| unwissende00 | 27.01.2012 22:04 |
Ich mach echt alles...
OTL Code:
OTL logfile created on: 27.01.2012 21:37:14 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Dokumente und Einstellungen\Sarah\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,49 Gb Total Physical Memory | 0,73 Gb Available Physical Memory | 49,19% Memory free
2,83 Gb Paging File | 2,12 Gb Available in Paging File | 74,71% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 103,89 Gb Total Space | 81,11 Gb Free Space | 78,07% Space Free | Partition Type: FAT32
Drive D: | 30,38 Gb Total Space | 29,40 Gb Free Space | 96,77% Space Free | Partition Type: NTFS
Computer Name: IDEAPAD-S12 | User Name: Sarah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.01.27 21:28:10 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sarah\Desktop\OTL.exe
PRC - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.12.24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.06.15 15:16:48 | 000,997,920 | -H-- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2011.04.27 15:39:26 | 000,228,520 | -H-- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\MpCmdRun.exe
PRC - [2011.04.27 15:39:26 | 000,011,736 | -H-- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011.04.08 12:59:52 | 000,254,696 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2010.05.30 21:53:18 | 000,187,456 | -H-- | M] (DATA BECKER GmbH & Co KG) -- C:\Programme\Gemeinsame Dateien\DATA BECKER Shared\DBService.exe
PRC - [2010.03.03 01:20:00 | 000,132,456 | -H-- | M] (Lenovo.) -- C:\Programme\ThinkPad\Utilities\DOZESVC.EXE
PRC - [2010.03.03 01:20:00 | 000,053,248 | -H-- | M] () -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2009.06.12 10:55:48 | 000,028,672 | -H-- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\System Update\SUService.exe
PRC - [2009.03.26 10:20:40 | 000,315,392 | -H-- | M] (DeviceVM) -- C:\QSTART.SYS\config\DVMExportService.exe
PRC - [2009.02.11 04:13:52 | 000,532,480 | -H-- | M] (Vimicro) -- C:\Programme\USB Camera\VM331_STI.EXE
PRC - [2009.01.16 17:56:42 | 000,346,720 | -H-- | M] (Broadcom Corporation.) -- C:\Programme\Lenovo\Bluetooth Software\bin\btwdins.exe
PRC - [2009.01.04 12:57:28 | 004,462,464 | -H-- | M] (Lenovo(Beijing)Limited) -- C:\Program Files\Lenovo\Energy Management\utility.exe
PRC - [2008.12.26 10:05:46 | 001,277,952 | -H-- | M] (Lenovo (Beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\Energy Management.exe
PRC - [2008.09.27 11:00:24 | 000,430,080 | -H-- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
PRC - [2008.07.20 17:45:06 | 000,354,840 | -H-- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008.07.20 17:45:06 | 000,182,808 | -H-- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008.04.14 04:00:00 | 001,036,800 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.03.04 10:34:20 | 000,487,424 | -H-- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
PRC - [2008.03.04 10:34:12 | 001,122,304 | -H-- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
PRC - [2007.09.26 17:34:46 | 000,644,408 | -H-- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2006.07.13 13:33:14 | 000,053,248 | -H-- | M] (Lexmark International, Inc.) -- C:\Programme\Lexmark 1200 Series\lxczbmon.exe
PRC - [2006.07.13 13:26:10 | 000,057,344 | -H-- | M] (Lexmark International, Inc.) -- C:\Programme\Lexmark 1200 Series\lxczbmgr.exe
========== Modules (No Company Name) ==========
MOD - [2011.10.14 17:33:20 | 000,212,992 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2011.10.14 17:28:48 | 005,450,752 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011.10.14 17:28:16 | 007,950,848 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011.10.14 17:27:36 | 011,490,816 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2010.04.21 17:48:30 | 000,315,392 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.04.21 17:48:24 | 000,040,960 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll
MOD - [2010.03.03 01:20:00 | 000,053,248 | -H-- | M] () -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe
MOD - [2010.03.03 01:20:00 | 000,043,008 | -H-- | M] () -- C:\Programme\ThinkPad\Utilities\GR\PWRMGRRT.DLL
MOD - [2009.02.27 16:41:26 | 000,311,296 | -H-- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU
MOD - [2008.05.21 17:33:22 | 000,045,056 | -H-- | M] () -- C:\Program Files\Lenovo\Energy Management\KbdHook.dll
MOD - [2008.01.03 19:23:06 | 000,167,936 | -H-- | M] () -- C:\Program Files\Lenovo\OneKey App\System Repair\LenovoAPI.dll
