Lvvm.exe, zidaars.exe, 100.exe und Google leitet immer weiter auf Seite mit nem Registrybooster
Hallo liebes Trojaner-Board-Team,
ich habe gestern den Laptop einer Freundin auf Viren etc. geprüft, da dieser in letzter Zeit sehr langsam sei und immer wieder "rummspinnt".
Als erstes entdeckte ich auf der Festplatte ein VBS-Script, welches ich anhand einer Anleitung hoffentlich erfolgreich löschen konnte.
Die Datei ist zumindest nicht mehr auf der Festplatte und wenn ich nen USB-Stick o.ä. einstecke, wird auf diesem auch keine Datei erstellt.
Das Einzige was mich stutzig macht ist, dass das VBS-Script im Systemstart unter msconfig immer noch zu sehen ist.
Das nächste Problem ist der Prozess Lvvm.exe über den ich schon einiges gelesen habe, leider jedoch keine Universallösung für dieses Problem gefunden habe.
zudem kommen die beiden Browser Mozilla und der Internetexplorer.
Wenn ich bei google nach etwas suche und anschließend einen Link anklicke, werde ich ständig auf hoot.com oder auf abnow.com weitergeleitet.
Auf diesen Seiten wird dann ein Registrybooster angeboten, bzw. ein "gratis"-scan der Registry, welcher offensichtlich mit den Viren auf dem Notebook zusammenhängt.
Hier nun die OTL.txt: Code:
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1014,36 Mb Total Physical Memory | 622,36 Mb Available Physical Memory | 61,35% Memory free
2,38 Gb Paging File | 2,10 Gb Available in Paging File | 88,19% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 145,65 Gb Total Space | 113,49 Gb Free Space | 77,92% Space Free | Partition Type: NTFS
Computer Name: LENOVO-605B67AA | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.01.23 23:33:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
PRC - [2011.07.25 22:14:00 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Programme\Lenovo\System Update\SUService.exe
PRC - [2009.07.09 11:22:18 | 000,144,712 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008.08.28 15:10:18 | 001,283,984 | ---- | M] (Lenovo (Beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\Energy Management.exe
PRC - [2008.07.09 16:21:20 | 004,456,448 | ---- | M] (Lenovo(Beijing)Limited) -- C:\Program Files\Lenovo\Energy Management\utility.exe
PRC - [2008.06.23 23:21:34 | 000,346,720 | ---- | M] (Broadcom Corporation.) -- C:\Programme\Lenovo\Bluetooth Software\bin\btwdins.exe
PRC - [2008.04.14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2012.01.04 11:17:56 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll
MOD - [2012.01.04 11:17:01 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2011.11.06 17:16:54 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011.11.06 17:07:05 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011.11.06 17:06:02 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2010.03.15 10:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2009.03.11 14:12:37 | 009,338,880 | ---- | M] () -- C:\WINDOWS\system32\Facev.dll
MOD - [2009.03.11 14:12:36 | 009,502,720 | ---- | M] () -- C:\WINDOWS\system32\FaceVerify.dll
MOD - [2009.03.11 14:12:36 | 001,564,672 | ---- | M] () -- C:\WINDOWS\system32\MainOp.dll
MOD - [2009.03.11 14:12:36 | 000,241,752 | ---- | M] () -- C:\WINDOWS\system32\IcnOvrly.dll
MOD - [2009.03.11 14:12:36 | 000,221,184 | ---- | M] () -- C:\WINDOWS\system32\SetDev.dll
MOD - [2009.03.11 14:12:36 | 000,126,976 | ---- | M] () -- C:\WINDOWS\system32\VideoOp.dll
MOD - [2009.03.11 14:12:36 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\FunFrm.dll
MOD - [2009.03.11 14:12:35 | 001,163,264 | ---- | M] () -- C:\WINDOWS\system32\PicNotify.dll
MOD - [2009.03.11 14:12:35 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\Momo.dll
MOD - [2009.03.11 14:12:34 | 000,442,368 | ---- | M] () -- C:\WINDOWS\system32\Apblend.dll
MOD - [2009.03.11 14:12:33 | 000,208,896 | ---- | M] () -- C:\WINDOWS\system32\image.dll
MOD - [2009.03.11 14:12:32 | 000,241,664 | ---- | M] () -- C:\WINDOWS\system32\3DImageRenderer.dll
MOD - [2009.03.11 13:59:42 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll
MOD - [2008.06.23 23:20:42 | 002,854,912 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2008.06.20 17:02:46 | 000,247,296 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008.05.21 17:33:22 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Energy Management\KbdHook.dll
MOD - [2008.04.14 13:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2005.06.24 03:05:02 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Energy Management\HookLib.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011.07.25 22:14:00 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Programme\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2009.07.09 11:22:18 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008.12.01 18:32:30 | 000,307,200 | -H-- | M] (DeviceVM) [Disabled | Stopped] -- C:\QSTART.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2008.11.04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008.06.23 23:21:34 | 000,346,720 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\Lenovo\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2008.04.14 13:00:00 | 000,005,120 | ---- | M] (Iomega) [Auto | Running] -- C:\WINDOWS\system32\aic78u2.dll -- (websensecommunicationagent)
SRV - [2008.03.04 09:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2008.01.16 09:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007.09.26 16:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
========== Driver Services (SafeList) ==========
