Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   TR/Agen.Y.20 in OTL.exe und weitere Funde (https://www.trojaner-board.de/105767-tr-agen-y-20-otl-exe-funde.html)

onkel_2000 04.12.2011 11:27
TR/Agen.Y.20 in OTL.exe und weitere Funde
 
Hi,
Avira Antivir hat in meiner OTL.exe den Trojaner TR/Agent.Y.20 festgestellt. daraufhin habe ich die Datei gelöscht und einen kompletten Suchlauf gestartet,der weitere Ergebnisse brachte (siehe Anhang).
Dann habe ich defogger, neu runtergeladene otl und gmer laufen lassen, Logs im Anhang. Bitte um Hilfe, :dankeschoen:

onkel_2000 04.12.2011 13:07
Ok sorry, OTL Log im Text, nicht als Anhang

OTL Logfile:
Code:
OTL logfile created on: 03.12.2011 21:00:36 - Run 2
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Dokumente und Einstellungen\****\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1014,36 Mb Total Physical Memory | 544,48 Mb Available Physical Memory | 53,68% Memory free
2,38 Gb Paging File | 1,96 Gb Available in Paging File | 82,07% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 19,62 Gb Total Space | 3,44 Gb Free Space | 17,52% Space Free | Partition Type: NTFS
Drive D: | 97,66 Gb Total Space | 74,39 Gb Free Space | 76,17% Space Free | Partition Type: NTFS
Drive E: | 11,95 Gb Total Space | 11,18 Gb Free Space | 93,55% Space Free | Partition Type: NTFS
Drive Z: | 15,76 Gb Total Space | 15,67 Gb Free Space | 99,47% Space Free | Partition Type: NTFS
 
Computer Name: NETBOOK | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\****\Desktop\OTL.exe (OldTimer Tools)
PRC - D:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - c:\Programme\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\VeriFaceIII\PManage.exe ()
PRC - C:\Programme\Lenovo\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
PRC - C:\QSTART.SYS\config\DVMExportService.exe (DeviceVM)
PRC - C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
PRC - C:\Programme\Packard Bell\Packard Bell Software Suite\Launcher.exe (Packard Bell BV)
PRC - C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited)
PRC - C:\Programme\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe (Packard Bell Services)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
PRC - C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)
PRC - C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll ()
MOD - D:\Programme\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU ()
MOD - C:\WINDOWS\system32\IcnOvrly.dll ()
MOD - C:\Programme\Lenovo\VeriFaceIII\PManage.exe ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll ()
MOD - C:\Program Files\Lenovo\Energy Management\KbdHook.dll ()
MOD - C:\Program Files\Lenovo\Energy Management\HookLib.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (HidServ) --  File not found
SRV - (AppMgmt) --  File not found
SRV - (AntiVirSchedulerService) -- D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SUService) -- c:\Programme\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (btwdins) -- C:\Programme\Lenovo\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
SRV - (DvmMDES) -- C:\QSTART.SYS\config\DVMExportService.exe (DeviceVM)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (Service1) -- C:\Programme\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe (Packard Bell Services)
SRV - (TVT Scheduler) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)
SRV - (BcmSqlStartupSvc) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (ThinkVantage Registry Monitor Service) -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (epmntdrv) -- C:\WINDOWS\system32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\WINDOWS\system32\EuGdiDrv.sys ()
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (lnvomdm2) -- C:\WINDOWS\system32\drivers\lnvomdm2.sys (MCCI Corporation)
DRV - (lnvounic) Ericsson F3507g Mobile Broadband Minicard Network Adapter (WDM) -- C:\WINDOWS\system32\drivers\lnvounic.sys (MCCI Corporation)
DRV - (lnvomdm) -- C:\WINDOWS\system32\drivers\lnvomdm.sys (MCCI Corporation)
DRV - (lnvond5) Ericsson F3507g Mobile Broadband Minicard Network Adapter (NDIS) -- C:\WINDOWS\system32\drivers\lnvond5.sys (MCCI Corporation)
DRV - (lnvocard) -- C:\WINDOWS\system32\drivers\lnvocard.sys (MCCI Corporation)
DRV - (lnvobus) Ericsson F3507g Mobile Broadband Minicard Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\lnvobus.sys (MCCI Corporation)
DRV - (lnvomdfl2) -- C:\WINDOWS\system32\drivers\lnvomdfl2.sys (MCCI Corporation)
DRV - (lnvomdfl) -- C:\WINDOWS\system32\drivers\lnvomdfl.sys (MCCI Corporation)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (lnvogps) -- C:\WINDOWS\system32\drivers\lnvogps.sys (Ericsson AB)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (RSUSBSTOR) -- C:\WINDOWS\system32\drivers\RTS5121.sys (Realtek Semiconductor Corp.)
DRV - (Sony_EricssonWWSC) -- C:\WINDOWS\system32\drivers\lnvoscard.sys (Sony Ericsson)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (btwmodem) -- C:\WINDOWS\system32\drivers\btwmodem.sys (Broadcom Corporation.)
DRV - (ACPIVPC) -- C:\WINDOWS\system32\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.live.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "web.de"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: D:\Programme\VideoLAN\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.11.29 08:19:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.09.22 10:02:37 | 000,000,000 | ---D | M]
 
