\_PartitionInfo [2012.01.27 21:20:04 | 000,001,084 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.01.27 21:19:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.01.27 16:03:58 | 000,000,660 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.01.26 22:07:30 | 000,001,434 | ---- | M] () -- C:\WINDOWS\System32\drivers\slkjsdth.dat [2012.01.26 09:46:08 | 003,610,120 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.01.22 11:45:22 | 000,036,877 | -H-- | M] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\Bild 049.jpg [2012.01.08 08:01:22 | 000,535,426 | -H-- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.01.08 08:01:22 | 000,483,380 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.01.08 08:01:22 | 000,115,726 | -H-- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.01.08 08:01:22 | 000,087,090 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.01.27 21:36:06 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\tjc3ltwv.exe [2012.01.27 21:27:36 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Sarah\defogger_reenable [2012.01.27 21:26:16 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\Defogger.exe [2012.01.27 16:03:56 | 000,000,660 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.01.27 00:57:30 | 000,000,177 | -H-- | C] () -- C:\dvmexp.idx [2012.01.26 22:07:28 | 000,001,434 | ---- | C] () -- C:\WINDOWS\System32\drivers\slkjsdth.dat [2012.01.22 11:45:20 | 000,036,877 | -H-- | C] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\Bild 049.jpg [2011.04.11 21:17:31 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2011.03.06 15:14:49 | 000,027,648 | -H-- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2010.11.27 17:20:12 | 000,098,304 | -H-- | C] () -- C:\WINDOWS\System32\redmonnt.dll [2010.08.15 16:50:41 | 000,014,336 | -H-- | C] () -- C:\Dokumente und Einstellungen\Sarah\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.07.05 11:15:29 | 000,000,076 | -H-- | C] () -- C:\WINDOWS\dellstat.ini [2010.07.05 11:13:51 | 000,000,393 | -H-- | C] () -- C:\WINDOWS\lexstat.ini [2010.07.05 11:12:07 | 000,155,648 | -H-- | C] () -- C:\WINDOWS\System32\LEXPING.EXE [2010.07.05 11:12:07 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\lxczvs.dll [2010.07.05 11:12:07 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\INSTMON.EXE [2010.07.05 11:10:46 | 000,000,270 | -H-- | C] () -- C:\WINDOWS\System32\lxczcoin.ini [2010.06.09 14:53:24 | 001,126,560 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2010.04.23 04:31:02 | 000,065,308 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2010.04.21 15:36:44 | 000,196,608 | -H-- | C] () -- C:\WINDOWS\PWMBTHLP.EXE [2010.04.21 15:36:43 | 000,004,442 | -H-- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS [2010.04.21 13:13:32 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat [2009.06.21 21:52:10 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini [2009.06.21 17:03:16 | 000,036,864 | -H-- | C] () -- C:\WINDOWS\setbt.exe [2009.06.21 16:20:14 | 009,338,880 | -H-- | C] () -- C:\WINDOWS\System32\Facev.dll [2009.06.21 16:20:14 | 000,495,616 | -H-- | C] () -- C:\WINDOWS\System32\picn.dll [2009.06.21 16:20:14 | 000,208,896 | -H-- | C] () -- C:\WINDOWS\System32\image.dll [2009.06.21 16:20:13 | 001,564,672 | -H-- | C] () -- C:\WINDOWS\System32\MainOp.dll [2009.06.21 16:20:13 | 000,655,360 | -H-- | C] () -- C:\WINDOWS\System32\EncIcons.dll [2009.06.21 16:20:13 | 000,507,904 | -H-- | C] () -- C:\WINDOWS\System32\SimpleExt.dll [2009.06.21 16:20:13 | 000,241,752 | -H-- | C] () -- C:\WINDOWS\System32\IcnOvrly.dll [2009.06.21 16:20:13 | 000,221,184 | -H-- | C] () -- C:\WINDOWS\System32\SetDev.dll [2009.06.21 16:20:13 | 000,126,976 | -H-- | C] () -- C:\WINDOWS\System32\VideoOp.dll [2009.06.21 16:20:13 | 000,053,248 | -H-- | C] () -- C:\WINDOWS\System32\FunFrm.dll [2009.06.21 16:20:12 | 009,502,720 | -H-- | C] () -- C:\WINDOWS\System32\FaceVerify.dll [2009.06.21 16:20:12 | 001,974,272 | -H-- | C] () -- C:\WINDOWS\System32\Imagereog.dll [2009.06.21 16:20:12 | 001,167,360 | -H-- | C] () -- C:\WINDOWS\System32\PicNotify.dll [2009.06.21 16:20:12 | 000,974,848 | -H-- | C] () -- C:\WINDOWS\System32\Apblend.dll [2009.06.21 16:20:12 | 000,094,208 | -H-- | C] () -- C:\WINDOWS\System32\Momo.dll [2009.06.21 16:20:12 | 000,049,152 | -H-- | C] () -- C:\WINDOWS\System32\DevFilt.dll [2009.06.21 16:20:10 | 000,241,664 | -H-- | C] () -- C:\WINDOWS\System32\3DImageRenderer.dll [2009.06.21 15:57:32 | 000,001,282 | -H-- | C] () -- C:\WINDOWS\vm331Rmv.ini [2009.06.21 15:46:32 | 000,147,456 | -H-- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll [2009.01.16 17:55:38 | 002,854,976 | -H-- | C] () -- C:\WINDOWS\System32\btwicons.dll [2008.11.07 18:08:20 | 000,362,029 | -H-- | C] () -- C:\WINDOWS\System32\sqlite3.dll [2008.07.21 18:30:37 | 000,001,650 | -H-- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2008.07.03 01:34:14 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI [2008.07.03 01:33:08 | 003,610,120 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2008.07.03 00:44:15 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2008.07.03 00:39:50 | 000,021,740 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2008.05.26 22:23:36 | 000,016,834 | -H-- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2008.05.26 22:23:34 | 000,024,188 | -H-- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2008.05.26 22:23:32 | 000,016,568 | -H-- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2008.05.26 21:59:42 | 000,018,904 | -H-- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin [2008.05.26 21:59:40 | 000,106,605 | -H-- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin [2008.04.14 04:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat [2008.04.14 04:00:00 | 000,535,426 | -H-- | C] () -- C:\WINDOWS\System32\perfh007.dat [2008.04.14 04:00:00 | 000,483,380 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat [2008.04.14 04:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat [2008.04.14 04:00:00 | 000,269,480 | -H-- | C] () -- C:\WINDOWS\System32\perfi007.dat [2008.04.14 04:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat [2008.04.14 04:00:00 | 000,115,726 | -H-- | C] () -- C:\WINDOWS\System32\perfc007.dat [2008.04.14 04:00:00 | 000,087,090 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat [2008.04.14 04:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin [2008.04.14 04:00:00 | 000,034,478 | -H-- | C] () -- C:\WINDOWS\System32\perfd007.dat [2008.04.14 04:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat [2008.04.14 04:00:00 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat [2008.04.14 04:00:00 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\Dcache.bin [2008.04.14 04:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat [2001.11.14 12:56:00 | 001,802,240 | -H-- | C] () -- C:\WINDOWS\System32\lcppn21.dll [2001.10.09 23:36:22 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin [2001.10.09 23:35:30 | 000,004,492 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat ========== LOP Check ========== [2010.04.21 15:29:54 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCDr [2010.04.22 00:32:52 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Azureus [2010.04.22 01:09:50 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Laplink [2010.04.22 01:10:10 