DRV - [2009.02.18 11:31:04 | 005,028,352 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.09.10 19:14:48 | 001,386,624 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008.08.05 13:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008.07.23 03:03:24 | 000,157,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTS5121.sys -- (RSUSBSTOR)
DRV - [2008.06.23 05:23:58 | 000,991,400 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008.06.19 20:43:36 | 000,176,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2008.06.11 07:14:18 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008.05.30 04:46:12 | 000,534,568 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008.02.04 10:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2008.01.11 14:58:42 | 000,009,472 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2007.09.20 04:59:14 | 000,156,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007.02.19 06:56:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2006.01.04 08:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.9
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: C:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.04.19 19:59:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.04.09 20:36:40 | 000,000,000 | ---D | M]
[2009.05.14 11:03:47 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions
[2012.01.23 22:45:12 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\t0c8a0p0.default\extensions
[2009.12.08 17:53:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\t0c8a0p0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.09.24 21:30:12 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\t0c8a0p0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.11.15 21:03:42 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\t0c8a0p0.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.01.08 17:41:40 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\t0c8a0p0.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2011.03.21 18:24:22 | 000,002,387 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\t0c8a0p0.default\searchplugins\askcom.xml
[2011.08.08 11:12:45 | 000,000,873 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\t0c8a0p0.default\searchplugins\conduit.xml
[2009.09.08 10:25:18 | 000,000,687 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\t0c8a0p0.default\searchplugins\icq-search.xml
[2009.10.12 19:15:38 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\t0c8a0p0.default\searchplugins\icqplugin-1.xml
[2011.03.14 14:13:04 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\t0c8a0p0.default\searchplugins\icqplugin-10.xml
[2011.05.10 19:25:03 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\t0c8a0p0.default\searchplugins\icqplugin-11.xml
[2011.06.27 21:28:38 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\t0c8a0p0.default\searchplugins\icqplugin-12.xml
[2009.10.30 15:15:19 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\t0c8a0p0.default\searchplugins\icqplugin-2.xml
[2009.12.20 15:38:17 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\t0c8a0p0.default\searchplugins\icqplugin-3.xml
[2010.01.07 19:14:24 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\t0c8a0p0.default\searchplugins\icqplugin-4.xml
[2010.01.08 13:54:25 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\t0c8a0p0.default\searchplugins\icqplugin-5.xml
[2010.03.01 16:03:37 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\t0c8a0p0.default\searchplugins\icqplugin-6.xml
[2010.04.09 21:02:40 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\t0c8a0p0.default\searchplugins\icqplugin-7.xml
[2010.07.06 21:47:49 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\t0c8a0p0.default\searchplugins\icqplugin-8.xml
[2011.03.13 21:36:10 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\t0c8a0p0.default\searchplugins\icqplugin-9.xml
[2011.03.30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\t0c8a0p0.default\searchplugins\icqplugin.xml
[2011.08.29 12:00:19 | 000,003,915 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\t0c8a0p0.default\searchplugins\SweetIM Search.xml
[2010.01.08 17:41:37 | 000,003,915 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\t0c8a0p0.default\searchplugins\sweetim.xml
[2011.09.24 20:15:41 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.09.03 18:50:18 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.09.08 10:24:47 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2009.09.08 10:24:47 | 000,002,344 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2009.09.08 10:24:47 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2009.09.08 10:24:47 | 000,000,986 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2009.09.08 10:24:47 | 000,000,801 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
Hosts file not found
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Programme\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Programme\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Programme\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Programme\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Programme\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Programme\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Programme\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Programme\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Programme\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Programme\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Programme\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Programme\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Programme\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Programme\Bonjour\mdnsNSP.dll File not found