MOD - [2007.08.21 13:32:44 | 000,098,304 | -H-- | M] () -- C:\WINDOWS\system32\redmonnt.dll
MOD - [2006.01.19 12:33:38 | 000,078,336 | -H-- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LXCZPP5C.DLL
MOD - [2005.06.24 03:05:02 | 000,045,056 | -H-- | M] () -- C:\Program Files\Lenovo\Energy Management\HookLib.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (gupdatem) Google Update-Dienst (gupdatem)
SRV - File not found [Auto | Stopped] -- -- (gupdate) Google Update Service (gupdate)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.04.27 15:39:26 | 000,011,736 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010.05.30 21:53:18 | 000,187,456 | -H-- | M] (DATA BECKER GmbH & Co KG) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\DATA BECKER Shared\DBService.exe -- (DBService)
SRV - [2010.03.03 01:20:00 | 000,132,456 | -H-- | M] (Lenovo.) [Auto | Running] -- C:\Programme\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc)
SRV - [2010.03.03 01:20:00 | 000,053,248 | -H-- | M] () [Auto | Running] -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2009.06.12 10:55:48 | 000,028,672 | -H-- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2009.03.26 10:20:40 | 000,315,392 | -H-- | M] (DeviceVM) [Auto | Running] -- C:\QSTART.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2009.01.16 17:56:42 | 000,346,720 | -H-- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\Lenovo\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2008.11.04 01:06:28 | 000,441,712 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008.09.27 11:00:24 | 000,430,080 | -H-- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe -- (System_Repair_UpdateMonitor)
SRV - [2008.07.20 17:45:06 | 000,354,840 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008.03.04 10:34:12 | 001,122,304 | -H-- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2007.09.26 17:34:46 | 000,644,408 | -H-- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2006.10.26 14:03:08 | 000,145,184 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
========== Driver Services (SafeList) ==========
DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010.03.03 01:20:00 | 000,024,304 | -H-- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\DozeHDD.sys -- (DozeHDD)
DRV - [2010.03.03 01:20:00 | 000,004,442 | -H-- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2010.02.24 12:22:10 | 000,185,472 | -H-- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2009.05.08 03:06:10 | 000,203,312 | -H-- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009.03.02 08:57:22 | 000,995,328 | -H-- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vm331avs.sys -- (vm331avs)
DRV - [2009.02.03 07:42:32 | 000,162,816 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009.01.07 23:19:00 | 000,991,784 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008.10.30 21:19:16 | 000,047,272 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008.09.10 19:14:48 | 001,386,624 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008.08.28 18:39:08 | 000,048,192 | -H-- | M] (Lenovo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tvtumon.sys -- (tvtumon)
DRV - [2008.07.24 10:37:12 | 000,156,816 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2008.05.30 04:46:14 | 000,534,568 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008.04.02 08:00:02 | 005,056,000 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.04.02 08:00:02 | 001,684,736 | -H-- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008.04.02 08:00:02 | 001,389,056 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2008.02.04 09:57:46 | 000,037,160 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2008.01.11 14:58:42 | 000,009,472 | -H-- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2008.01.10 10:59:08 | 000,081,192 | -H-- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WSVD.sys -- (WSVD)
DRV - [2007.09.17 13:00:12 | 000,161,792 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007.05.23 16:33:58 | 000,128,104 | -H-- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007.02.19 07:56:46 | 000,021,376 | -H-- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Programme\Google\Update\1.2.183.29\npGoogleOneClick8.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
O1 HOSTS File: ([2012.01.26 23:55:34 | 000,392,788 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 13564 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O2 - BHO: (no name) - {326E768D-4182-46FD-9C16-1449A49795F4} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - No CLSID value found.