[2010.01.20 15:37:25 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Daniel\Anwendungsdaten\Mozilla\Extensions
[2011.11.25 15:21:10 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Daniel\Anwendungsdaten\Mozilla\Firefox\Profiles\2x940mzi.default\extensions
[2011.05.17 18:30:24 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Dokumente und Einstellungen\Daniel\Anwendungsdaten\Mozilla\Firefox\Profiles\2x940mzi.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.11.25 15:21:10 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Dokumente und Einstellungen\Daniel\Anwendungsdaten\Mozilla\Firefox\Profiles\2x940mzi.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.11.29 20:51:51 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.10.23 09:21:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011.11.29 08:19:55 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.03 09:55:13 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.03 09:55:13 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.10.03 09:55:13 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.03 09:55:13 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.03 09:55:13 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.03 09:55:13 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.05.19 14:43:27 | 000,395,378 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 127.0.0.1        1-2005-search.com
O1 - Hosts: 13652 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Automatisch EPSON Stylus Photo R240 Series auf ****] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [avgnt] D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited)
O4 - HKLM..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [VeriFaceManager] C:\Programme\Lenovo\VeriFaceIII\PManage.exe ()
O4 - HKCU..\Run: [Packard Bell Software Suite] C:\Programme\Packard Bell\Packard Bell Software Suite\Launcher.exe (Packard Bell BV)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube Download - C:\Dokumente und Einstellungen\****\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\****\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.10.96.44 217.10.96.65
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DA68C3EC-DC3F-4FF7-9105-ABE1A3E7C8AA}: DhcpNameServer = 217.10.96.44 217.10.96.65
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.07.21 06:02:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3dcbd1fb-61c4-11df-9282-00242cf9e5c1}\Shell - "" = AutoRun
O33 - MountPoints2\{3dcbd1fb-61c4-11df-9282-00242cf9e5c1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3dcbd1fb-61c4-11df-9282-00242cf9e5c1}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.03 20:47:36 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\****\Desktop\OTL.exe
[2011.12.03 19:02:20 | 000,000,000 | -H-D | C] -- C:\dvmexp
[2011.12.01 15:08:23 | 000,000,000 | ---D | C] -- D:\Downloads
[2011.11.05 22:57:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Skype
[2011.11.05 22:57:35 | 000,000,000 | R--D | C] -- C:\Programme\Skype
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.03 21:02:29 | 000,000,012 | -H-- | M] () -- C:\dvmexp.idx
[2011.12.03 20:47:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\****\Desktop\OTL.exe
[2011.12.03 20:46:11 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\****\defogger_reenable
[2011.12.03 20:45:52 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\Defogger.exe
[2011.12.03 20:28:52 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job
[2011.12.03 19:01:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.12.03 19:01:46 | 1063,702,528 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.30 21:59:49 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.11.22 16:47:14 | 000,032,396 | ---- | M] () -- D:\Adressbuch-Sicherung.csv
[2011.11.16 19:27:02 | 000,521,956 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.11.16 19:27:02 | 000,492,870 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.11.16 19:27:02 | 000,110,932 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.11.16 19:27:02 | 000,091,368 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.11.13 21:26:36 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.03 21:02:29 | 000,000,012 | -H-- | C] () -- C:\dvmexp.idx
[2011.12.03 20:46:11 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\****\defogger_reenable
[2011.12.03 20:45:49 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\Defogger.exe
[2011.11.22 16:47:13 | 000,032,396 | ---- | C] () -- D:\Adressbuch-Sicherung.csv
[2011.08.16 11:07:40 | 000,003,584 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.17 19:41:33 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db
[2010.06.06 19:46:45 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.02.01 14:22:20 | 001,692,288 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2010.02.01 14:22:20 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2010.02.01 14:22:19 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2010.02.01 14:22:19 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2010.02.01 14:22:19 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2010.01.20 18:27:41 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.01.20 15:37:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.01.20 14:29:44 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2009.04.17 22:15:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009.04.17 21:35:39 | 000,148,792 | ---- | C] () -- C:\WINDOWS\desktopset.exe
[2009.04.17 21:31:37 | 009,338,880 | ---- | C] () -- C:\WINDOWS\System32\Facev.dll
[2009.04.17 21:31:37 | 000,495,616 | ---- | C] () -- C:\WINDOWS\System32\picn.dll
[2009.04.17 21:31:37 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\image.dll
[2009.04.17 21:31:37 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\FunFrm.dll
[2009.04.17 21:31:36 | 000,655,360 | ---- | C] () -- C:\WINDOWS\System32\EncIcons.dll
[2009.04.17 21:31:36 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\SimpleExt.dll
[2009.04.17 21:31:36 | 000,241,752 | ---- | C] () -- C:\WINDOWS\System32\IcnOvrly.dll
[2009.04.17 21:31:35 | 009,502,720 | ---- | C] () -- C:\WINDOWS\System32\FaceVerify.dll
[2009.04.17 21:31:35 | 001,564,672 | ---- | C] () -- C:\WINDOWS\System32\MainOp.dll
[2009.04.17 21:31:35 | 001,167,360 | ---- | C] () -- C:\WINDOWS\System32\PicNotify.dll
[2009.04.17 21:31:35 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\SetDev.dll
[2009.04.17 21:31:35 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\VideoOp.dll
[2009.04.17 21:31:35 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Momo.dll
[2009.04.17 21:31:35 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\DevFilt.dll
[2009.04.17 21:31:34 | 001,974,272 | ---- | C] () -- C:\WINDOWS\System32\Imagereog.dll
[2009.04.17 21:31:34 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\Apblend.dll
[2009.04.17 21:31:32 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\3DImageRenderer.dll
[2009.04.17 21:25:39 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009.04.17 21:24:06 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2009.04.17 21:18:51 | 000,000,138 | ---- | C] () -- C:\WINDOWS\System32\Softkbd.exe.config
[2009.01.16 16:55:38 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008.12.01 17:32:30 | 000,012,240 | ---- | C] () -- C:\WINDOWS\System32\dvmio.sys
[2008.07.21 16:38:00 | 000,002,963 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008.07.21 15:51:20 | 000,521,956 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2008.07.21 15:51:20 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2008.07.21 15:51:20 | 000,110,932 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2008.07.21 15:51:20 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2008.07.21 15:51:07 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008.07.21 15:51:05 | 000,492,870 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008.07.21 15:51:05 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008.07.21 15:51:05 | 000,091,368 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008.07.21 15:51:05 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008.07.21 15:51:04 | 000,004,547 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008.07.21 15:51:03 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008.07.21 15:51:02 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008.07.21 15:50:58 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008.07.21 15:50:58 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008.07.21 15:50:51 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008.07.21 15:50:47 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008.07.21 06:56:47 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008.07.21 06:56:03 | 000,290,888 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008.07.21 06:04:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008.07.21 06:01:14 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007.06.07 06:48:34 | 000,034,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\OxUSBTIMOUT.sys
[2001.11.14 11:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
 
