| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU-Trojaner nach Systemwiederherstellung entfernt?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
24.01.2013, 17:23
| #31 |
 |  GVU-Trojaner nach Systemwiederherstellung entfernt? Avira hat die Host-Dateien blockiert - vermute ich mal, da der Zugriff verweigert wurde... Code:
ATTFilter All processes killed
========== OTL ==========
Prefs.js: "Winload Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\wmipz1d0.default\searchplugins\conduit.xml moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Auflösungscache wurde geleert.
C:\Dokumente und Einstellungen\****\Desktop\cmd.bat deleted successfully.
C:\Dokumente und Einstellungen\****\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: ****
->Temp folder emptied: 33910 bytes
->Temporary Internet Files folder emptied: 12845118 bytes
->Java cache emptied: 122701730 bytes
->FireFox cache emptied: 67813731 bytes
->Google Chrome cache emptied: 57803714 bytes
->Flash cache emptied: 1692 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 434 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16867 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 249,00 mb
File move failed. C:\WINDOWS\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!
OTL by OldTimer - Version 3.2.69.0 log created on 01242013_171257
Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\System32\drivers\etc\Hosts scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
24.01.2013, 21:10
| #32 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | GVU-Trojaner nach Systemwiederherstellung entfernt? Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren
__________________Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ |
|
25.01.2013, 13:08
| #33 |
| | GVU-Trojaner nach Systemwiederherstellung entfernt? ESET hat wasa gefunden - ist immernoch diese seltsame Datei:
__________________Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.25.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 7.0.5730.11 **** :: LENOVO-DDD3664B [Administrator] 25.01.2013 10:48:49 mbam-log-2013-01-25 (10-48-49).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 239940 Laufzeit: 4 Minute(n), 26 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6889
# api_version=3.0.2
# EOSSerial=25241cf5b7c3e246af68d66ca6fcfa6d
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-01-25 11:22:31
# local_time=2013-01-25 12:22:31 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1799 16775165 100 97 5916 224536241 2262 0
# scanned=137576
# found=1
# cleaned=0
# scan_time=4419
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dsgsdgdsgdsgw.js Win32/Reveton.N trojan B8B91B5FF50F573244AEFB9E168A8C4E57721501 I
|
|
25.01.2013, 13:30
| #34 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU-Trojaner nach Systemwiederherstellung entfernt? Das ist nur ein Überrest, einfach löschen Eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
25.01.2013, 13:54
| #35 |
| | GVU-Trojaner nach Systemwiederherstellung entfernt? OTL Logfile: Code:
ATTFilter OTL logfile created on: 25.01.2013 13:40:38 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\****\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,98 Gb Total Physical Memory | 1,05 Gb Available Physical Memory | 53,06% Memory free 3,83 Gb Paging File | 2,92 Gb Available in Paging File | 76,37% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 142,51 Gb Total Space | 82,98 Gb Free Space | 58,23% Space Free | Partition Type: NTFS Drive E: | 3,81 Gb Total Space | 3,40 Gb Free Space | 89,06% Space Free | Partition Type: FAT32 Computer Name: LENOVO-DDD3664B | User Name: **** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\****\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Dokumente und Einstellungen\****\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) PRC - C:\Programme\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) PRC - C:\Programme\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited) PRC - C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation) PRC - C:\Programme\Lenovo\Client Security Solution\tvtpwm_tray.exe (Lenovo Group Limited) PRC - C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited) PRC - C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo ) PRC - C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo ) PRC - C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo ) PRC - C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo ) PRC - C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo ) PRC - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) PRC - c:\Programme\Lenovo\System Update\SUService.exe (Lenovo Group Limited) PRC - C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation) PRC - c:\Programme\LRZ VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) PRC - C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Programme\ThinkPad\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) PRC - C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.) PRC - C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited) PRC - c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe () PRC - C:\Programme\Gemeinsame Dateien\Lenovo\Logger\logmon.exe () PRC - C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe () PRC - C:\WINDOWS\system32\IPSSVC.EXE (Lenovo Group Limited) PRC - C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) PRC - C:\Programme\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited) PRC - C:\Programme\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited) PRC - C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation) PRC - C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation) PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions) PRC - C:\Programme\Gemeinsame Dateien\Installshield\UpdateService\issch.exe (InstallShield Software Corporation) ========== Modules (No Company Name) ========== MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_a4652f28\mscorlib.dll () MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_a51affbd\system.dll () MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll () MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll () MOD - C:\Programme\Notepad++\NppShell_04.dll () MOD - C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll () MOD - C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll () MOD - C:\Programme\Logitech\LWS\Webcam Software\QTXml4.dll () MOD - C:\Programme\Logitech\LWS\Webcam Software\QtNetwork4.dll () MOD - C:\Programme\Logitech\LWS\Webcam Software\QTGui4.dll () MOD - C:\Programme\Logitech\LWS\Webcam Software\QTCore4.dll () MOD - C:\Programme\WinRAR\RarExt.dll () MOD - C:\WINDOWS\system32\nview.dll () MOD - C:\WINDOWS\system32\nvshell.dll () MOD - C:\Programme\ThinkPad\Utilities\PWRMGRIF.DLL () MOD - C:\Programme\ThinkPad\Utilities\GR\PWRMGRRT.DLL () MOD - C:\Programme\Gemeinsame Dateien\Lenovo\xml4cmessages5_5.dll () MOD - C:\Programme\Intel\Wireless\Bin\iWMSProv.dll () MOD - C:\WINDOWS\system32\vpnapi.dll () MOD - C:\Programme\Intel\Wireless\Bin\acAuth.dll () MOD - C:\WINDOWS\system32\btwicons.dll () MOD - C:\Programme\ThinkPad\Bluetooth Software\BTKeyInd.dll () MOD - C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe () MOD - C:\Programme\Gemeinsame Dateien\Lenovo\Logger\logmon.exe () MOD - C:\Programme\Lenovo\Rescue and Recovery\CDRecord.dll () MOD - C:\Programme\Gemeinsame Dateien\Lenovo\CDRecord.dll () MOD - C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe () MOD - C:\Programme\Lenovo\HOTKEY\HKVOLKEY.dll () MOD - C:\Programme\Lenovo\HOTKEY\tphklock.dll () MOD - C:\Programme\Lenovo\HOTKEY\TPOSDSVC.dll () MOD - C:\Programme\Lenovo\HOTKEY\notifyf2.dll () MOD - c:\windows\assembly\gac\system.serviceprocess\1.0.5000.0__b03f5f7f11d50a3a\system.serviceprocess.dll () ========== Services (SafeList) ========== SRV - (LiveUpdate Notice Ex) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe /h ccCommon File not found SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (spupdsvc) -- C:\WINDOWS\system32\spupdsvc.exe (Microsoft Corporation) SRV - (LVPrcSrv) -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (LiveUpdate Notice Service) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation) SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation) SRV - (ThinkVantage Registry Monitor Service) -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited) SRV - (AcPrfMgrSvc) -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo ) SRV - (AcSvc) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo ) SRV - (SUService) -- c:\Programme\Lenovo\System Update\SUService.exe (Lenovo Group Limited) SRV - (CVPND) -- c:\Programme\LRZ VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (btwdins) -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.) SRV - (TVT Scheduler) -- c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited) SRV - (TVT Backup Protection Service) -- C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe () SRV - (tvtnetwk) -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe () SRV - (IPSSVC) -- C:\WINDOWS\system32\IPSSVC.EXE (Lenovo Group Limited) SRV - (IviRegMgr) -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (Diskeeper) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\Installshield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (WMConnectCDS) -- C:\Programme\Windows Media Connect 2\wmccds.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (UIUSys) -- system32\DRIVERS\UIUSYS.SYS File not found DRV - (TVTPktFilter) -- system32\DRIVERS\tvtpktfilter.sys File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (CrystalSysInfo) -- C:\Programme\MediaCoder PMP Edition\SysInfo.sys File not found DRV - (Changer) -- File not found DRV - (catchme) -- C:\ComboFix\catchme.sys File not found DRV - (aoqcrydx) -- File not found DRV - (mbamchameleon) -- C:\WINDOWS\system32\drivers\mbamchameleon.sys () DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (LVUVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.) DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.) DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys () DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys () DRV - (Revoflt) -- C:\WINDOWS\system32\drivers\revoflt.sys (VS Revo Group) DRV - (TPPWRIF) -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS () DRV - (TSMAPIP) -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS () DRV - (Shockprf) -- C:\WINDOWS\system32\drivers\ApsX86.sys (Lenovo.) DRV - (TPDIGIMN) -- C:\WINDOWS\system32\drivers\ApsHM86.sys (Lenovo.) DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC) DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC) DRV - (TVTI2C) -- C:\WINDOWS\system32\drivers\tvti2c.sys (Lenovo (United States) Inc.) DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.) DRV - (NETw4x32) -- C:\WINDOWS\system32\drivers\NETw4x32.sys (Intel Corporation) DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (IBMTPCHK) -- C:\WINDOWS\system32\drivers\IBMBLDID.sys () DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation) DRV - (smihlp) -- C:\Programme\Gemeinsame Dateien\ThinkVantage Fingerprint Software\Drivers\smihlp.sys (UPEK Inc.) DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.) DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.) DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (PROCDD) -- C:\WINDOWS\system32\drivers\PROCDD.SYS (Lenovo Group Limited) DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions) DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions) DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions) DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions) DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions) DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions) DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions) DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions) DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions) DRV - (ANC) -- C:\WINDOWS\system32\drivers\ANC.sys (IBM Corp.) DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs LLC) DRV - (G400) -- C:\WINDOWS\system32\drivers\G400m.sys (Matrox Graphics Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=LENIE IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data] IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data] IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3660004609-3411007303-2895799563-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-3660004609-3411007303-2895799563-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-3660004609-3411007303-2895799563-1008\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3660004609-3411007303-2895799563-1008\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-3660004609-3411007303-2895799563-1008\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-3660004609-3411007303-2895799563-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3660004609-3411007303-2895799563-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..extensions.enabledAddons: jqs%40sun.com:1.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..network.proxy.autoconfig_url: "hxxp://pac.lrz-muenchen.de/" FF - prefs.js..network.proxy.type: 2 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Dokumente und Einstellungen\****\Anwendungsdaten\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\WINDOWS\system32\TVUAx\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Dokumente und Einstellungen\****\Anwendungsdaten\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.01.21 20:55:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.01.21 20:55:09 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{FCF36B88-1BBA-487f-B64B-D2E8980A9293}: C:\Programme\Lenovo\Client Security Solution\PWM Firefox Extension [2008.10.11 14:46:01 | 000,000,000 | ---D | M] [2008.10.11 12:51:22 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Extensions [2012.10.25 21:37:43 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\wmipz1d0.default\extensions [2010.04.27 14:56:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\wmipz1d0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013.01.21 20:55:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.02.22 18:43:38 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2013.01.21 20:55:17 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.02.22 18:43:38 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2011.01.11 12:22:42 | 000,167,704 | ---- | M] (Tracker Software Products Ltd.) -- C:\Programme\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2007.05.16 09:30:04 | 000,036,864 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\npSfAppM.dll [2012.03.26 13:37:25 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.04 21:48:56 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.03.26 13:37:25 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.03.26 13:37:25 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.26 13:37:25 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.26 13:37:25 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\24.0.1312.52\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Programme\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Programme\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: SciFinder Application Plugin for Mozilla (Enabled) = C:\Programme\Mozilla Firefox\plugins\npSfAppM.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll CHR - plugin: Move Media Player 7 (Enabled) = C:\Dokumente und Einstellungen\****\Anwendungsdaten\Move Networks\plugins\071802000001\npqmp071802000001.dll CHR - plugin: DivX Web Player (Enabled) = C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Updater (Enabled) = C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Programme\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw_1167637.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\WINDOWS\system32\TVUAx\npTVUAx.