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spearit [2010.04.23 10:46:18 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ [2010.04.29 09:30:22 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010.05.30 21:53:16 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DATA BECKER Downloads [2010.06.12 13:30:14 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} [2010.06.12 13:30:22 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2010.08.27 12:07:56 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MySQL [2011.01.19 21:07:16 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular [2011.12.24 08:17:10 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RavensburgerTipToi [2010.04.21 14:48:02 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Windows Desktop Search [2010.04.21 15:01:48 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Windows Search [2010.04.22 01:10:10 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Spearit [2010.05.30 21:52:40 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\ProtectDisc [2010.05.31 07:56:12 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\mresreg [2010.06.01 21:41:38 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\VSO [2010.06.10 13:50:04 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\SmartTools [2010.06.12 13:30:48 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\TuneUp Software [2010.08.21 08:25:08 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\OCS [2011.12.24 08:17:10 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\RavensburgerTipToi [2012.01.27 21:56:02 | 000,000,382 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job [2011.08.05 20:26:04 | 000,000,300 | -H-- | M] () -- C:\WINDOWS\Tasks\PMTask.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.10.16 11:56:58 | 000,000,000 | -H-D | M] -- C:\dvmexp [2008.07.03 00:45:22 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen [2008.07.03 01:34:44 | 000,000,000 | -H-D | M] -- C:\DRIVER [2008.07.03 00:45:30 | 000,000,000 | RH-D | M] -- C:\Programme [2008.07.03 02:32:20 | 000,000,000 | -H-D | M] -- C:\UPDATE [2008.07.03 01:08:54 | 000,000,000 | -H-D | M] -- C:\WINDOWS [2010.10.22 07:14:22 | 000,000,000 | -HSD | M] -- C:\FOUND.000 [2009.06.21 15:43:08 | 000,000,000 | -H-D | M] -- C:\Intel [2011.03.22 12:22:54 | 000,000,000 | -HSD | M] -- C:\FOUND.004 [2010.11.25 16:41:14 | 000,000,000 | -HSD | M] -- C:\FOUND.002 [2011.04.11 13:08:24 | 000,000,000 | -HSD | M] -- C:\FOUND.003 [2011.01.18 20:38:02 | 000,000,000 | -HSD | M] -- C:\FOUND.001 [2011.09.06 23:00:00 | 000,000,000 | -HSD | M] -- C:\FOUND.006 [2011.09.13 06:50:04 | 000,000,000 | -HSD | M] -- C:\FOUND.007 [2010.07.05 11:09:32 | 000,000,000 | -H-D | M] -- C:\Lexmark [2011.05.12 14:24:44 | 000,000,000 | -HSD | M] -- C:\FOUND.005 [2011.10.12 19:27:48 | 000,000,000 | -HSD | M] -- C:\FOUND.008 [2011.11.11 15:59:02 | 000,000,000 | -HSD | M] -- C:\FOUND.009 [2011.12.12 19:18:04 | 000,000,000 | -HSD | M] -- C:\FOUND.010 [2012.01.11 10:46:48 | 000,000,000 | -HSD | M] -- C:\FOUND.011 [2012.01.17 16:19:22 | 000,000,000 | -HSD | M] -- C:\FOUND.012 [2012.01.26 09:45:26 | 000,000,000 | -HSD | M] -- C:\FOUND.013 [2012.01.27 07:08:40 | 000,000,000 | -HSD | M] -- C:\FOUND.014 [2009.06.21 16:19:08 | 000,000,000 | -H-D | M] -- C:\QSTART.SYS [2009.06.21 16:19:34 | 000,000,000 | -H-D | M] -- C:\QSTART.000 [2009.06.21 16:20:00 | 000,000,000 | -H-D | M] -- C:\temp [2009.06.21 16:33:52 | 000,000,000 | -H-D | M] -- C:\Program Files [2009.06.21 17:02:48 | 000,000,000 | -HSD | M] -- C:\Recycled [2010.04.21 11:47:16 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010.04.21 15:36:10 | 000,000,000 | -H-D | M] -- C:\DRIVERS [2010.04.21 16:33:06 | 000,000,000 | RH-D | M] -- C:\MSOCache [2010.04.22 01:49:54 | 000,000,000 | -H-D | M] -- C:\PCmover < %PROGRAMFILES%\*.exe > Invalid Environment Variable: LOCALAPPDATA < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > [2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < MD5 for: AFD.SYS > [2011.08.17 15:49:54 | 000,138,496 | -H-- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\dllcache\afd.sys [2011.08.17 15:49:54 | 000,138,496 | -H-- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\drivers\afd.sys [2008.04.14 04:00:00 | 000,138,112 | -H-- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\$NtUninstallKB951748$\afd.sys [2011.02.16 15:22:48 | 000,138,496 | -H-- | M] (Microsoft Corporation) MD5=355556D9E580915118CD7EF736653A89 -- C:\WINDOWS\$NtUninstallKB2592799$\afd.sys [2008.10.16 17:07:58 | 000,138,496 | -H-- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys [2008.08.14 12:34:26 | 000,138,496 | -H-- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys [2008.10.16 16:43:02 | 000,138,496 | -H-- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\$NtUninstallKB2503665$\afd.sys [2008.08.14 12:04:36 | 000,138,496 | -H-- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$NtUninstallKB2509553$\afd.sys [2011.02.16 15:25:06 | 000,138,496 | -H-- | M] (Microsoft Corporation) MD5=8D499B1276012EB907E7A9E0F4D8FDA4 -- C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys [2008.06.20 13:48:04 | 000,138,496 | -H-- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys [2008.06.20 13:40:08 | 000,138,496 | -H-- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$NtUninstallKB956803$\afd.sys [2011.08.17 15:41:46 | 000,138,496 | -H-- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys < MD5 for: EXPLORER.EXE > [2008.04.14 04:00:00 | 001,036,800 | -H-- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe [2008.04.14 04:00:00 | 001,036,800 | -H-- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\system32\dllcache\explorer.exe < MD5 for: IPSEC.SYS > [2008.04.14 04:00:00 | 000,075,264 | -H-- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\dllcache\ipsec.sys [2008.04.14 04:00:00 | 000,075,264 | -H-- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\drivers\ipsec.sys < MD5 for: REGEDIT.EXE > [2008.04.14 04:00:00 | 000,153,600 | -H-- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\regedit.exe [2008.04.14 04:00:00 | 000,153,600 | -H-- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\system32\dllcache\regedit.exe < MD5 for: USERINIT.EXE > [2008.04.14 04:00:00 | 000,026,624 | -H-- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe [2008.04.14 04:00:00 | 000,026,624 | -H-- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008.04.14 04:00:00 | 000,513,024 | -H-- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe [2008.04.14 04:00:00 | 000,513,024 | -H-- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2011.11.23 15:40:14 | 001,859,712 | -H-- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-01-12 11:52:28 < End of report > EXTRAS Code:
ATTFilter OTL Extras logfile created on: 27.01.2012 21:37:14 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Dokumente und Einstellungen\Sarah\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,49 Gb Total Physical Memory | 0,73 Gb Available Physical Memory | 49,19% Memory free 2,83 Gb Paging File | 2,12 Gb Available in Paging File | 74,71% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 103,89 Gb Total Space | 81,11 Gb Free Space | 78,07% Space Free | Partition Type: FAT32 Drive D: | 30,38 Gb Total Space | 29,40 Gb Free Space | 96,77% Space Free | Partition Type: NTFS Computer Name: IDEAPAD-S12 | User Name: Sarah | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = Opera.HTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* http [open] -- Reg Error: Value error. https [open] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "UpdatesDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth "C:\xampp\mysql\bin\mysqld.exe" = C:\xampp\mysql\bin\mysqld.exe:*:Enabled:The MySQL Server "C:\xampp\apache\bin\httpd.exe" = C:\xampp\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server "C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth "C:\Dokumente und Einstellungen\Sarah\Desktop\AviConverterSetup.exe" = C:\Dokumente und Einstellungen\Sarah\Desktop\AviConverterSetup.exe:*:Enabled:InstallCore™ "C:\Dokumente und Einstellungen\Sarah\Eigene Dateien\Xampp\mysql\bin\mysqld.exe" = C:\Dokumente und Einstellungen\Sarah\Eigene Dateien\Xampp\mysql\bin\mysqld.exe:*:Enabled:mysqld "C:\Dokumente und Einstellungen\Sarah\Eigene Dateien\Xampp\apache\bin\httpd.exe" = C:\Dokumente und Einstellungen\Sarah\Eigene Dateien\Xampp\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware "{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 26 "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{357B11ED-5417-4CF3-8EB2-386299BC30E0}" = Lenovo Quick Start "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery "{49FC50FC-F965-40D9-89B4-CBFF80941031}" = Windows Movie Maker 2.0 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack "{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{717E0AD5-91EB-459F-AB8B-1B5219BAF7CE}" = Lenovo System Repair - Windows Update Monitor "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{84814E6B-2581-46EC-926A-823BD1C670F6}" = Lenovo Bluetooth with Enhanced Data Rate Software "{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8991E763-21F5-4DEA-A938-5D9D77DCB488}" = Broadcom WLAN "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12 "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager "{909B62B0-8ACA-4061-A83B-09CAEF609619}" = MSXML 6.0 Parser "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver "{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Energie-Manager "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components "{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}" = Lenovo EasyCamera "{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86 "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU "{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client "{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom Gigabit Integrated Controller "{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer "7-Zip" = 7-Zip 9.13 beta "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "CCleaner" = CCleaner "ENTERPRISE" = Microsoft Office Enterprise 2007 "ESET Online Scanner" = ESET Online Scanner v3 "HDMI" = Intel(R) Graphics Media Accelerator Driver "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie8" = Windows Internet Explorer 8 "InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery "Lexmark 1200 Series" = Lexmark 1200 Series "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft Security Client" = Microsoft Security Essentials "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11 "Ravensburger tiptoi" = Ravensburger tiptoi "SmartToolsLockOutlookv2.00" = SmartTools Publishing • Outlook LockOutlook "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 1.1.9 "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE) ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 24.01.2012 15:45:42 | Computer Name = IDEAPAD-S12 | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes Modul mshtml.dll, Version 8.0.6001.19170, Fehleradresse 0x00067978. Error - 25.01.2012 03:13:34 | Computer Name = IDEAPAD-S12 | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 3.0.8402.0, P3 timeout, P4 1.1.8001.0, P5 fixed, P6 2 _ 2048, P7 5 _ not boot, P8 NIL, P9 NIL, P10 NIL. Error - 26.01.2012 17:52:30 | Computer Name = IDEAPAD-S12 | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung sdupdate.exe, Version 1.6.0.12, fehlgeschlagenes Modul kernel32.dll, Version 5.1.2600.5781, Fehleradresse 0x00012afb. Error - 26.01.2012 17:53:09 | Computer Name = IDEAPAD-S12 | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung sdupdate.exe, Version 1.6.0.12, fehlgeschlagenes Modul kernel32.dll, Version 5.1.2600.5781, Fehleradresse 0x00012afb. Error - 26.01.2012 17:53:42 | Computer Name = IDEAPAD-S12 | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung sdupdate.exe, Version 1.6.0.12, fehlgeschlagenes Modul kernel32.dll, Version 5.1.2600.5781, Fehleradresse 0x00012afb. Error - 26.01.2012 17:54:14 | Computer Name = IDEAPAD-S12 | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung sdupdate.exe, Version 1.6.0.12, fehlgeschlagenes Modul kernel32.dll, Version 5.1.2600.5781, Fehleradresse 0x00012afb. Error - 26.01.2012 19:31:00 | Computer Name = IDEAPAD-S12 | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung SpybotSD.exe, Version 1.6.2.46, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 27.01.2012 11:04:07 | Computer Name = IDEAPAD-S12 | Source = crypt32 | ID = 131083 Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 27.01.2012 11:04:07 | Computer Name = IDEAPAD-S12 | Source = crypt32 | ID = 131083 Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 27.01.2012 16:36:54 | Computer Name = IDEAPAD-S12 | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung OTL.exe, Version 3.2.31.0, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. [ OSession Events ] Error - 28.12.2010 07:50:21 | Computer Name = IDEAPAD-S12 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2183 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 27.01.2012 16:20:38 | Computer Name = IDEAPAD-S12 | Source = SRService | ID = 104 Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen. Error - 27.01.2012 16:21:19 | Computer Name = IDEAPAD-S12 | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 27.01.2012 16:21:19 | Computer Name = IDEAPAD-S12 | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler beendet: %%5 Error - 27.01.2012 16:23:37 | Computer Name = IDEAPAD-S12 | Source = DCOM | ID = 10010 Description = Der Server "{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 27.01.2012 16:34:56 | Computer Name = IDEAPAD-S12 | Source = SRService | ID = 104 Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen. Error - 27.01.2012 16:34:56 | Computer Name = IDEAPAD-S12 | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler beendet: %%5 Error - 27.01.2012 16:42:03 | Computer Name = IDEAPAD-S12 | Source = SRService | ID = 104 Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen. Error - 27.01.2012 16:42:03 | Computer Name = IDEAPAD-S12 | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler beendet: %%5 Error - 27.01.2012 16:53:47 | Computer Name = IDEAPAD-S12 | Source = SRService | ID = 104 Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen. Error - 27.01.2012 16:53:48 | Computer Name = IDEAPAD-S12 | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler beendet: %%5 < End of report > GMER.log Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2012-01-27 22:12:40 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD16 rev.11.0 Running: tjc3ltwv.exe; Driver: C:\DOKUME~1\Sarah\LOKALE~1\Temp\uwrdrpow.sys ---- Kernel code sections - GMER 1.0.15 ---- .vmp2 C:\WINDOWS\system32\drivers\acedrv11.sys entry point in ".vmp2" section [0xA6EA769D] ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\SearchIndexer.exe[2992] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs tvtumon.sys (Windows Update Monitor Driver/Lenovo) AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat tvtumon.sys (Windows Update Monitor Driver/Lenovo) ---- EOF - GMER 1.0.15 ---- CCleaner intall.txt Code:
ATTFilter 7-Zip 9.13 beta Adobe Flash Player 10 Plugin Adobe Systems Incorporated 10.0.45.2 Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 11.0.1.152 Adobe Reader 9.5.0 - Deutsch Adobe Systems Incorporated 9.5.0 ALPS Touch Pad Driver Bonjour Apple Inc. 2.0.4.0 Broadcom Gigabit Integrated Controller Broadcom Corporation 10.52.04 Broadcom WLAN Lenovo Electronics Inc. 5.10.38.14 Round2 CCleaner Piriform 2.30 Energy Management Lenovo 3.0.2.5 ESET Online Scanner v3 HiJackThis Trend Micro 1.0.0 Intel(R) Graphics Media Accelerator Driver Intel(R) Matrix Storage Manager Intel Corporation Java(TM) 6 Update 26 Oracle 6.0.260 Lenovo Bluetooth with Enhanced Data Rate Software Lenovo. 5.5.0.6100 Lenovo Care System Update Lenovo 3.14.0024 Lenovo EasyCamera Vimicro Corporation 1.9.0217.01 Lenovo OneKey Recovery CyberLink Corp. 6.0.2215 Lenovo Quick Start DeviceVM, Inc. 1.1.8.7 Lenovo System Repair - Windows Update Monitor Lenovo 1.3.0.2127 Lexmark 1200 Series Malwarebytes Anti-Malware Version 1.60.0.1800 Malwarebytes Corporation 1.60.0.1800 Microsoft .NET Framework 2.0 Service Pack 2 Microsoft Corporation 2.2.30729 Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU Microsoft Corporation 2.2.30729 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft Corporation 3.2.30729 Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU Microsoft Corporation 3.2.30729 Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation Microsoft .NET Framework 3.5 SP1 Microsoft Corporation Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Corporation 1 Microsoft Office Enterprise 2007 Microsoft Corporation 12.0.6425.1000 Microsoft Office File Validation Add-In Microsoft Corporation 14.0.5130.5003 Microsoft Office Small Business Connectivity Components Microsoft Corporation 2.0.7024.0 Microsoft Security Essentials Microsoft Corporation 2.1.1116.0 Microsoft Silverlight Microsoft Corporation 4.0.60831.0 Microsoft SQL Server 2005 Microsoft Corporation Microsoft SQL Server Native Client Microsoft Corporation 9.00.5000.00 Microsoft SQL Server VSS Writer Microsoft Corporation 9.00.5000.00 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Corporation Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 8.0.61001 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 9.0.30729.6161 Microsoft-Basissmartcard-Kryptografiedienstanbieterpaket Microsoft Corporation MSXML 6.0 Parser Microsoft Corporation 6.10.1129.0 Protect Disc License Helper 1.0.125 (IE) Protect Disc 1.0.125 ProtectDisc Driver, Version 11 ProtectDisc Software GmbH 11.0.0.14 QuickTime Apple Inc. 7.69.80.9 Ravensburger tiptoi Realtek High Definition Audio Driver Realtek Semiconductor Corp. 5.10.0.5817 Security Update for Windows Search 4 - KB963093 Microsoft Corporation SmartTools Publishing • Outlook LockOutlook SmartTools Publishing v2.00 Spelling Dictionaries Support For Adobe Reader 9 Adobe Systems Incorporated 9.0.0 Spybot - Search & Destroy Safer Networking Limited 1.6.2 ThinkPad Energie-Manager 1.80 Uninstall 1.0.0.1 Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) Microsoft Corporation 9.00.5000.00 USB2.0 Card Reader Software Realtek Semiconductor Corp. 6.0.6000.81 VLC media player 1.1.9 VideoLAN 1.1.9 Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray Microsoft Corporation 1.0 Windows Genuine Advantage Validation Tool (KB892130) Microsoft Corporation Windows Internet Explorer 8 Microsoft Corporation 20090308.140743 Windows Media Format 11 runtime Windows Media Player 11 Windows Search 4.0 Microsoft Corporation 04.00.6001.503 Geändert von unwissende00 (27.01.2012 um 22:39 Uhr) |
29.01.2012, 18:14 | #7 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Kryptik und andere UNDINGER auf meinem nun leeren Rechner...Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
29.01.2012, 21:07 | #8 |
| Kryptik und andere UNDINGER auf meinem nun leeren Rechner... Ja die hatte ichim nachhinein gelöscht. Also jetzt ist wohl nichts mehr drauf... Allerdings sind alle meine dateien/ordner eigentlich alles immer noch versteckte ordner.Nur weil ich sie sichtbar gemacht habe,sind sie da. Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2012.01.28.03 Windows XP Service Pack 3 x86 FAT32 Internet Explorer 8.0.6001.18702 Sarah :: IDEAPAD-S12 [Administrator] Schutz: Aktiviert 29.01.2012 19:46:17 mbam-log-2012-01-29 (19-46-17).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 206913 Laufzeit: 1 Stunde(n), 2 Minute(n), 59 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Wie bekomme ich das wieder hin?? |
30.01.2012, 10:15 | #9 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Kryptik und andere UNDINGER auf meinem nun leeren Rechner... Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start wininit.exe userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
30.01.2012, 19:45 | #10 |
| Kryptik und andere UNDINGER auf meinem nun leeren Rechner... So hier die otl.txt datei [CODE]zzzzzzzzrhthgawsgtetvfwbgdmthfggfcxcfhtfthwerfdysdg4rdfaaaaaaaaassssssssssddddddOTL Logfile: Code:
ATTFilter OTL logfile created on: 30.01.2012 19:08:42 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Dokumente und Einstellungen\Sarah\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,49 Gb Total Physical Memory | 0,78 Gb Available Physical Memory | 52,55% Memory free 2,83 Gb Paging File | 2,19 Gb Available in Paging File | 77,52% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 103,89 Gb Total Space | 81,08 Gb Free Space | 78,04% Space Free | Partition Type: FAT32 Drive D: | 30,38 Gb Total Space | 29,40 Gb Free Space | 96,77% Space Free | Partition Type: NTFS Computer Name: IDEAPAD-S12 | User Name: Sarah | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.01.27 21:28:10 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sarah\Desktop\OTL.exe PRC - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.12.24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.04.27 15:39:26 | 000,011,736 | -H-- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe PRC - [2011.04.08 12:59:52 | 000,254,696 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2010.05.30 21:53:18 | 000,187,456 | -H-- | M] (DATA BECKER GmbH & Co KG) -- C:\Programme\Gemeinsame Dateien\DATA BECKER Shared\DBService.exe PRC - [2010.03.03 01:20:00 | 000,132,456 | -H-- | M] (Lenovo.) -- C:\Programme\ThinkPad\Utilities\DOZESVC.EXE PRC - [2010.03.03 01:20:00 | 000,053,248 | -H-- | M] () -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe PRC - [2009.06.12 10:55:48 | 000,028,672 | -H-- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\System Update\SUService.exe PRC - [2009.03.26 10:20:40 | 000,315,392 | -H-- | M] (DeviceVM) -- C:\QSTART.SYS\config\DVMExportService.exe PRC - [2009.02.11 04:13:52 | 000,532,480 | -H-- | M] (Vimicro) -- C:\Programme\USB Camera\VM331_STI.EXE PRC - [2009.01.16 17:56:42 | 000,346,720 | -H-- | M] (Broadcom Corporation.) -- C:\Programme\Lenovo\Bluetooth Software\bin\btwdins.exe PRC - [2009.01.04 12:57:28 | 