========== LOP Check ==========
 
[2011.02.23 15:11:41 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2011.06.13 18:18:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular
[2010.01.27 11:14:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON
[2009.04.17 21:30:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC-Doctor
[2010.01.27 12:55:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCDr
[2011.09.06 00:12:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VeriFace
[2011.05.18 11:04:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Vodafone
[2010.02.09 12:03:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\.purple
[2009.04.17 22:15:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Bytemobile
[2011.09.13 22:33:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\DVDVideoSoft
[2011.08.28 18:54:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\DVDVideoSoftIEHelpers
[2011.06.13 18:18:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\elsterformular
[2011.08.27 14:15:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\FileZilla
[2011.09.06 09:23:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\GetRightToGo
[2010.02.03 11:49:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\gtk-2.0
[2010.01.23 15:15:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\OpenOffice.org
[2011.09.21 11:25:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Opera
[2010.07.29 19:33:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\QIP
[2010.03.16 08:31:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\SmartDraw
[2011.07.24 14:54:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Tavultesoft
[2011.03.17 21:11:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Telefónica
[2009.04.22 11:47:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Vodafone
[2011.12.03 20:28:52 | 000,000,466 | ---- | M] () -- C:\WINDOWS\Tasks\SDMsgUpdate (TE).job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< OTL logfile created on: 03.12.2011 20:50:09 - Run 2 >
 