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: Google Drive = C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\ CHR - Extension: YouTube = C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013.01.24 11:34:10 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKU\S-1-5-21-3660004609-3411007303-2895799563-1008\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo ) O4 - HKLM..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo ) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited) O4 - HKLM..\Run: [BLOG] C:\Programme\ThinkPad\Utilities\BATLOGEX.DLL () O4 - HKLM..\Run: [DiskeeperSystray] C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation) O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions) O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\Installshield\UpdateService\ISUSPM.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [LWS] C:\Programme\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited) O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TPFNF7] C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited) O4 - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited) O4 - HKU\S-1-5-21-3660004609-3411007303-2895799563-1008..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\LRZ VPN Client.lnk = C:\Programme\LRZ VPN Client\vpngui.exe (Cisco Systems, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\****\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\****\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3660004609-3411007303-2895799563-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3660004609-3411007303-2895799563-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-3660004609-3411007303-2895799563-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-3660004609-3411007303-2895799563-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MIF269~1\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office 2007\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\psfus: DllName - (C:\WINDOWS\system32\psqlpwd.dll) - C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.) O20 - Winlogon\Notify\tpfnf2: DllName - (C:\Programme\Lenovo\HOTKEY\notifyf2.dll) - C:\Programme\Lenovo\HOTKEY\notifyf2.dll () O20 - Winlogon\Notify\tphotkey: DllName - (C:\Programme\Lenovo\HOTKEY\tphklock.dll) - C:\Programme\Lenovo\HOTKEY\tphklock.dll () O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.01.27 03:18:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.01.25 13:14:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\ElevatedDiagnostics [2013.01.25 13:14:49 | 000,000,000 | ---D | C] -- C:\MATS [2013.01.25 13:10:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Windows PowerShell 1.0 [2013.01.25 13:10:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell [2013.01.25 13:10:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2013.01.25 11:05:33 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2013.01.25 10:47:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2013.01.25 10:47:07 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2013.01.25 10:47:07 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2013.01.24 17:12:57 | 000,000,000 | ---D | C] -- C:\_OTL [2013.01.24 14:01:48 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2013.01.24 11:26:41 | 000,000,000 | RHSD | C] -- C:\cmdcons [2013.01.24 11:25:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2013.01.24 11:25:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2013.01.24 11:25:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2013.01.24 11:25:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2013.01.24 11:25:25 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.01.24 11:25:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2013.01.24 11:22:22 | 005,026,296 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\****\Desktop\ComboFix.exe [2013.01.22 14:41:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Malwarebytes [2013.01.22 14:41:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2013.01.21 23:22:21 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip [2013.01.21 23:22:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\7-Zip [2013.01.21 21:20:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Desktop\GVU [2013.01.21 21:18:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\****\Desktop\OTL.exe [2013.01.21 20:58:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Avira [2013.01.21 20:56:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira [2013.01.21 20:55:56 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2013.01.21 20:55:51 | 000,134,336 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys [2013.01.21 20:55:51 | 000,083,944 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2013.01.21 20:55:51 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys [2013.01.21 20:55:50 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2013.01.21 20:55:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira [2013.01.21 20:55:06 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2013.01.15 00:07:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Startmenü\Programme\TygemBaduk Program [2013.01.14 23:21:09 | 000,000,000 | ---D | C] -- C:\Programme\TygemGlobal [2013.01.14 23:21:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TongYang Online [2013.01.13 14:57:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Eigene Dateien\Zeug [2013.01.08 23:42:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\JagoClient [2013.01.08 23:42:10 | 000,000,000 | ---D | C] -- C:\Programme\JagoClient [2013.01.08 01:26:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\GoPanda2 [2013.01.08 01:24:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\GoPanda [2013.01.08 01:24:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Startmenü\Programme\Pandanet IGS ========== Files - Modified Within 30 Days ========== [2013.01.25 12:24:00 | 000,001,094 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013.01.25 12:16:01 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2013.01.25 10:42:01 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job [2013.01.25 10:38:20 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job [2013.01.25 10:38:02 | 000,025,261 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI [2013.01.25 10:37:34 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.01.25 10:37:32 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013.01.25 10:37:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI [2013.01.25 10:37:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.01.24 17:13:00 | 000,463,344 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.01.24 17:13:00 | 000,444,810 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.01.24 17:13:00 | 000,086,188 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.01.24 17:13:00 | 000,072,686 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.01.24 11:34:10 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2013.01.24 11:26:48 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2013.01.24 11:22:52 | 005,026,296 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\****\Desktop\ComboFix.exe [2013.01.24 11:01:02 | 000,002,523 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\Microsoft Office Word 2007.lnk [2013.01.24 09:21:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2013.01.23 09:38:11 | 000,035,144 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys [2013.01.22 14:30:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013.01.21 21:18:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\****\Desktop\OTL.exe [2013.01.21 21:18:13 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\****\defogger_reenable [2013.01.21 20:56:11 | 000,001,678 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk [2013.01.11 02:26:39 | 003,619,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll [2013.01.11 01:51:53 | 000,000,699 | ---- | M] () -- C:\Dokumente und Einstellungen\****\.go.cfg [2013.01.10 20:30:13 | 000,337,848 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.01.08 23:46:38 | 002,001,061 | ---- | M] () -- C:\WINDOWS\iis6.BAK [2013.01.08 21:45:50 | 000,001,054 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Startmenü\Programme\Autostart\Dropbox.lnk ========== Files Created - No Company Name ========== [2013.01.24 11:26:48 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2013.01.24 11:26:44 | 000,262,448 | RHS- | C] () -- C:\cmldr [2013.01.24 11:25:33 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2013.01.24 11:25:33 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2013.01.24 11:25:33 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2013.01.24 11:25:33 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2013.01.24 11:25:33 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2013.01.23 09:38:11 | 000,035,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys [2013.01.21 21:18:13 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\****\defogger_reenable [2013.01.21 20:56:11 | 000,001,678 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk [2013.01.08 23:43:39 | 000,000,699 | ---- | C] () -- C:\Dokumente und Einstellungen\****\.go.cfg [2012.10.31 14:00:04 | 000,000,621 | ---- | C] () -- C:\Dokumente und Einstellungen\****\.ImageJ_3D_Viewer.props [2012.09.04 23:40:30 | 000,000,925 | ---- | C] () -- C:\WINDOWS\kaiser.ini [2011.10.26 13:53:28 | 000,005,449 | ---- | C] () -- C:\Dokumente und Einstellungen\****\.recently-used.xbel [2011.10.11 11:22:15 | 000,049,075 | ---- | C] () -- C:\WINDOWS\DIAMOND.INI [2011.07.17 21:34:31 | 000,000,443 | ---- | C] () -- C:\WINDOWS\capture.ini [2011.07.15 13:03:25 | 000,000,421 | ---- | C] () -- C:\WINDOWS\barcode.ini [2011.03.07 15:28:10 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2010.10.21 14:55:58 | 000,000,198 | ---- | C] () -- C:\Dokumente und Einstellungen\****\vgalusr1.vr [2010.01.20 15:22:58 | 000,000,158 | ---- | C] () -- C:\Dokumente und Einstellungen\****\.Xauthority [2009.07.04 09:40:50 | 000,022,016 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.04.28 14:39:34 | 000,000,922 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\gnuplot_history [2009.01.12 23:31:20 | 000,008,717 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LUUnInstall.LiveUpdate [2008.12.01 19:22:17 | 000,000,083 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\X-Plane Installer.prf [2008.10.16 21:24:05 | 000,056,663 | ---- | C] () -- C:\Dokumente und Einstellungen\****\maxout.openmath [2008.10.16 10:22:50 | 000,155,362 | ---- | C] () -- C:\Dokumente und Einstellungen\****\maxout.gnuplot [2008.10.16 10:20:24 | 000,000,528 | ---- | C] () -- C:\Dokumente und Einstellungen\****\.xmaximarc [2008.10.11 13:55:34 | 000,038,332 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Microsoft Excel.ADR [2008.10.10 15:33:02 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat ========== ZeroAccess Check ========== [2006.01.27 18:19:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 03:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 25.01.2013 13:40:38 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\****\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,98 Gb Total Physical Memory | 1,05 Gb Available Physical Memory | 53,06% Memory free