004,462,464 | -H-- | M] (Lenovo(Beijing)Limited) -- C:\Program Files\Lenovo\Energy Management\utility.exe PRC - [2008.12.26 10:05:46 | 001,277,952 | -H-- | M] (Lenovo (Beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\Energy Management.exe PRC - [2008.09.27 11:00:24 | 000,430,080 | -H-- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe PRC - [2008.07.20 17:45:06 | 000,354,840 | -H-- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2008.07.20 17:45:06 | 000,182,808 | -H-- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2008.04.14 04:00:00 | 001,036,800 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008.03.04 10:34:20 | 000,487,424 | -H-- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe PRC - [2008.03.04 10:34:12 | 001,122,304 | -H-- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe PRC - [2007.09.26 17:34:46 | 000,644,408 | -H-- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe PRC - [2006.07.13 13:33:14 | 000,053,248 | -H-- | M] (Lexmark International, Inc.) -- C:\Programme\Lexmark 1200 Series\lxczbmon.exe PRC - [2006.07.13 13:26:10 | 000,057,344 | -H-- | M] (Lexmark International, Inc.) -- C:\Programme\Lexmark 1200 Series\lxczbmgr.exe ========== Modules (No Company Name) ========== MOD - [2011.10.14 17:33:20 | 000,212,992 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll MOD - [2011.10.14 17:28:48 | 005,450,752 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll MOD - [2011.10.14 17:28:16 | 007,950,848 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll MOD - [2011.10.14 17:27:36 | 011,490,816 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll MOD - [2010.04.21 17:48:30 | 000,315,392 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.04.21 17:48:24 | 000,040,960 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll MOD - [2010.03.03 01:20:00 | 000,053,248 | -H-- | M] () -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe MOD - [2010.03.03 01:20:00 | 000,043,008 | -H-- | M] () -- C:\Programme\ThinkPad\Utilities\GR\PWRMGRRT.DLL MOD - [2009.02.27 16:41:26 | 000,311,296 | -H-- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU MOD - [2008.05.21 17:33:22 | 000,045,056 | -H-- | M] () -- C:\Program Files\Lenovo\Energy Management\KbdHook.dll MOD - [2008.01.03 19:23:06 | 000,167,936 | -H-- | M] () -- C:\Program Files\Lenovo\OneKey App\System Repair\LenovoAPI.dll MOD - [2007.08.21 13:32:44 | 000,098,304 | -H-- | M] () -- C:\WINDOWS\system32\redmonnt.dll MOD - [2006.01.19 12:33:38 | 000,078,336 | -H-- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LXCZPP5C.DLL MOD - [2005.06.24 03:05:02 | 000,045,056 | -H-- | M] () -- C:\Program Files\Lenovo\Energy Management\HookLib.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - File not found [On_Demand | Stopped] -- -- (gupdatem) Google Update-Dienst (gupdatem) SRV - File not found [Auto | Stopped] -- -- (gupdate) Google Update Service (gupdate) SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt) SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.04.27 15:39:26 | 000,011,736 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) SRV - [2010.05.30 21:53:18 | 000,187,456 | -H-- | M] (DATA BECKER GmbH & Co KG) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\DATA BECKER Shared\DBService.exe -- (DBService) SRV - [2010.03.03 01:20:00 | 000,132,456 | -H-- | M] (Lenovo.) [Auto | Running] -- C:\Programme\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc) SRV - [2010.03.03 01:20:00 | 000,053,248 | -H-- | M] () [Auto | Running] -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service) SRV - [2009.06.12 10:55:48 | 000,028,672 | -H-- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\System Update\SUService.exe -- (SUService) SRV - [2009.03.26 10:20:40 | 000,315,392 | -H-- | M] (DeviceVM) [Auto | Running] -- C:\QSTART.SYS\config\DVMExportService.exe -- (DvmMDES) SRV - [2009.01.16 17:56:42 | 000,346,720 | -H-- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\Lenovo\Bluetooth Software\bin\btwdins.exe -- (btwdins) SRV - [2008.11.04 01:06:28 | 000,441,712 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008.09.27 11:00:24 | 000,430,080 | -H-- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe -- (System_Repair_UpdateMonitor) SRV - [2008.07.20 17:45:06 | 000,354,840 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2008.03.04 10:34:12 | 001,122,304 | -H-- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler) SRV - [2007.09.26 17:34:46 | 000,644,408 | -H-- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service) SRV - [2006.10.26 14:03:08 | 000,145,184 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2010.03.03 01:20:00 | 000,024,304 | -H-- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\DozeHDD.sys -- (DozeHDD) DRV - [2010.03.03 01:20:00 | 000,004,442 | -H-- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF) DRV - [2010.02.24 12:22:10 | 000,185,472 | -H-- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acedrv11.sys -- (acedrv11) DRV - [2009.05.08 03:06:10 | 000,203,312 | -H-- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2009.03.02 08:57:22 | 000,995,328 | -H-- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vm331avs.sys -- (vm331avs) DRV - [2009.02.03 07:42:32 | 000,162,816 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2009.01.07 23:19:00 | 000,991,784 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2008.10.30 21:19:16 | 000,047,272 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2008.09.10 19:14:48 | 001,386,624 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2008.08.28 18:39:08 | 000,048,192 | -H-- | M] (Lenovo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tvtumon.sys -- (tvtumon) DRV - [2008.07.24 10:37:12 | 000,156,816 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS) DRV - [2008.05.30 04:46:14 | 000,534,568 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio) DRV - [2008.04.02 08:00:02 | 005,056,000 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008.04.02 08:00:02 | 001,684,736 | -H-- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2008.04.02 08:00:02 | 001,389,056 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) DRV - [2008.02.04 09:57:46 | 000,037,160 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver) DRV - [2008.01.11 14:58:42 | 000,009,472 | -H-- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AcpiVpc.sys -- (ACPIVPC) DRV - [2008.01.10 10:59:08 | 000,081,192 | -H-- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WSVD.sys -- (WSVD) DRV - [2007.09.17 13:00:12 | 000,161,792 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2007.05.23 16:33:58 | 000,128,104 | -H-- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr) DRV - [2007.02.19 07:56:46 | 000,021,376 | -H-- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Programme\Google\Update\1.2.183.29\npGoogleOneClick8.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( ) O1 HOSTS File: ([2012.01.26 23:55:34 | 000,392,788 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 13564 more lines... O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found. O4 - HKLM..\Run: [331BigDog] C:\Programme\USB Camera\VM331_STI.EXE (Vimicro) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [Lexmark 1200 Series] C:\Programme\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil11c_ActiveX.