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E7AA8505-D53B-4092-AF0C-3ADF67CD4633}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (rundll32.exe) - File not found
O20 - HKLM Winlogon: Shell - (bqtj.xco) - File not found
O20 - HKLM Winlogon: Shell - (rfheww) - File not found
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\7be0992a\X) -C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\7be0992a\X ()
O20 - Winlogon\Notify\PicNotify: DllName - (PicNotify.dll) - C:\WINDOWS\System32\PicNotify.dll ()
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.07.21 06:02:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{41c3ac7c-fc86-11df-8a3e-00234ee53af8}\Shell - "" = AutoRun
O33 - MountPoints2\{41c3ac7c-fc86-11df-8a3e-00234ee53af8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{41c3ac7c-fc86-11df-8a3e-00234ee53af8}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe LENOVO-605B67AA.vbs
O33 - MountPoints2\{763891f1-6c95-11df-895d-00234ee53af8}\Shell - "" = AutoRun
O33 - MountPoints2\{763891f1-6c95-11df-895d-00234ee53af8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{763891f1-6c95-11df-895d-00234ee53af8}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe WIEBORG.vbs
O33 - MountPoints2\{7cd1144c-c325-11df-89d3-00234ee53af8}\Shell - "" = AutoRun
O33 - MountPoints2\{7cd1144c-c325-11df-89d3-00234ee53af8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7cd1144c-c325-11df-89d3-00234ee53af8}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe LENOVO-605B67AA.vbs
O33 - MountPoints2\{9733d43c-9508-11df-898c-00234ee53af8}\Shell - "" = AutoRun
O33 - MountPoints2\{9733d43c-9508-11df-898c-00234ee53af8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9733d43c-9508-11df-898c-00234ee53af8}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe LENOVO-605B67AA.vbs
O33 - MountPoints2\{9733d43d-9508-11df-898c-00234ee53af8}\Shell - "" = AutoRun
O33 - MountPoints2\{9733d43d-9508-11df-898c-00234ee53af8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9733d43d-9508-11df-898c-00234ee53af8}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe LENOVO-605B67AA.vbs
O33 - MountPoints2\{db459bb6-3502-11e0-8a7f-00234ee53af8}\Shell - "" = AutoRun
O33 - MountPoints2\{db459bb6-3502-11e0-8a7f-00234ee53af8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{db459bb6-3502-11e0-8a7f-00234ee53af8}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe LENOVO-605B67AA.vbs
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: websensecommunicationagent - C:\WINDOWS\system32\aic78u2.dll (Iomega)
NetSvcs: WmdmPmSp - File not found
MsConfig - Services: "TVT Scheduler"
MsConfig - Services: "ThinkVantage Registry Monitor Service"
MsConfig - Services: "ose"
MsConfig - Services: "odserv"
MsConfig - Services: "Microsoft Office Groove Audit Service"
MsConfig - Services: "SQLWriter"
MsConfig - Services: "SQLBrowser"
MsConfig - Services: "MSSQL$MSSMLBIZ"
MsConfig - Services: "idsvc"
MsConfig - Services: "BcmSqlStartupSvc"
MsConfig - Services: "DvmMDES"
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^BTTray.lnk - C:\Programme\Lenovo\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
MsConfig - StartUpReg: 100.exe - hkey= - key= - File not found
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Alcmtr - hkey= - key= - C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: Firefox helper - hkey= - key= - C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\firefox.exe ()
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - File not found
MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found
MsConfig - StartUpReg: LENOVO-605B67AA - hkey= - key= - File not found
MsConfig - StartUpReg: Load - hkey= - key= - File not found
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: Persistence - hkey= - key= - File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Programme\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RTHDCPL - hkey= - key= - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: SweetIM - hkey= - key= - C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
MsConfig - StartUpReg: TVT Scheduler Proxy - hkey= - key= - C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
MsConfig - StartUpReg: VeriFaceManager - hkey= - key= - C:\Programme\Lenovo\VeriFaceIII\PManage.exe ()
MsConfig - StartUpReg: {5A189B2F-63BC-2F71-C54A-058FFB92F0C8} - hkey= - key= - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012.01.23 23:33:09 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
[2012.01.23 22:24:48 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\***\PrivacIE
[2012.01.23 22:24:42 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\***\IETldCache
[2012.01.23 20:20:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe
[2012.01.23 20:09:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe
[2012.01.23 19:51:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2012.01.23 19:48:21 | 000,000,000 | ---D | C] -- C:\Programme\LP
[2012.01.23 19:47:58 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\7be0992a
[2012.01.23 19:47:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\F4D55F02006ACA105FDB02F2D151FC84