O2 - BHO: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
O4 - HKLM..\Run: [331BigDog] C:\Programme\USB Camera\VM331_STI.EXE (Vimicro)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Lexmark 1200 Series] C:\Programme\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_93C8148BBB233F43.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Mit FRITZ!Box Anrufen - Reg Error: Value error. File not found
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: LENOVO - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - hxxp://www.lenovo.com File not found
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1271851683671 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{84753FCB-80EF-4817-88AB-33A577F161E8}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Sarah\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Sarah\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.07.03 00:42:14 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{833f6520-48ea-11dd-a2d1-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{833f6520-48ea-11dd-a2d1-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{833f6520-48ea-11dd-a2d1-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{8af4ed36-47d3-11e0-9aab-002100edc2b5}\Shell - "" = AutoRun
O33 - MountPoints2\{8af4ed36-47d3-11e0-9aab-002100edc2b5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8af4ed36-47d3-11e0-9aab-002100edc2b5}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.0
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0
CREATERESTOREPOINT
Error creating restore point.
========== Files/Folders - Created Within 30 Days ==========
[2012.01.27 21:28:00 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sarah\Desktop\OTL.exe
[2012.01.27 16:04:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Malwarebytes
[2012.01.27 16:03:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.01.27 16:03:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.01.27 16:03:42 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.01.27 16:03:42 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.01.27 15:42:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sarah\Desktop\hijack
[2012.01.27 15:41:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sarah\Startmenü\Programme\HiJackThis
[2012.01.27 15:41:10 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2012.01.27 07:08:40 | 000,000,000 | -HSD | C] -- C:\FOUND.014
[2012.01.27 00:39:29 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Sarah\Recent
[2012.01.26 21:45:53 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.01.26 09:45:26 | 000,000,000 | -HSD | C] -- C:\FOUND.013
[2012.01.24 21:24:47 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Sarah\.thumbnails
[2012.01.17 16:19:22 | 000,000,000 | -HSD | C] -- C:\FOUND.012
[2012.01.15 21:33:49 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Sarah\Desktop\HOCHZEIT
[2012.01.11 10:46:48 | 000,000,000 | -HSD | C] -- C:\FOUND.011
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.01.27 21:56:02 | 000,000,382 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012.01.27 21:36:22 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\tjc3ltwv.exe
[2012.01.27 21:34:54 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.01.27 21:30:18 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2012.01.27 21:29:02 | 000,001,088 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.27 21:28:10 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sarah\Desktop\OTL.exe
[2012.01.27 21:27:38 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Sarah\defogger_reenable
[2012.01.27 21:26:12 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\Defogger.exe
[2012.01.27 21:20:44 | 000,000,056 | -HS- | M] () -- C:\_PartitionInfo
[2012.01.27 21:20:04 | 000,001,084 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.27 21:19:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.01.27 16:03:58 | 000,000,660 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.01.26 22:07:30 | 000,001,434 | ---- | M] () -- C:\WINDOWS\System32\drivers\slkjsdth.dat
[2012.01.26 09:46:08 | 003,610,120 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.01.22 11:45:22 | 000,036,877 | -H-- | M] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\Bild 049.jpg
[2012.01.08 08:01:22 | 000,535,426 | -H-- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.01.08 08:01:22 | 000,483,380 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.01.08 08:01:22 | 000,115,726 | -H-- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.01.08 08:01:22 | 000,087,090 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.01.27 21:36:06 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\tjc3ltwv.exe