< OTL by OldTimer - Version 3.2.31.0    Folder = C:\Dokumente und Einstellungen\****\Desktop >
 
< Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation >
 
< Internet Explorer (Version = 7.0.5730.13) >
 
< Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy >
 
<  >
 
< 1014,36 Mb Total Physical Memory | 571,82 Mb Available Physical Memory | 56,37% Memory free >
 
< 2,38 Gb Paging File | 1,97 Gb Available in Paging File | 82,65% Paging File free >
 
< Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] >
 
<  >
 
< %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme >
 
< Drive C: | 19,62 Gb Total Space | 3,44 Gb Free Space | 17,52% Space Free | Partition Type: NTFS >
 
< Drive D: | 97,66 Gb Total Space | 74,39 Gb Free Space | 76,17% Space Free | Partition Type: NTFS >
 
< Drive E: | 11,95 Gb Total Space | 11,18 Gb Free Space | 93,55% Space Free | Partition Type: NTFS >
 
< Drive Z: | 15,76 Gb Total Space | 15,67 Gb Free Space | 99,47% Space Free | Partition Type: NTFS >
 
<  >
 
< Computer Name: NETBOOK | User Name: **** | Logged in as Administrator. >
 
< Boot Mode: Normal | Scan Mode: Current user | Quick Scan >
 
< Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days >
 
<  >
 
< ========== Processes (SafeList) ========== >
Invalid Switch: color]

 
<  >
 
< PRC - C:\Dokumente und Einstellungen\****\Desktop\OTL.exe (OldTimer Tools) >
 
< PRC - D:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) >
 
< PRC - D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) >
 
< PRC - D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) >
 
< PRC - D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) >
 
< PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) >
 
< PRC - c:\Programme\Lenovo\System Update\SUService.exe (Lenovo Group Limited) >
 
< PRC - C:\Programme\Lenovo\VeriFaceIII\PManage.exe () >
 
< PRC - C:\Programme\Lenovo\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.) >
 
< PRC - C:\QSTART.SYS\config\DVMExportService.exe (DeviceVM) >
 
< PRC - C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) >
 
< PRC - C:\Programme\Packard Bell\Packard Bell Software Suite\Launcher.exe (Packard Bell BV) >
 
< PRC - C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited) >
 
< PRC - C:\Programme\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe (Packard Bell Services) >
 
< PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) >
 
< PRC - C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited) >
 
< PRC - C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited) >
 
< PRC - C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) >
 
< PRC - C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited) >
 
<  >
 
<  >
 
< ========== Modules (No Company Name) ========== >
Invalid Switch: color]

 
<  >
 
< MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll () >
 
< MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll () >
 
< MOD - D:\Programme\Avira\AntiVir Desktop\sqlite3.dll () >
 
< MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll () >
 
< MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll () >
 
< MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll () >
 
< MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU () >
 
< MOD - C:\WINDOWS\system32\IcnOvrly.dll () >
 
< MOD - C:\Programme\Lenovo\VeriFaceIII\PManage.exe () >
 
< MOD - C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll () >
 
< MOD - C:\Program Files\Lenovo\Energy Management\KbdHook.dll () >
 
< MOD - C:\Program Files\Lenovo\Energy Management\HookLib.dll () >
 
<  >
 
<  >
 
< ========== Win32 Services (SafeList) ========== >
Invalid Switch: color]

 
<  >
 
< SRV - (HidServ) --  File not found >
 
< SRV - (AppMgmt) --  File not found >
 
< SRV - (AntiVirSchedulerService) -- D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) >
 
< SRV - (AntiVirService) -- D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) >
 
< SRV - (SUService) -- c:\Programme\Lenovo\System Update\SUService.exe (Lenovo Group Limited) >
 
< SRV - (btwdins) -- C:\Programme\Lenovo\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.) >
 
< SRV - (DvmMDES) -- C:\QSTART.SYS\config\DVMExportService.exe (DeviceVM) >
 
< SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) >
 
< SRV - (Service1) -- C:\Programme\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe (Packard Bell Services) >
 
< SRV - (TVT Scheduler) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited) >
 
< SRV - (BcmSqlStartupSvc) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) >
 
< SRV - (ThinkVantage Registry Monitor Service) -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited) >
 
< SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) >
 
<  >
 
<  >
 
< ========== Driver Services (SafeList) ========== >
Invalid Switch: color]