[2012.01.23 19:45:43 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012.01.23 19:36:44 | 000,000,000 | ---D | C] -- C:\c5ecb9df9e44f9ff4cbb799f174d
[2012.01.23 17:23:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\backups
[2012.01.23 17:20:11 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\***\Desktop\HiJackThis204.exe
[2012.01.23 17:04:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012.01.23 17:03:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Temp
[2012.01.16 10:08:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Identities
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.01.23 23:38:10 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\zhf4ckst.exe
[2012.01.23 23:37:05 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.01.23 23:33:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
[2012.01.23 23:32:07 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\***\defogger_reenable
[2012.01.23 23:31:44 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Defogger.exe
[2012.01.23 20:28:26 | 000,520,954 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.01.23 20:28:26 | 000,492,148 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.01.23 20:28:26 | 000,110,336 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.01.23 20:28:26 | 000,090,838 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.01.23 20:24:57 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2012.01.23 20:24:15 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_log_trash.cmd
[2012.01.23 20:24:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.01.23 20:24:11 | 1063,702,528 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.23 17:20:12 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\***\Desktop\HiJackThis204.exe
[2012.01.18 16:41:12 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.01.12 00:23:47 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.01.12 00:23:23 | 000,000,748 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2012.01.07 17:08:47 | 000,266,208 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.01.23 23:38:09 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\zhf4ckst.exe
[2012.01.23 23:32:07 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***\defogger_reenable
[2012.01.23 23:31:43 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Defogger.exe
[2012.01.23 19:49:26 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_log_trash.cmd
[2010.08.18 21:57:37 | 000,000,748 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009.09.06 21:45:38 | 000,019,456 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.05.17 20:47:31 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009.05.14 11:03:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009.05.09 21:02:08 | 000,000,142 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2009.03.11 14:47:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009.03.11 14:16:38 | 000,148,792 | ---- | C] () -- C:\WINDOWS\desktopset.exe
[2009.03.11 14:12:37 | 009,338,880 | ---- | C] () -- C:\WINDOWS\System32\Facev.dll
[2009.03.11 14:12:37 | 000,495,616 | ---- | C] () -- C:\WINDOWS\System32\picn.dll
[2009.03.11 14:12:37 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\image.dll
[2009.03.11 14:12:36 | 009,502,720 | ---- | C] () -- C:\WINDOWS\System32\FaceVerify.dll
[2009.03.11 14:12:36 | 001,564,672 | ---- | C] () -- C:\WINDOWS\System32\MainOp.dll
[2009.03.11 14:12:36 | 000,655,360 | ---- | C] () -- C:\WINDOWS\System32\EncIcons.dll
[2009.03.11 14:12:36 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\SimpleExt.dll
[2009.03.11 14:12:36 | 000,241,752 | ---- | C] () -- C:\WINDOWS\System32\IcnOvrly.dll
[2009.03.11 14:12:36 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\SetDev.dll
[2009.03.11 14:12:36 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\VideoOp.dll
[2009.03.11 14:12:36 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\FunFrm.dll
[2009.03.11 14:12:35 | 001,163,264 | ---- | C] () -- C:\WINDOWS\System32\PicNotify.dll
[2009.03.11 14:12:35 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Momo.dll
[2009.03.11 14:12:35 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\DevFilt.dll
[2009.03.11 14:12:34 | 001,974,272 | ---- | C] () -- C:\WINDOWS\System32\Imagereog.dll
[2009.03.11 14:12:34 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\Apblend.dll
[2009.03.11 14:12:32 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\3DImageRenderer.dll
[2009.03.11 14:06:46 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009.03.11 14:05:15 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2009.03.11 13:59:49 | 000,000,138 | ---- | C] () -- C:\WINDOWS\System32\Softkbd.exe.config
[2008.12.01 18:32:30 | 000,012,240 | ---- | C] () -- C:\WINDOWS\System32\dvmio.sys
[2008.07.21 16:38:00 | 000,002,963 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008.07.21 15:51:20 | 000,520,954 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2008.07.21 15:51:20 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2008.07.21 15:51:20 | 000,110,336 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2008.07.21 15:51:20 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2008.07.21 15:51:12 | 000,034,699 | ---- | C] () -- C:\WINDOWS\System32\hlp.dat