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0 O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_93C8148BBB233F43.dll/cmsidewiki.html File not found O8 - Extra context menu item: Mit FRITZ!Box Anrufen - Reg Error: Value error. File not found O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: LENOVO - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - hxxp://www.lenovo.com File not found O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1271851683671 (MUWebControl Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{84753FCB-80EF-4817-88AB-33A577F161E8}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Sarah\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Sarah\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.07.03 00:42:14 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ] O33 - MountPoints2\{833f6520-48ea-11dd-a2d1-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{833f6520-48ea-11dd-a2d1-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{833f6520-48ea-11dd-a2d1-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe O33 - MountPoints2\{8af4ed36-47d3-11e0-9aab-002100edc2b5}\Shell - "" = AutoRun O33 - MountPoints2\{8af4ed36-47d3-11e0-9aab-002100edc2b5}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{8af4ed36-47d3-11e0-9aab-002100edc2b5}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - File not found NetSvcs: HidServ - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 SafeBootMin: AppMgmt - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: MsMpSvc - c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: AppMgmt - File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: MsMpSvc - c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.0 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ActiveX: Microsoft Base Smart Card Crypto Provider Package - Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm () Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2012.01.27 22:35:18 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Sarah\Recent [2012.01.27 21:28:00 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sarah\Desktop\OTL.exe [2012.01.27 16:04:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Malwarebytes [2012.01.27 16:03:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.01.27 16:03:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.01.27 16:03:42 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.01.27 16:03:42 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.01.27 15:42:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sarah\Desktop\hijack [2012.01.27 15:41:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sarah\Startmenü\Programme\HiJackThis [2012.01.27 15:41:10 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro [2012.01.27 07:08:40 | 000,000,000 | -HSD | C] -- C:\FOUND.014 [2012.01.26 21:45:53 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2012.01.26 09:45:26 | 000,000,000 | -HSD | C] -- C:\FOUND.013 [2012.01.24 21:24:47 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Sarah\.thumbnails [2012.01.17 16:19:22 | 000,000,000 | -HSD | C] -- C:\FOUND.012 [2012.01.15 21:33:49 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Sarah\Desktop\HOCHZEIT [2012.01.11 10:46:48 | 000,000,000 | -HSD | C] -- C:\FOUND.011 [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.01.30 19:30:30 | 000,000,382 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job [2012.01.30 19:29:02 | 000,001,088 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.01.30 19:08:24 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx [2012.01.29 21:06:38 | 000,146,589 | ---- | M] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\Unbenannt.PNG [2012.01.29 20:58:34 | 000,077,634 | ---- | M] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\das ist alles.pdf [2012.01.28 12:48:40 | 000,000,056 | -HS- | M] () -- C:\_PartitionInfo [2012.01.28 12:48:08 | 000,001,084 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.01.28 12:47:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.01.27 21:36:22 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\tjc3ltwv.exe [2012.01.27 21:34:54 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.01.27 21:28:10 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sarah\Desktop\OTL.exe [2012.01.27 21:27:38 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Sarah\defogger_reenable [2012.01.27 21:26:12 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\Defogger.exe [2012.01.27 16:03:58 | 000,000,660 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.01.26 22:07:30 | 000,001,434 | ---- | M] () -- C:\WINDOWS\System32\drivers\slkjsdth.dat [2012.01.26 09:46:08 | 003,610,120 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.01.22 11:45:22 | 000,036,877 | -H-- | M] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\Bild 049.jpg [2012.01.08 08:01:22 | 000,535,426 | -H-- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.01.08 08:01:22 | 000,483,380 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.01.08 08:01:22 | 000,115,726 | -H-- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.01.08 08:01:22 | 000,087,090 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.01.29 21:06:36 | 000,146,589 | ---- | C] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\Unbenannt.PNG [2012.01.29 20:58:31 | 000,077,634 | ---- | C] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\das ist alles.pdf [2012.01.27 21:36:06 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\tjc3ltwv.exe [2012.01.27 21:27:36 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Sarah\defogger_reenable [2012.01.27 21:26:16 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\Defogger.exe [2012.01.27 16:03:56 | 000,000,660 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.01.27 00:57:30 | 000,000,177 | -H-- | C] () -- C:\dvmexp.idx [2012.01.26 22:07:28 | 000,001,434 | ---- | C] () -- C:\WINDOWS\System32\drivers\slkjsdth.dat [2012.01.22 11:45:20 | 000,036,877 | -H-- | C] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\Bild 049.jpg [2011.04.11 21:17:31 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2011.03.06 15:14:49 | 000,027,648 | -H-- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2010.11.27 17:20:12 | 000,098,304 | -H-- | C] () -- C:\WINDOWS\System32\redmonnt.dll [2010.08.15 16:50:41 | 000,014,336 | -H-- | C] () -- C:\Dokumente und Einstellungen\Sarah\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.07.05 11:15:29 | 000,000,076 | -H-- | C] () -- C:\WINDOWS\dellstat.ini [2010.07.05 11:13:51 | 000,000,393 | -H-- | C] () -- C:\WINDOWS\lexstat.ini [2010.07.05 11:12:07 | 000,155,648 | -H-- | C] () -- C:\WINDOWS\System32\LEXPING.EXE [2010.07.05 11:12:07 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\lxczvs.dll [2010.07.05 11:12:07 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\INSTMON.EXE [2010.07.05 11:10:46 | 000,000,270 | -H-- | C] () -- C:\WINDOWS\System32\lxczcoin.ini [2010.06.09 14:53:24 | 001,126,560 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2010.04.23 04:31:02 | 000,065,308 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2010.04.21 15:36:44 | 000,196,608 | -H-- | C] () -- C:\WINDOWS\PWMBTHLP.EXE [2010.04.21 15:36:43 | 000,004,442 | -H-- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS [2010.04.21 13:13:32 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat [2009.06.21 21:52:10 