 
<  >
 
< DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) >
 
< DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) >
 
< DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH) >
 
< DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) >
 
< DRV - (epmntdrv) -- C:\WINDOWS\system32\epmntdrv.sys () >
 
< DRV - (EuGdiDrv) -- C:\WINDOWS\system32\EuGdiDrv.sys () >
 
< DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) >
 
< DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.) >
 
< DRV - (lnvomdm2) -- C:\WINDOWS\system32\drivers\lnvomdm2.sys (MCCI Corporation) >
 
< DRV - (lnvounic) Ericsson F3507g Mobile Broadband Minicard Network Adapter (WDM) -- C:\WINDOWS\system32\drivers\lnvounic.sys (MCCI Corporation) >
 
< DRV - (lnvomdm) -- C:\WINDOWS\system32\drivers\lnvomdm.sys (MCCI Corporation) >
 
< DRV - (lnvond5) Ericsson F3507g Mobile Broadband Minicard Network Adapter (NDIS) -- C:\WINDOWS\system32\drivers\lnvond5.sys (MCCI Corporation) >
 
< DRV - (lnvocard) -- C:\WINDOWS\system32\drivers\lnvocard.sys (MCCI Corporation) >
 
< DRV - (lnvobus) Ericsson F3507g Mobile Broadband Minicard Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\lnvobus.sys (MCCI Corporation) >
 
< DRV - (lnvomdfl2) -- C:\WINDOWS\system32\drivers\lnvomdfl2.sys (MCCI Corporation) >
 
< DRV - (lnvomdfl) -- C:\WINDOWS\system32\drivers\lnvomdfl.sys (MCCI Corporation) >
 
< DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.) >
 
< DRV - (lnvogps) -- C:\WINDOWS\system32\drivers\lnvogps.sys (Ericsson AB) >
 
< DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation) >
 
< DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative) >
 
< DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.) >
 
< DRV - (RSUSBSTOR) -- C:\WINDOWS\system32\drivers\RTS5121.sys (Realtek Semiconductor Corp.) >
 
< DRV - (Sony_EricssonWWSC) -- C:\WINDOWS\system32\drivers\lnvoscard.sys (Sony Ericsson) >
 
< DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation) >
 
< DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.) >
 
< DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.) >
 
< DRV - (btwmodem) -- C:\WINDOWS\system32\drivers\btwmodem.sys (Broadcom Corporation.) >
 
< DRV - (ACPIVPC) -- C:\WINDOWS\system32\drivers\AcpiVpc.sys (Lenovo Corporation) >
 
< DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.) >
 
< DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.) >
 
<  >
 
<  >
 
< ========== Standard Registry (SafeList) ========== >
Invalid Switch: color]

 
<  >
 
<  >
 
< ========== Internet Explorer ========== >
Invalid Switch: color]

 
<  >
 
< IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.live.com >
Invalid Switch: lenovo.live.com

 
<  >
 
< IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 >
 
< IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data] >
Invalid Switch: thinkpad [binary data]

 
< IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ >
Invalid Switch:

 
< IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 >
 
<  >
 
< ========== FireFox ========== >
Invalid Switch: color]

 
<  >
 
< FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search" >
 
< FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}" >
 
< FF - prefs.js..browser.search.useDBForOrder: true >
 
< FF - prefs.js..browser.startup.homepage: "web.de" >
 
< FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 >
 
< FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 >
 
< FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 >
 
< FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 >
 
< FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 >
 
<  >
 
< FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () >
Invalid Switch: FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

 
< FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) >
Invalid Switch: DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)

 
< FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) >
Invalid Switch: DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)

 
< FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) >
Invalid Switch: JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

 
< FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) >
Invalid Switch: WLPG,version=14.0.8117.0416: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

 
< FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) >
Invalid Switch: WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

 
< FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: D:\Programme\VideoLAN\VLC\npvlc.dll File not found >
Invalid Switch: vlc,version=1.1.11: D:\Programme\VideoLAN\VLC\npvlc.dll File not found

 
< FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) >
 
<  >
 
< FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.11.29 08:19:56 | 000,000,000 | ---D | M] >
 
< FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.09.22 10:02:37 | 000,000,000 | ---D | M] >
 
<  >
 
< [2010.01.20 15:37:25 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Extensions >
 
< [2011.11.25 15:21:10 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\2x940mzi.default\extensions >
 
< [2011.05.17 18:30:24 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\2x940mzi.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} >
 
< [2011.11.25 15:21:10 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\2x940mzi.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} >
 
< [2011.11.29 20:51:51 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions >
 