[2012.01.27 21:27:36 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Sarah\defogger_reenable
[2012.01.27 21:26:16 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\Defogger.exe
[2012.01.27 16:03:56 | 000,000,660 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.01.27 00:57:30 | 000,000,177 | -H-- | C] () -- C:\dvmexp.idx
[2012.01.26 22:07:28 | 000,001,434 | ---- | C] () -- C:\WINDOWS\System32\drivers\slkjsdth.dat
[2012.01.22 11:45:20 | 000,036,877 | -H-- | C] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\Bild 049.jpg
[2011.04.11 21:17:31 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011.03.06 15:14:49 | 000,027,648 | -H-- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010.11.27 17:20:12 | 000,098,304 | -H-- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2010.08.15 16:50:41 | 000,014,336 | -H-- | C] () -- C:\Dokumente und Einstellungen\Sarah\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.05 11:15:29 | 000,000,076 | -H-- | C] () -- C:\WINDOWS\dellstat.ini
[2010.07.05 11:13:51 | 000,000,393 | -H-- | C] () -- C:\WINDOWS\lexstat.ini
[2010.07.05 11:12:07 | 000,155,648 | -H-- | C] () -- C:\WINDOWS\System32\LEXPING.EXE
[2010.07.05 11:12:07 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\lxczvs.dll
[2010.07.05 11:12:07 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\INSTMON.EXE
[2010.07.05 11:10:46 | 000,000,270 | -H-- | C] () -- C:\WINDOWS\System32\lxczcoin.ini
[2010.06.09 14:53:24 | 001,126,560 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2010.04.23 04:31:02 | 000,065,308 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010.04.21 15:36:44 | 000,196,608 | -H-- | C] () -- C:\WINDOWS\PWMBTHLP.EXE
[2010.04.21 15:36:43 | 000,004,442 | -H-- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2010.04.21 13:13:32 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2009.06.21 21:52:10 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2009.06.21 17:03:16 | 000,036,864 | -H-- | C] () -- C:\WINDOWS\setbt.exe
[2009.06.21 16:20:14 | 009,338,880 | -H-- | C] () -- C:\WINDOWS\System32\Facev.dll
[2009.06.21 16:20:14 | 000,495,616 | -H-- | C] () -- C:\WINDOWS\System32\picn.dll
[2009.06.21 16:20:14 | 000,208,896 | -H-- | C] () -- C:\WINDOWS\System32\image.dll
[2009.06.21 16:20:13 | 001,564,672 | -H-- | C] () -- C:\WINDOWS\System32\MainOp.dll
[2009.06.21 16:20:13 | 000,655,360 | -H-- | C] () -- C:\WINDOWS\System32\EncIcons.dll
[2009.06.21 16:20:13 | 000,507,904 | -H-- | C] () -- C:\WINDOWS\System32\SimpleExt.dll
[2009.06.21 16:20:13 | 000,241,752 | -H-- | C] () -- C:\WINDOWS\System32\IcnOvrly.dll
[2009.06.21 16:20:13 | 000,221,184 | -H-- | C] () -- C:\WINDOWS\System32\SetDev.dll
[2009.06.21 16:20:13 | 000,126,976 | -H-- | C] () -- C:\WINDOWS\System32\VideoOp.dll
[2009.06.21 16:20:13 | 000,053,248 | -H-- | C] () -- C:\WINDOWS\System32\FunFrm.dll
[2009.06.21 16:20:12 | 009,502,720 | -H-- | C] () -- C:\WINDOWS\System32\FaceVerify.dll
[2009.06.21 16:20:12 | 001,974,272 | -H-- | C] () -- C:\WINDOWS\System32\Imagereog.dll
[2009.06.21 16:20:12 | 001,167,360 | -H-- | C] () -- C:\WINDOWS\System32\PicNotify.dll
[2009.06.21 16:20:12 | 000,974,848 | -H-- | C] () -- C:\WINDOWS\System32\Apblend.dll
[2009.06.21 16:20:12 | 000,094,208 | -H-- | C] () -- C:\WINDOWS\System32\Momo.dll
[2009.06.21 16:20:12 | 000,049,152 | -H-- | C] () -- C:\WINDOWS\System32\DevFilt.dll
[2009.06.21 16:20:10 | 000,241,664 | -H-- | C] () -- C:\WINDOWS\System32\3DImageRenderer.dll
[2009.06.21 15:57:32 | 000,001,282 | -H-- | C] () -- C:\WINDOWS\vm331Rmv.ini
[2009.06.21 15:46:32 | 000,147,456 | -H-- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009.01.16 17:55:38 | 002,854,976 | -H-- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008.11.07 18:08:20 | 000,362,029 | -H-- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2008.07.21 18:30:37 | 000,001,650 | -H-- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008.07.03 01:34:14 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008.07.03 01:33:08 | 003,610,120 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008.07.03 00:44:15 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008.07.03 00:39:50 | 000,021,740 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008.05.26 22:23:36 | 000,016,834 | -H-- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008.05.26 22:23:34 | 000,024,188 | -H-- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008.05.26 22:23:32 | 000,016,568 | -H-- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008.05.26 21:59:42 | 000,018,904 | -H-- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008.05.26 21:59:40 | 000,106,605 | -H-- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008.04.14 04:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008.04.14 04:00:00 | 000,535,426 | -H-- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2008.04.14 04:00:00 | 000,483,380 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008.04.14 04:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008.04.14 04:00:00 | 000,269,480 | -H-- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2008.04.14 04:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008.04.14 04:00:00 | 000,115,726 | -H-- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2008.04.14 04:00:00 | 000,087,090 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008.04.14 04:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2008.04.14 04:00:00 | 000,034,478 | -H-- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2008.04.14 04:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008.04.14 04:00:00 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008.04.14 04:00:00 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008.04.14 04:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2001.11.14 12:56:00 | 001,802,240 | -H-- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001.10.09 23:36:22 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.10.09 23:35:30 | 000,004,492 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
========== LOP Check ==========
[2010.04.21 15:29:54 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCDr
[2010.04.22 00:32:52 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Azureus
[2010.04.22 01:09:50 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Laplink
[2010.04.22 01:10:10 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spearit
[2010.04.23 10:46:18 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2010.04.29 09:30:22 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.05.30 21:53:16 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DATA BECKER Downloads
[2010.06.12 13:30:14 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010.06.12 13:30:22 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2010.08.27 12:07:56 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MySQL
[2011.01.19 21:07:16 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular
[2011.12.24 08:17:10 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RavensburgerTipToi
[2010.04.21 14:48:02 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Windows Desktop Search
[2010.04.21 15:01:48 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Windows Search
[2010.04.22 01:10:10 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Spearit
[2010.05.30 21:52:40 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\ProtectDisc
[2010.05.31 07:56:12 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\mresreg
[2010.06.01 21:41:38 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\VSO
[2010.06.10 13:50:04 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\SmartTools
[2010.06.12 13:30:48 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\TuneUp Software
[2010.08.21 08:25:08 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\OCS
[2011.12.24 08:17:10 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\RavensburgerTipToi
[2012.01.27 21:56:02 | 000,000,382 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job
[2011.08.05 20:26:04 | 000,000,300 | -H-- | M] () -- C:\WINDOWS\Tasks\PMTask.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2010.10.16 11:56:58 | 000,000,000 | -H-D | M] -- C:\dvmexp
[2008.07.03 00:45:22 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen
[2008.07.03 01:34:44 | 000,000,000 | -H-D | M] -- C:\DRIVER
[2008.07.03 00:45:30 | 000,000,000 | RH-D | M] -- C:\Programme
[2008.07.03 02:32:20 | 000,000,000 | -H-D | M] -- C:\UPDATE
[2008.07.03 01:08:54 | 000,000,000 | -H-D | M] -- C:\WINDOWS
[2010.10.22 07:14:22 | 000,000,000 | -HSD | M] -- C:\FOUND.000
[2009.06.21 15:43:08 | 000,000,000 | -H-D | M] -- C:\Intel
[2011.03.22 12:22:54 | 000,000,000 | -HSD | M] -- C:\FOUND.004
[2010.11.25 16:41:14 | 000,000,000 | -HSD | M] -- C:\FOUND.002
[2011.04.11 13:08:24 | 000,000,000 | -HSD | M] -- C:\FOUND.003
[2011.01.18 20:38:02 | 000,000,000 | -HSD | M] -- C:\FOUND.001
[2011.09.06 23:00:00 | 000,000,000 | -HSD | M] -- C:\FOUND.006
[2011.09.13 06:50:04 | 000,000,000 | -HSD | M] -- C:\FOUND.007
[2010.07.05 11:09:32 | 000,000,000 | -H-D | M] -- C:\Lexmark