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini [2009.06.21 17:03:16 | 000,036,864 | -H-- | C] () -- C:\WINDOWS\setbt.exe [2009.06.21 16:20:14 | 009,338,880 | -H-- | C] () -- C:\WINDOWS\System32\Facev.dll [2009.06.21 16:20:14 | 000,495,616 | -H-- | C] () -- C:\WINDOWS\System32\picn.dll [2009.06.21 16:20:14 | 000,208,896 | -H-- | C] () -- C:\WINDOWS\System32\image.dll [2009.06.21 16:20:13 | 001,564,672 | -H-- | C] () -- C:\WINDOWS\System32\MainOp.dll [2009.06.21 16:20:13 | 000,655,360 | -H-- | C] () -- C:\WINDOWS\System32\EncIcons.dll [2009.06.21 16:20:13 | 000,507,904 | -H-- | C] () -- C:\WINDOWS\System32\SimpleExt.dll [2009.06.21 16:20:13 | 000,241,752 | -H-- | C] () -- C:\WINDOWS\System32\IcnOvrly.dll [2009.06.21 16:20:13 | 000,221,184 | -H-- | C] () -- C:\WINDOWS\System32\SetDev.dll [2009.06.21 16:20:13 | 000,126,976 | -H-- | C] () -- C:\WINDOWS\System32\VideoOp.dll [2009.06.21 16:20:13 | 000,053,248 | -H-- | C] () -- C:\WINDOWS\System32\FunFrm.dll [2009.06.21 16:20:12 | 009,502,720 | -H-- | C] () -- C:\WINDOWS\System32\FaceVerify.dll [2009.06.21 16:20:12 | 001,974,272 | -H-- | C] () -- C:\WINDOWS\System32\Imagereog.dll [2009.06.21 16:20:12 | 001,167,360 | -H-- | C] () -- C:\WINDOWS\System32\PicNotify.dll [2009.06.21 16:20:12 | 000,974,848 | -H-- | C] () -- C:\WINDOWS\System32\Apblend.dll [2009.06.21 16:20:12 | 000,094,208 | -H-- | C] () -- C:\WINDOWS\System32\Momo.dll [2009.06.21 16:20:12 | 000,049,152 | -H-- | C] () -- C:\WINDOWS\System32\DevFilt.dll [2009.06.21 16:20:10 | 000,241,664 | -H-- | C] () -- C:\WINDOWS\System32\3DImageRenderer.dll [2009.06.21 15:57:32 | 000,001,282 | -H-- | C] () -- C:\WINDOWS\vm331Rmv.ini [2009.06.21 15:46:32 | 000,147,456 | -H-- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll [2009.01.16 17:55:38 | 002,854,976 | -H-- | C] () -- C:\WINDOWS\System32\btwicons.dll [2008.11.07 18:08:20 | 000,362,029 | -H-- | C] () -- C:\WINDOWS\System32\sqlite3.dll [2008.07.21 18:30:37 | 000,001,650 | -H-- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2008.07.03 01:34:14 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI [2008.07.03 01:33:08 | 003,610,120 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2008.07.03 00:44:15 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2008.07.03 00:39:50 | 000,021,740 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2008.05.26 22:23:36 | 000,016,834 | -H-- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2008.05.26 22:23:34 | 000,024,188 | -H-- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2008.05.26 22:23:32 | 000,016,568 | -H-- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2008.05.26 21:59:42 | 000,018,904 | -H-- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin [2008.05.26 21:59:40 | 000,106,605 | -H-- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin [2008.04.14 04:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat [2008.04.14 04:00:00 | 000,535,426 | -H-- | C] () -- C:\WINDOWS\System32\perfh007.dat [2008.04.14 04:00:00 | 000,483,380 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat [2008.04.14 04:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat [2008.04.14 04:00:00 | 000,269,480 | -H-- | C] () -- C:\WINDOWS\System32\perfi007.dat [2008.04.14 04:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat [2008.04.14 04:00:00 | 000,115,726 | -H-- | C] () -- C:\WINDOWS\System32\perfc007.dat [2008.04.14 04:00:00 | 000,087,090 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat [2008.04.14 04:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin [2008.04.14 04:00:00 | 000,034,478 | -H-- | C] () -- C:\WINDOWS\System32\perfd007.dat [2008.04.14 04:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat [2008.04.14 04:00:00 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat [2008.04.14 04:00:00 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\Dcache.bin [2008.04.14 04:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat [2001.11.14 12:56:00 | 001,802,240 | -H-- | C] () -- C:\WINDOWS\System32\lcppn21.dll [2001.10.09 23:36:22 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin [2001.10.09 23:35:30 | 000,004,492 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat ========== LOP Check ========== [2010.04.21 15:29:54 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCDr [2010.04.22 00:32:52 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Azureus [2010.04.22 01:09:50 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Laplink [2010.04.22 01:10:10 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spearit [2010.04.23 10:46:18 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ [2010.04.29 09:30:22 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010.05.30 21:53:16 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DATA BECKER Downloads [2010.06.12 13:30:14 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} [2010.06.12 13:30:22 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2010.08.27 12:07:56 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MySQL [2011.01.19 21:07:16 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular [2011.12.24 08:17:10 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RavensburgerTipToi [2010.04.21 14:48:02 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Windows Desktop Search [2010.04.21 15:01:48 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Windows Search [2010.04.22 01:10:10 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Spearit [2010.05.30 21:52:40 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\ProtectDisc [2010.05.31 07:56:12 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\mresreg [2010.06.01 21:41:38 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\VSO [2010.06.10 13:50:04 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\SmartTools [2010.06.12 13:30:48 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\TuneUp Software [2010.08.21 08:25:08 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\OCS [2011.12.24 08:17:10 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\RavensburgerTipToi [2012.01.30 19:30:30 | 000,000,382 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job [2011.08.05 20:26:04 | 000,000,300 | -H-- | M] () -- C:\WINDOWS\Tasks\PMTask.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2008.07.03 00:45:32 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Identities [2009.06.21 15:43:06 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\InstallShield [2008.07.03 00:52:08 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Microsoft [2010.04.21 12:21:04 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Adobe [2010.04.21 14:48:02 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Windows Desktop Search [2010.04.21 15:01:48 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Windows Search [2010.04.21 15:25:00 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Macromedia [2010.04.22 01:10:10 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Spearit [2010.04.23 06:15:38 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Help [2010.05.30 21:52:40 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\ProtectDisc [2010.05.31 07:56:12 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\mresreg [2010.06.01 21:41:38 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\VSO [2010.06.10 13:50:04 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\SmartTools [2010.06.12 13:30:48 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\TuneUp Software [2010.08.21 08:25:08 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\OCS [2010.09.08 22:24:36 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Sun [2011.05.02 18:55:04 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\vlc [2011.12.24 08:17:10 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\RavensburgerTipToi [2012.01.27 16:04:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Malwarebytes < %APPDATA%\*.exe /s > [2012.01.27 15:41:16 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe [2010.08.21 08:25:08 | 000,106,496 | -H-- | M] (OCS) -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\OCS\SM\SearchAnonymizer.exe [2010.08.21 08:25:08 | 000,040,960 | -H-- | M] () -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\OCS\SM\SearchAnonymizerHelper.exe [2009.07.22 17:28:36 | 000,477,976 | -H-- | M] (Protect GmbH) -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\ProtectDisc\License Helper v2\PDLicenseHelperBroker.exe [2010.05.30 21:52:44 | 000,059,043 | -H-- | M] () -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\ProtectDisc\License Helper v2\uninst.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.04.14 04:00:00 | 020,108,202 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2008.04.13 14:06:40 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys [2008.04.13 14:06:40 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\AGP440.SYS < MD5 for: ATAPI.SYS > [2008.04.14 04:00:00 | 020,108,202 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008.04.14 00:10:32 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys [2008.04.14 00:10:32 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2008.04.13 14:10:32 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 04:00:00 | 000,056,320 | -H-- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\dllcache\eventlog.dll [2008.04.14 04:00:00 | 000,056,320 | -H-- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll < MD5 for: IASTOR.SYS > [2008.07.20 17:44:44 | 000,324,120 | -H-- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\Programme\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [2008.07.20 17:44:44 | 000,324,120 | -H-- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\WINDOWS\system32\drivers\iaStor.sys [2008.07.20 17:44:44 | 000,324,120 | -H-- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\WINDOWS\system32\DRVSTORE\iaAHCI_80FADF59B996DEF517513B0713A4AB06CE0D38E2\iaStor.sys [2008.07.20 17:44:54 | 000,402,456 | -H-- | M] (Intel Corporation) MD5=FC28E90F2204D8FD147FA9BFA8A51C01 -- C:\Programme\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys < MD5 for: NETLOGON.DLL > [2008.04.14 04:00:00 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\dllcache\netlogon.dll [2008.04.14 04:00:00 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 04:00:00 | 000,187,904 | -H-- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\dllcache\scecli.dll [2008.04.14 04:00:00 | 000,187,904 | -H-- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll < MD5 for: USER32.DLL > [2008.04.14 04:00:00 | 000,580,096 | -H-- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\dllcache\user32.dll [2008.04.14 04:00:00 | 000,580,096 | -H-- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 04:00:00 | 000,026,624 | -H-- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe [2008.04.14 04:00:00 | 000,026,624 | -H-- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008.04.14 04:00:00 | 000,513,024 | -H-- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe [2008.04.14 04:00:00 | 000,513,024 | -H-- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.04.14 04:00:00 | 000,012,032 | -H-- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2008.04.14 04:00:00 | 000,012,032 | -H-- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [1 C:\WINDOWS\system32\drivers\*.tmp files -> C:\WINDOWS\system32\drivers\*.tmp -> ] < %systemroot%\System32\config\*.sav > [2008.07.03 02:32:28 | 000,094,208 | -H-- | M] () -- C:\WINDOWS\System32\config\default.sav [2008.07.03 02:32:28 | 001,069,056 | -H-- | M] () -- C:\WINDOWS\System32\config\software.sav [2008.07.03 02:32:26 | 000,471,040 | -H-- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < End of report > UND? wie siehts aus??? OH MEIN GOTT: - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com Wo kommen die denn her???????????????????????????? DA werde ich mit meinemMAnn aber ein Wort reden......... Geändert von unwissende00 (30.01.2012 um 19:50 Uhr) |
30.01.2012, 22:05 | #11 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Kryptik und andere UNDINGER auf meinem nun leeren Rechner...Zitat:
Mit deinem Mann brauchst du nicht zu reden, die Einträge sorgen eben dafür dass o.g. Seiten NICHTMEHR aufrufbar sind!
__________________ Logfiles bitte immer in CODE-Tags posten |
31.01.2012, 08:48 | #12 |
| Kryptik und andere UNDINGER auf meinem nun leeren Rechner... aha... ;-) IS klar... naja soll mir erstmal egal sein. Ist der Rechner jetzt sauber??? Bzw. wieso sind alle Dateien immer noch "versteckt"??? |
31.01.2012, 09:19 | #13 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Kryptik und andere UNDINGER auf meinem nun leeren Rechner... Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found. O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_93C8148BBB233F43.dll/cmsidewiki.html File not found O8 - Extra context menu item: Mit FRITZ!Box Anrufen - Reg Error: Value error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.07.03 00:42:14 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ] O33 - MountPoints2\{833f6520-48ea-11dd-a2d1-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{833f6520-48ea-11dd-a2d1-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{833f6520-48ea-11dd-a2d1-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe O33 - MountPoints2\{8af4ed36-47d3-11e0-9aab-002100edc2b5}\Shell - "" = AutoRun O33 - MountPoints2\{8af4ed36-47d3-11e0-9aab-002100edc2b5}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{8af4ed36-47d3-11e0-9aab-002100edc2b5}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence [2012.01.30 19:30:30 | 000,000,382 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job [2011.08.05 20:26:04 | 000,000,300 | -H-- | M] () -- C:\WINDOWS\Tasks\PMTask.job :Files C:\FOUND.??? C:\dvmexp.idx C:\WINDOWS\System32\drivers\slkjsdth.dat :Commands [emptytemp] [resethosts] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
31.01.2012, 22:13 | #14 |
| Kryptik und andere UNDINGER auf meinem nun leeren Rechner... Ich habe es jetzt 2 Mal probiert. Erst passiert gar nichts groß und dann hängt sich das Programm auf. (KEINE RÜCKMELDUNG) Was nun?? |
31.01.2012, 22:27 | #15 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Kryptik und andere UNDINGER auf meinem nun leeren Rechner... Probier es im abgesicherten Modus bitte aus
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Kryptik und andere UNDINGER auf meinem nun leeren Rechner... |
adobe, becker, bho, bildschirm, bonjour, browser, dll, einstellungen, explorer, hijackthis, hkus\s-1-5-18, internet, internet explorer, kryptik, lenovo, logfile, löschen, microsoft security, microsoft security essentials, object, performance, plug-in, programme, registry, rundll, security, senden, server, system, usb, windows, windows xp |