3,83 Gb Paging File | 2,92 Gb Available in Paging File | 76,37% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 142,51 Gb Total Space | 82,98 Gb Free Space | 58,23% Space Free | Partition Type: NTFS
Drive E: | 3,81 Gb Total Space | 3,40 Gb Free Space | 89,06% Space Free | Partition Type: FAT32
Computer Name: LENOVO-DDD3664B | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-3660004609-3411007303-2895799563-1008\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office 2007\Office12\msohtmed.exe" %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Programme\Maxima-5.16.3\bin\xmaxima.exe" = C:\Programme\Maxima-5.16.3\bin\xmaxima.exe:*:Disabled:Tclkit, a standalone runtime for Tcl/Tk -- (Equi4 Software)
"C:\Programme\Maxima-5.16.3\wxMaxima\wxMaxima.exe" = C:\Programme\Maxima-5.16.3\wxMaxima\wxMaxima.exe:*:Disabled:wxMaxima -- ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Programme\NX Client for Windows\nxclient.exe" = C:\Programme\NX Client for Windows\nxclient.exe:*:Enabled:nxclient -- ()
"C:\Programme\NX Client for Windows\bin\nxssh.exe" = C:\Programme\NX Client for Windows\bin\nxssh.exe:*:Enabled:nxssh -- ()
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programme\Google\Google Talk\googletalk.exe" = C:\Programme\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Programme\Microsoft Office 2007\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office 2007\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Dokumente und Einstellungen\****\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\****\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Programme\ImageJ\jre\bin\javaw.exe" = C:\Programme\ImageJ\jre\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = RecordNow Data
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad-Dienstprogramm 'EasyEject'
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"
"{1A637513-CC46-4C3B-8114-1E4F1D71CF42}" = Fritz11
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Integrated Camera
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{41894269-0DD1-4C85-B3DD-1EB41B07621D}" = ThinkVantage Fingerprint Software 5.6
"{42EDF895-158C-484E-A7F2-42B90759F281}" = Camera RAW Plug-In for EPSON Creativity Suite
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{46CBBDF8-55B5-40DB-B459-7B848394309C}" = EPSON File Manager
"{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12
"{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client
"{5624C000-B109-11D4-9DB4-00E0290FCAC5}" = VPN Client
"{59BDB81E-9BB8-476E-A0A4-EE053A7FCBCB}" = PDF-XChange Viewer
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Präsentationsdirektor
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.3
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69C92B42-DFED-4304-8AA2-C90783D706FD}" = Skat 8.0
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{72F0172C-6D1D-470E-9298-A3A1A6530CFB}" = Origin8
"{796E076A-82F7-4D49-98C8-DEC0C3BC733A}" = Diskeeper Lite
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}" = InterVideo WinDVD Creator 3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{86B3F2D6-AC2B-0014-8AE1-F2F77F781B0C}" = EndNote X4
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}" = EPSON Easy Photo Print
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0016-0000-0000-0000000FF1CE}" = Microsoft Office Excel 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0000-0000-0000000FF1CE}" = Microsoft Office PowerPoint 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}" = Apple Mobile Device Support
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Energie-Manager
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A912021A-FEDD-4DA3-8DB4-245EBDA84778}" = OriginPro 8G
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAEBA159-3D7A-4C3C-B2EA-35A627506606}" = Fritz11
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = RecordNow Audio
"{AC76BA86-7AD7-1031-7B44-A83000000003}" = Adobe Reader 8.3.1 - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = RecordNow Copy
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = v2011.build.46
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D728E945-256D-4477-B377-6BBA693714AC}" = Ergänzung zu Productivity Center für ThinkPad
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F055E1B2-8A05-4D87-8039-1BE979BA4193}" = Client Security Solution
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F151F2B3-0C32-44D3-90E2-E639B8024622}" = Rescue and Recovery
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"ACDLabs in C__Programme_ACDFREE12_" = ACD/Labs Software in C:\Programme\ACDFREE12\
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Armagetron Advanced" = Armagetron Advanced 0.2.8.2.1.gcc
"Aspell" = Aspell Data
"Aspell6-Dictionary-de" = Aspell 0.6 Dictionary (Language: de)
"Aspell6-Dictionary-en" = Aspell 0.6 Dictionary (Language: en)
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"AwayTask" = Maintenance Manager
"capella 5.0" = capella professionell Version 5.3