[2011.05.12 14:24:44 | 000,000,000 | -HSD | M] -- C:\FOUND.005
[2011.10.12 19:27:48 | 000,000,000 | -HSD | M] -- C:\FOUND.008
[2011.11.11 15:59:02 | 000,000,000 | -HSD | M] -- C:\FOUND.009
[2011.12.12 19:18:04 | 000,000,000 | -HSD | M] -- C:\FOUND.010
[2012.01.11 10:46:48 | 000,000,000 | -HSD | M] -- C:\FOUND.011
[2012.01.17 16:19:22 | 000,000,000 | -HSD | M] -- C:\FOUND.012
[2012.01.26 09:45:26 | 000,000,000 | -HSD | M] -- C:\FOUND.013
[2012.01.27 07:08:40 | 000,000,000 | -HSD | M] -- C:\FOUND.014
[2009.06.21 16:19:08 | 000,000,000 | -H-D | M] -- C:\QSTART.SYS
[2009.06.21 16:19:34 | 000,000,000 | -H-D | M] -- C:\QSTART.000
[2009.06.21 16:20:00 | 000,000,000 | -H-D | M] -- C:\temp
[2009.06.21 16:33:52 | 000,000,000 | -H-D | M] -- C:\Program Files
[2009.06.21 17:02:48 | 000,000,000 | -HSD | M] -- C:\Recycled
[2010.04.21 11:47:16 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.04.21 15:36:10 | 000,000,000 | -H-D | M] -- C:\DRIVERS
[2010.04.21 16:33:06 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2010.04.22 01:49:54 | 000,000,000 | -H-D | M] -- C:\PCmover
< %PROGRAMFILES%\*.exe >
Invalid Environment Variable: LOCALAPPDATA
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.manifest /3 >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< MD5 for: AFD.SYS >
[2011.08.17 15:49:54 | 000,138,496 | -H-- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\dllcache\afd.sys
[2011.08.17 15:49:54 | 000,138,496 | -H-- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\drivers\afd.sys
[2008.04.14 04:00:00 | 000,138,112 | -H-- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\$NtUninstallKB951748$\afd.sys
[2011.02.16 15:22:48 | 000,138,496 | -H-- | M] (Microsoft Corporation) MD5=355556D9E580915118CD7EF736653A89 -- C:\WINDOWS\$NtUninstallKB2592799$\afd.sys
[2008.10.16 17:07:58 | 000,138,496 | -H-- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys
[2008.08.14 12:34:26 | 000,138,496 | -H-- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
[2008.10.16 16:43:02 | 000,138,496 | -H-- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\$NtUninstallKB2503665$\afd.sys
[2008.08.14 12:04:36 | 000,138,496 | -H-- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$NtUninstallKB2509553$\afd.sys
[2011.02.16 15:25:06 | 000,138,496 | -H-- | M] (Microsoft Corporation) MD5=8D499B1276012EB907E7A9E0F4D8FDA4 -- C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys
[2008.06.20 13:48:04 | 000,138,496 | -H-- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
[2008.06.20 13:40:08 | 000,138,496 | -H-- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$NtUninstallKB956803$\afd.sys
[2011.08.17 15:41:46 | 000,138,496 | -H-- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys
< MD5 for: EXPLORER.EXE >
[2008.04.14 04:00:00 | 001,036,800 | -H-- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 04:00:00 | 001,036,800 | -H-- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\system32\dllcache\explorer.exe
< MD5 for: IPSEC.SYS >
[2008.04.14 04:00:00 | 000,075,264 | -H-- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\dllcache\ipsec.sys
[2008.04.14 04:00:00 | 000,075,264 | -H-- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\drivers\ipsec.sys
< MD5 for: REGEDIT.EXE >
[2008.04.14 04:00:00 | 000,153,600 | -H-- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\regedit.exe
[2008.04.14 04:00:00 | 000,153,600 | -H-- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\system32\dllcache\regedit.exe
< MD5 for: USERINIT.EXE >
[2008.04.14 04:00:00 | 000,026,624 | -H-- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 04:00:00 | 000,026,624 | -H-- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 04:00:00 | 000,513,024 | -H-- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 04:00:00 | 000,513,024 | -H-- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2011.11.23 15:40:14 | 001,859,712 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-01-12 11:52:28
< End of report >
EXTRAS Code:
OTL Extras logfile created on: 27.01.2012 21:37:14 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Dokumente und Einstellungen\Sarah\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,49 Gb Total Physical Memory | 0,73 Gb Available Physical Memory | 49,19% Memory free
2,83 Gb Paging File | 2,12 Gb Available in Paging File | 74,71% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 103,89 Gb Total Space | 81,11 Gb Free Space | 78,07% Space Free | Partition Type: FAT32
Drive D: | 30,38 Gb Total Space | 29,40 Gb Free Space | 96,77% Space Free | Partition Type: NTFS