< [2011.10.23 09:21:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} >
 
< [2011.11.29 08:19:55 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll >
 
< [2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll >
 
< [2011.10.03 09:55:13 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml >
 
< [2011.10.03 09:55:13 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml >
 
< [2011.10.03 09:55:13 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml >
 
< [2011.10.03 09:55:13 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml >
 
< [2011.10.03 09:55:13 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml >
 
< [2011.10.03 09:55:13 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml >
 
<  >
 
< O1 HOSTS File: ([2010.05.19 14:43:27 | 000,395,378 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts >
 
< O1 - Hosts: 127.0.0.1      localhost >
 
< O1 - Hosts: 127.0.0.1        www.007guard.com >
 
< O1 - Hosts: 127.0.0.1        007guard.com >
 
< O1 - Hosts: 127.0.0.1        008i.com >
 
< O1 - Hosts: 127.0.0.1        www.008k.com >
 
< O1 - Hosts: 127.0.0.1        008k.com >
 
< O1 - Hosts: 127.0.0.1        www.00hq.com >
 
< O1 - Hosts: 127.0.0.1        00hq.com >
 
< O1 - Hosts: 127.0.0.1        010402.com >
 
< O1 - Hosts: 127.0.0.1        www.032439.com >
 
< O1 - Hosts: 127.0.0.1        032439.com >
 
< O1 - Hosts: 127.0.0.1        www.0scan.com >
 
< O1 - Hosts: 127.0.0.1        0scan.com >
 
< O1 - Hosts: 127.0.0.1        1000gratisproben.com >
 
< O1 - Hosts: 127.0.0.1        www.1000gratisproben.com >
 
< O1 - Hosts: 127.0.0.1        1001namen.com >
 
< O1 - Hosts: 127.0.0.1        www.1001namen.com >
 
< O1 - Hosts: 127.0.0.1        100888290cs.com >
 
< O1 - Hosts: 127.0.0.1        www.100888290cs.com >
 
< O1 - Hosts: 127.0.0.1        www.100sexlinks.com >
 
< O1 - Hosts: 127.0.0.1        100sexlinks.com >
 
< O1 - Hosts: 127.0.0.1        10sek.com >
 
< O1 - Hosts: 127.0.0.1        www.10sek.com >
 
< O1 - Hosts: 127.0.0.1        www.1-2005-search.com >
 
< O1 - Hosts: 127.0.0.1        1-2005-search.com >
 
< O1 - Hosts: 13652 more lines... >
 
< O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) >
 
< O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. >
 
< O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) >
 
< O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found. >
 
< O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) >
 
< O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.) >
 
< O4 - HKLM..\Run: [Automatisch EPSON Stylus Photo R240 Series auf ****_LP] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE (SEIKO EPSON CORPORATION) >
 
< O4 - HKLM..\Run: [avgnt] D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) >
 
< O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) >
 
< O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited) >
 
< O4 - HKLM..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE (SEIKO EPSON CORPORATION) >
 
< O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) >
 
< O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited) >
 
< O4 - HKLM..\Run: [VeriFaceManager] C:\Programme\Lenovo\VeriFaceIII\PManage.exe () >
 
< O4 - HKCU..\Run: [Packard Bell Software Suite] C:\Programme\Packard Bell\Packard Bell Software Suite\Launcher.exe (Packard Bell BV) >
 
< O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 >
 
< O8 - Extra context menu item: Free YouTube Download - C:\Dokumente und Einstellungen\****\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () >
 
< O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\****\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () >
 
< O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () >
 
< O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () >
 
< O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () >
 
< O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () >
 
< O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) >
Invalid Switch: jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

 
< O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) >
Invalid Switch: jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

 
< O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) >
Invalid Switch: jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

 
< O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.10.96.44 217.10.96.65 >
 
< O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DA68C3EC-DC3F-4FF7-9105-ABE1A3E7C8AA}: DhcpNameServer = 217.10.96.44 217.10.96.65 >
 
< O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) >
 
< O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) >
 
< O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) >
 
< O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) >
 
< O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) >
 
< O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) >
Invalid Switch: xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

 
< O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) >
 
< O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) >
 
< O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home >
 
< O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp >
 
< O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp >
 
< O32 - HKLM CDRom: AutoRun - 1 >
 
< O32 - AutoRun File - [2008.07.21 06:02:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] >
 
< O33 - MountPoints2\{3dcbd1fb-61c4-11df-9282-00242cf9e5c1}\Shell - "" = AutoRun >
 