"CBReader " = CBReader
"ChemAxon Marvin Beans 5.1.03" = ChemAxon Marvin Beans 5.1.03
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
"DivX Setup.divx.com" = DivX-Setup
"EPSON Scanner" = EPSON Scan
"EPSON Stylus SX200 Series" = EPSON Stylus SX200 Series Printer Uninstall
"EPSON Stylus SX200_SX400_TX200_TX400 Benutzerhandbuch" = EPSON Stylus SX200_SX400_TX200_TX400 Handbuch
"ESET Online Scanner" = ESET Online Scanner v3
"EXCEL" = Microsoft Office Excel 2007
"Free Screen To Video_is1" = Free Screen To Video V 1.2
"GNU Backgammon 0.15-stable_is1" = GNU Backgammon 0.15-stable (20061119 code)
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ImageJ_is1" = ImageJ 1.44p
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"IrfanView" = IrfanView (remove only)
"iSnooker" = iSnooker
"JagoClient_is1" = JagoClient Version 6.0
"Lenovo Registration" = Lenovo Registration
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Maxima-5.16.3_is1" = Maxima 5.16.3
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MIDI Klavier_is1" = MIDI Klavier 1.0
"MiKTeX 2.9" = MiKTeX 2.9
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"nxclient_is1" = NX Client for Windows 3.4.0-5
"OnScreenDisplay" = Anzeige am Bildschirm
"OpenAL" = OpenAL
"OUTLOOK" = Microsoft Office Outlook 2007
"PC-Doctor 5 for Windows" = PC-Doctor 5 für Windows
"PCMCIAPW" = ThinkPad PC Card Power Policy
"Power Management Driver" = ThinkPad Power Management Driver
"POWERPOINT" = Microsoft Office PowerPoint 2007
"ProInst" = Intel(R) PROSet/Wireless Software
"PROSet" = Intel(R) PRO Network Connections Drivers
"Remove Multimedia Center" = Remove Multimedia Center
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"Tygem Baduk" = TygemBaduk Remove
"WashAndGo_is1" = WashAndGo
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR
"WMCSetup" = Windows Media Connect
"WORD" = Microsoft Office Word 2007
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3660004609-3411007303-2895799563-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"GoPanda" = GoPanda
"GoPanda 2" = GoPanda 2
"Move Media Player" = Move Media Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 21.01.2013 15:28:39 | Computer Name = LENOVO-DDD3664B | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
auf! Fehlercode: 0x35
Error - 21.01.2013 15:30:59 | Computer Name = LENOVO-DDD3664B | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
auf! Fehlercode: 0x35
Error - 21.01.2013 15:38:54 | Computer Name = LENOVO-DDD3664B | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
auf! Fehlercode: 0x35
Error - 21.01.2013 15:44:44 | Computer Name = LENOVO-DDD3664B | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
auf! Fehlercode: 0x35
Error - 24.01.2013 06:24:56 | Computer Name = LENOVO-DDD3664B | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung teatimer.exe, Version 1.6.6.32, fehlgeschlagenes
Modul kernel32.dll, Version 5.1.2600.6293, Fehleradresse 0x00012fd3.
Error - 25.01.2013 05:47:28 | Computer Name = LENOVO-DDD3664B | Source = MsiInstaller | ID = 11706
Description = Produkt: System Migration Assistant -- Fehler 1706. Für das Produkt
System Migration Assistant wurde kein Installationspaket gefunden. Wiederholen
Sie die Installation und verwenden Sie dabei eine gültige Kopie des Installationspakets
"SMAsetup.msi".
Error - 25.01.2013 06:03:12 | Computer Name = LENOVO-DDD3664B | Source = MsiInstaller | ID = 11706
Description = Produkt: System Migration Assistant -- Fehler 1706. Für das Produkt
System Migration Assistant wurde kein Installationspaket gefunden. Wiederholen
Sie die Installation und verwenden Sie dabei eine gültige Kopie des Installationspakets
"SMAsetup.msi".
Error - 25.01.2013 06:03:24 | Computer Name = LENOVO-DDD3664B | Source = MsiInstaller | ID = 11706
Description = Produkt: System Migration Assistant -- Fehler 1706. Für das Produkt
System Migration Assistant wurde kein Installationspaket gefunden. Wiederholen
Sie die Installation und verwenden Sie dabei eine gültige Kopie des Installationspakets
"SMAsetup.msi".
Error - 25.01.2013 06:03:33 | Computer Name = LENOVO-DDD3664B | Source = MsiInstaller | ID = 11706
Description = Produkt: System Migration Assistant -- Fehler 1706. Für das Produkt
System Migration Assistant wurde kein Installationspaket gefunden. Wiederholen
Sie die Installation und verwenden Sie dabei eine gültige Kopie des Installationspakets
"SMAsetup.msi".
Error - 25.01.2013 06:05:29 | Computer Name = LENOVO-DDD3664B | Source = MsiInstaller | ID = 11706
Description = Produkt: System Migration Assistant -- Fehler 1706. Für das Produkt
System Migration Assistant wurde kein Installationspaket gefunden. Wiederholen
Sie die Installation und verwenden Sie dabei eine gültige Kopie des Installationspakets
"SMAsetup.msi".
[ OSession Events ]
Error - 16.11.2012 10:29:59 | Computer Name = LENOVO-DDD3664B | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 64 seconds with 60 seconds of active time. This session ended with a crash.
Error - 16.11.2012 10:36:26 | Computer Name = LENOVO-DDD3664B | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 220 seconds with 180 seconds of active time. This session ended with a crash.
Error - 18.11.2012 17:27:07 | Computer Name = LENOVO-DDD3664B | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 4355 seconds with 840 seconds of active time. This session ended with a
crash.