[2008.07.21 15:51:07 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008.07.21 15:51:05 | 000,492,148 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008.07.21 15:51:05 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008.07.21 15:51:05 | 000,090,838 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008.07.21 15:51:05 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008.07.21 15:51:04 | 000,004,547 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008.07.21 15:51:03 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008.07.21 15:51:02 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008.07.21 15:50:58 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008.07.21 15:50:58 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008.07.21 15:50:51 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008.07.21 15:50:47 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008.07.21 06:56:47 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008.07.21 06:56:03 | 000,266,208 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008.07.21 06:04:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008.07.21 06:01:14 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008.06.23 23:20:42 | 002,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
========== LOP Check ==========
[2010.11.15 21:03:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DVDVideoSoftIEHelpers
[2011.09.24 21:29:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICQ
[2012.01.23 19:48:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\F4D55F02006ACA105FDB02F2D151FC84
[2011.09.24 21:30:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2012.01.23 16:50:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM
[2012.01.23 16:55:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2009.05.09 21:50:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VeriFace
[2009.05.14 11:09:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2009.12.07 11:56:08 | 000,000,000 | ---D | M] -- C:\b5538fd54791fcf422f99a22fcae
[2012.01.23 19:51:34 | 000,000,000 | ---D | M] -- C:\c5ecb9df9e44f9ff4cbb799f174d
[2009.05.09 21:02:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2009.03.11 22:52:39 | 000,000,000 | ---D | M] -- C:\DRIVERS
[2009.05.09 21:03:51 | 000,000,000 | ---D | M] -- C:\I386
[2009.03.11 14:03:34 | 000,000,000 | ---D | M] -- C:\Intel
[2009.05.11 17:49:29 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.05.11 17:45:22 | 000,000,000 | ---D | M] -- C:\OFFICE
[2009.03.11 14:04:55 | 000,000,000 | ---D | M] -- C:\Program Files
[2012.01.23 22:36:55 | 000,000,000 | R--D | M] -- C:\Programme
[2009.03.11 14:36:41 | 000,000,000 | -H-D | M] -- C:\QSTART.SYS
[2009.05.17 20:07:48 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2008.07.21 15:47:11 | 000,000,000 | ---D | M] -- C:\SUPPORT
[2009.05.09 21:03:19 | 000,000,000 | ---D | M] -- C:\SWTOOLS
[2010.08.18 21:41:12 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.01.23 19:09:01 | 000,000,000 | -H-D | M] -- C:\temp
[2012.01.23 19:08:29 | 000,000,000 | ---D | M] -- C:\VALUEADD
[2012.01.23 19:59:49 | 000,000,000 | ---D | M] -- C:\WINDOWS
< %PROGRAMFILES%\*.exe >
Invalid Environment Variable: LOCALAPPDATA
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.manifest /3 >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< MD5 for: AFD.SYS >
[2011.08.17 14:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\dllcache\afd.sys
[2011.08.17 14:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\drivers\afd.sys
[2008.04.14 13:00:00 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\$NtUninstallKB951748$\afd.sys
[2011.02.16 14:22:48 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=355556D9E580915118CD7EF736653A89 -- C:\WINDOWS\$NtUninstallKB2592799$\afd.sys
[2008.10.16 16:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys
[2008.08.14 11:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
[2008.10.16 15:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\$NtUninstallKB2503665$\afd.sys
[2008.08.14 11:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$NtUninstallKB2509553$\afd.sys
[2011.02.16 14:25:05 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=8D499B1276012EB907E7A9E0F4D8FDA4 -- C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys
[2008.06.20 12:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
[2008.06.20 12:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$NtUninstallKB956803$\afd.sys
[2011.08.17 14:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys
< MD5 for: EXPLORER.EXE >
[2008.04.14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=7B72B1E19EF0E82118FC3E5805488F54 -- C:\WINDOWS\explorer.exe
< MD5 for: IPSEC.SYS >
[2008.04.14 13:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=404C602109258459E8B27A673C7640AE -- C:\WINDOWS\system32\drivers\ipsec.sys
< MD5 for: REGEDIT.EXE >
[2008.04.14 13:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\I386\REGEDIT.EXE
[2008.04.14 13:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\regedit.exe
< MD5 for: USERINIT.EXE >
[2008.04.14 13:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2008.04.14 13:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=675DB4177CB38D640F4897793957458F -- C:\WINDOWS\system32\winlogon.exe
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2011.11.23 15:40:13 | 001,859,712 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-01-23 18:51:35
< >
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB7477$] -> Error: Cannot create file handle -> Unknown point type
========== Alternate Data Streams ==========
@Alternate Data Stream - 121 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
< End of report >
Ich hoffe ihr könnt mir helfen
Danke schonmal im Voraus
Besten Gruß
Paul P. |