< O33 - MountPoints2\{3dcbd1fb-61c4-11df-9282-00242cf9e5c1}\Shell\AutoRun - "" = Auto&Play >
 
< O33 - MountPoints2\{3dcbd1fb-61c4-11df-9282-00242cf9e5c1}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a >
 
< O34 - HKLM BootExecute: (autocheck autochk *) >
 
< O35 - HKLM\..comfile [open] -- "%1" %* >
 
< O35 - HKLM\..exefile [open] -- "%1" %* >
 
< O37 - HKLM\...com [@ = comfile] -- "%1" %* >
 
< O37 - HKLM\...exe [@ = exefile] -- "%1" %* >
 
<  >
 
< ========== Files/Folders - Created Within 30 Days ========== >
Invalid Switch: color]

 
<  >
 
< [2011.12.03 20:47:36 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\****\Desktop\OTL.exe >
 
< [2011.12.03 19:02:20 | 000,000,000 | -H-D | C] -- C:\dvmexp >
 
< [2011.12.01 15:08:23 | 000,000,000 | ---D | C] -- D:\Downloads >
 
< [2011.11.05 22:57:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Skype >
 
< [2011.11.05 22:57:35 | 000,000,000 | R--D | C] -- C:\Programme\Skype >
 
< [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] >
 
<  >
 
< ========== Files - Modified Within 30 Days ========== >
Invalid Switch: color]

 
<  >
 
< [2011.12.03 20:47:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\****\Desktop\OTL.exe >
 
< [2011.12.03 20:46:11 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\****\defogger_reenable >
 
< [2011.12.03 20:45:52 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\Defogger.exe >
 
< [2011.12.03 20:28:52 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job >
 
< [2011.12.03 19:01:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat >
 
< [2011.12.03 19:01:46 | 1063,702,528 | -HS- | M] () -- C:\hiberfil.sys >
 
< [2011.11.30 21:59:49 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl >
 
< [2011.11.22 16:47:14 | 000,032,396 | ---- | M] () -- D:\Adressbuch-Sicherung.csv >
 
< [2011.11.16 19:27:02 | 000,521,956 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat >
 
< [2011.11.16 19:27:02 | 000,492,870 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat >
 
< [2011.11.16 19:27:02 | 000,110,932 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat >
 
< [2011.11.16 19:27:02 | 000,091,368 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat >
 
< [2011.11.13 21:26:36 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK >
 
< [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] >
 
<  >
 
< ========== Files Created - No Company Name ========== >
Invalid Switch: color]

 
<  >
 
< [2011.12.03 20:46:11 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\****\defogger_reenable >
 
< [2011.12.03 20:45:49 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\Defogger.exe >
 
< [2011.11.22 16:47:13 | 000,032,396 | ---- | C] () -- D:\Adressbuch-Sicherung.csv >
 
< [2011.08.16 11:07:40 | 000,003,584 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini >
 
< [2010.06.17 19:41:33 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db >
 
< [2010.06.06 19:46:45 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat >
 
< [2010.02.01 14:22:20 | 001,692,288 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe >
 
< [2010.02.01 14:22:20 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll >
 
< [2010.02.01 14:22:19 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe >
 
< [2010.02.01 14:22:19 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys >
 
< [2010.02.01 14:22:19 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys >
 
< [2010.01.20 18:27:41 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat >
 
< [2010.01.20 15:37:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat >
 
< [2010.01.20 14:29:44 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat >
 
< [2009.04.17 22:15:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini >
 
< [2009.04.17 21:35:39 | 000,148,792 | ---- | C] () -- C:\WINDOWS\desktopset.exe >
 
< [2009.04.17 21:31:37 | 009,338,880 | ---- | C] () -- C:\WINDOWS\System32\Facev.dll >
 
< [2009.04.17 21:31:37 | 000,495,616 | ---- | C] () -- C:\WINDOWS\System32\picn.dll >
 
< [2009.04.17 21:31:37 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\image.dll >
 
< [2009.04.17 21:31:37 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\FunFrm.dll >
 
< [2009.04.17 21:31:36 | 000,655,360 | ---- | C] () -- C:\WINDOWS\System32\EncIcons.dll >
 
< [2009.04.17 21:31:36 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\SimpleExt.dll >
 
< [2009.04.17 21:31:36 | 000,241,752 | ---- | C] () -- C:\WINDOWS\System32\IcnOvrly.dll >
 
< [2009.04.17 21:31:35 | 009,502,720 | ---- | C] () -- C:\WINDOWS\System32\FaceVerify.dll >
 