Error - 18.11.2012 17:43:14 | Computer Name = LENOVO-DDD3664B | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 945 seconds with 900 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 24.01.2013 12:12:59 | Computer Name = LENOVO-DDD3664B | Source = Service Control Manager | ID = 7034
Description = Dienst "ThinkVantage Registry Monitor Service" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 24.01.2013 12:12:59 | Computer Name = LENOVO-DDD3664B | Source = Service Control Manager | ID = 7034
Description = Dienst "ThinkPad HDD APS Logging Service" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 24.01.2013 12:12:59 | Computer Name = LENOVO-DDD3664B | Source = Service Control Manager | ID = 7034
Description = Dienst "System Update" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 24.01.2013 12:12:59 | Computer Name = LENOVO-DDD3664B | Source = Service Control Manager | ID = 7034
Description = Dienst "TVT Backup Protection Service" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
Error - 24.01.2013 12:12:59 | Computer Name = LENOVO-DDD3664B | Source = Service Control Manager | ID = 7034
Description = Dienst "TVT Backup Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 24.01.2013 12:12:59 | Computer Name = LENOVO-DDD3664B | Source = Service Control Manager | ID = 7034
Description = Dienst "tvtnetwk" wurde unerwartet beendet. Dies ist bereits 1 Mal
passiert.
Error - 24.01.2013 12:12:59 | Computer Name = LENOVO-DDD3664B | Source = Service Control Manager | ID = 7034
Description = Dienst "TVT Scheduler" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 24.01.2013 12:12:59 | Computer Name = LENOVO-DDD3664B | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Access Connections Main Service" wurde unerwartet beendet.
Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000
Millisekunden durchgeführt: Starten Sie den Dienst neu..
Error - 25.01.2013 05:42:21 | Computer Name = LENOVO-DDD3664B | Source = Srv | ID = 2000
Description = Der Aufruf eines Systemdienstes durch den Serverdienst ist unerwartet
fehlgeschlagen.
Error - 25.01.2013 05:42:21 | Computer Name = LENOVO-DDD3664B | Source = Srv | ID = 2000
Description = Der Aufruf eines Systemdienstes durch den Serverdienst ist unerwartet
fehlgeschlagen.
< End of report >
|
|
25.01.2013, 14:10
| #36 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU-Trojaner nach Systemwiederherstellung entfernt?Fixen mit OTL
Code:
ATTFilter :Files
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dsgsdgdsgdsgw.*
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
__________________ --> GVU-Trojaner nach Systemwiederherstellung entfernt? |
|
25.01.2013, 14:22
| #37 |
| | GVU-Trojaner nach Systemwiederherstellung entfernt? Woops, die hatte ich schon gelöscht, nachdem Du oben "einfach löschen" geschrieben hast  Code:
ATTFilter All processes killed
========== FILES ==========
File\Folder C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dsgsdgdsgdsgw.* not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Auflösungscache wurde geleert.
C:\Dokumente und Einstellungen\****\Desktop\cmd.bat deleted successfully.
C:\Dokumente und Einstellungen\****\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: ****
->Temp folder emptied: 54125 bytes
->Temporary Internet Files folder emptied: 291454 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 4592183 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 652 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 505 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 5,00 mb
File move failed. C:\WINDOWS\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!
OTL by OldTimer - Version 3.2.69.0 log created on 01252013_141721
Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\System32\drivers\etc\Hosts scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
25.01.2013, 15:33
| #38 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU-Trojaner nach Systemwiederherstellung entfernt? Kein Problem Sieht soweit ok aus Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.01.2013, 13:10
| #39 |
| | GVU-Trojaner nach Systemwiederherstellung entfernt? Ja läuft alles gut Ist das System damit wieder sauber? |
|
26.01.2013, 21:41
| #40 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU-Trojaner nach Systemwiederherstellung entfernt? Dann wären wir durch!  Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Combofix entfernen: Start/Ausführen (Tastenkombination WIN+R), dort den Befehl combofix /uninstall eintippen und ausführen Mit Hilfe von OTL kannst du auch viele andere Tools entfernen: Starte dazu einfach OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Start, Systemsteuerung, Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks findest du hier => Browsers and Plugins - FilePony.de Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.01.2013, 21:34
| #41 |
| | GVU-Trojaner nach Systemwiederherstellung entfernt? Vielen, vielen Dank für Deine Hilfe! Die Programme habe ich entfernt - und dafür empfohlene installiert, damit es möglichst lang keine Probleme gibt^^ Lieben Dank nochmal! |
|
| Themen zu GVU-Trojaner nach Systemwiederherstellung entfernt? |
| abgesicherte, abgesicherten, abgesicherten modus, anhang, einfach, eingabeaufforderung, ellung, entfern, entfernt, entfernt?, gelöst, gvu-trojaner, heute, konnte, modus, scans, system, systemwiederherstellung |
Textbox. 
Linear-Darstellung