< [2009.04.17 21:31:35 | 001,564,672 | ---- | C] () -- C:\WINDOWS\System32\MainOp.dll >
 
< [2009.04.17 21:31:35 | 001,167,360 | ---- | C] () -- C:\WINDOWS\System32\PicNotify.dll >
 
< [2009.04.17 21:31:35 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\SetDev.dll >
 
< [2009.04.17 21:31:35 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\VideoOp.dll >
 
< [2009.04.17 21:31:35 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Momo.dll >
 
< [2009.04.17 21:31:35 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\DevFilt.dll >
 
< [2009.04.17 21:31:34 | 001,974,272 | ---- | C] () -- C:\WINDOWS\System32\Imagereog.dll >
 
< [2009.04.17 21:31:34 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\Apblend.dll >
 
< [2009.04.17 21:31:32 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\3DImageRenderer.dll >
 
< [2009.04.17 21:25:39 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll >
 
< [2009.04.17 21:24:06 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat >
 
< [2009.04.17 21:18:51 | 000,000,138 | ---- | C] () -- C:\WINDOWS\System32\Softkbd.exe.config >
 
< [2009.01.16 16:55:38 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll >
 
< [2008.12.01 17:32:30 | 000,012,240 | ---- | C] () -- C:\WINDOWS\System32\dvmio.sys >
 
< [2008.07.21 16:38:00 | 000,002,963 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI >
 
< [2008.07.21 15:51:20 | 000,521,956 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat >
 
< [2008.07.21 15:51:20 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat >
 
< [2008.07.21 15:51:20 | 000,110,932 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat >
 
< [2008.07.21 15:51:20 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat >
 
< [2008.07.21 15:51:07 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat >
 
< [2008.07.21 15:51:05 | 000,492,870 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat >
 
< [2008.07.21 15:51:05 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat >
 
< [2008.07.21 15:51:05 | 000,091,368 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat >
 
< [2008.07.21 15:51:05 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat >
 
< [2008.07.21 15:51:04 | 000,004,547 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat >
 
< [2008.07.21 15:51:03 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin >
 
< [2008.07.21 15:51:02 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat >
 
< [2008.07.21 15:50:58 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat >
 
< [2008.07.21 15:50:58 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin >
 
< [2008.07.21 15:50:51 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat >
 
< [2008.07.21 15:50:47 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin >
 
< [2008.07.21 06:56:47 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI >
 
< [2008.07.21 06:56:03 | 000,290,888 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT >
 
< [2008.07.21 06:04:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat >
 
< [2008.07.21 06:01:14 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat >
 
< [2007.06.07 06:48:34 | 000,034,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\OxUSBTIMOUT.sys >
 
< [2001.11.14 11:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll >
 
<  >
 
< ========== LOP Check ========== >
Invalid Switch: color]

 
<  >
 
< [2011.02.23 15:11:41 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ >
 
< [2011.06.13 18:18:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular >
 
< [2010.01.27 11:14:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON >
 
< [2009.04.17 21:30:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC-Doctor >
 
< [2010.01.27 12:55:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCDr >
 
< [2011.09.06 00:12:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VeriFace >
 
< [2011.05.18 11:04:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Vodafone >
 
< [2010.02.09 12:03:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\.purple >
 
< [2009.04.17 22:15:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Bytemobile >
 
< [2011.09.13 22:33:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\DVDVideoSoft >
 
< [2011.08.28 18:54:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\DVDVideoSoftIEHelpers >
 
< [2011.06.13 18:18:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\elsterformular >
 
< [2011.08.27 14:15:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\FileZilla >
 
< [2011.09.06 09:23:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\GetRightToGo >
 
< [2010.02.03 11:49:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\gtk-2.0 >
 
< [2010.01.23 15:15:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\OpenOffice.org >
 
< [2011.09.21 11:25:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Opera >
 
< [2010.07.29 19:33:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\QIP >
 
< [2010.03.16 08:31:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\SmartDraw >
 
< [2011.07.24 14:54:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Tavultesoft >
 
< [2011.03.17 21:11:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Telefónica >
 
< [2009.04.22 11:47:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Vodafone >
 
< [2011.12.03 20:28:52 | 000,000,466 | ---- | M] () -- C:\WINDOWS\Tasks\SDMsgUpdate (TE).job >
 
<  >
 
< ========== Purity Check ========== >
Invalid Switch: color]

 
<  >
 
<  >
 
<  >
 
< < End of report >

--- --- ---
>

< End of report >
[/CODE]

onkel_2000 04.12.2011 14:56
ok hat sich erledigt...


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:56 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131