Computer Name: IDEAPAD-S12 | User Name: Sarah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth
"C:\xampp\mysql\bin\mysqld.exe" = C:\xampp\mysql\bin\mysqld.exe:*:Enabled:The MySQL Server
"C:\xampp\apache\bin\httpd.exe" = C:\xampp\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server
"C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth
"C:\Dokumente und Einstellungen\Sarah\Desktop\AviConverterSetup.exe" = C:\Dokumente und Einstellungen\Sarah\Desktop\AviConverterSetup.exe:*:Enabled:InstallCore™
"C:\Dokumente und Einstellungen\Sarah\Eigene Dateien\Xampp\mysql\bin\mysqld.exe" = C:\Dokumente und Einstellungen\Sarah\Eigene Dateien\Xampp\mysql\bin\mysqld.exe:*:Enabled:mysqld
"C:\Dokumente und Einstellungen\Sarah\Eigene Dateien\Xampp\apache\bin\httpd.exe" = C:\Dokumente und Einstellungen\Sarah\Eigene Dateien\Xampp\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 26
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{357B11ED-5417-4CF3-8EB2-386299BC30E0}" = Lenovo Quick Start
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{49FC50FC-F965-40D9-89B4-CBFF80941031}" = Windows Movie Maker 2.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{717E0AD5-91EB-459F-AB8B-1B5219BAF7CE}" = Lenovo System Repair - Windows Update Monitor
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8991E763-21F5-4DEA-A938-5D9D77DCB488}" = Broadcom WLAN
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{909B62B0-8ACA-4061-A83B-09CAEF609619}" = MSXML 6.0 Parser
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Energie-Manager
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}" = Lenovo EasyCamera
"{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom Gigabit Integrated Controller
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"7-Zip" = 7-Zip 9.13 beta
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CCleaner" = CCleaner
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"Lexmark 1200 Series" = Lexmark 1200 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Ravensburger tiptoi" = Ravensburger tiptoi
"SmartToolsLockOutlookv2.00" = SmartTools Publishing • Outlook LockOutlook
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.9
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE)
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 24.01.2012 15:45:42 | Computer Name = IDEAPAD-S12 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
Modul mshtml.dll, Version 8.0.6001.19170, Fehleradresse 0x00067978.
Error - 25.01.2012 03:13:34 | Computer Name = IDEAPAD-S12 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P2 3.0.8402.0, P3 timeout, P4 1.1.8001.0, P5 fixed, P6 2 _ 2048, P7 5 _ not boot,
P8 NIL, P9 NIL, P10 NIL.
Error - 26.01.2012 17:52:30 | Computer Name = IDEAPAD-S12 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung sdupdate.exe, Version 1.6.0.12, fehlgeschlagenes
Modul kernel32.dll, Version 5.1.2600.5781, Fehleradresse 0x00012afb.
Error - 26.01.2012 17:53:09 | Computer Name = IDEAPAD-S12 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung sdupdate.exe, Version 1.6.0.12, fehlgeschlagenes
Modul kernel32.dll, Version 5.1.2600.5781, Fehleradresse 0x00012afb.
Error - 26.01.2012 17:53:42 | Computer Name = IDEAPAD-S12 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung sdupdate.exe, Version 1.6.0.12, fehlgeschlagenes
Modul kernel32.dll, Version 5.1.2600.5781, Fehleradresse 0x00012afb.
Error - 26.01.2012 17:54:14 | Computer Name = IDEAPAD-S12 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung sdupdate.exe, Version 1.6.0.12, fehlgeschlagenes
Modul kernel32.dll, Version 5.1.2600.5781, Fehleradresse 0x00012afb.
Error - 26.01.2012 19:31:00 | Computer Name = IDEAPAD-S12 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung SpybotSD.exe, Version 1.6.2.46, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 27.01.2012 11:04:07 | Computer Name = IDEAPAD-S12 | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 27.01.2012 11:04:07 | Computer Name = IDEAPAD-S12 | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 27.01.2012 16:36:54 | Computer Name = IDEAPAD-S12 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.31.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
[ OSession Events ]
Error - 28.12.2010 07:50:21 | Computer Name = IDEAPAD-S12 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2183
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 27.01.2012 16:20:38 | Computer Name = IDEAPAD-S12 | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
Error - 27.01.2012 16:21:19 | Computer Name = IDEAPAD-S12 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%3
Error - 27.01.2012 16:21:19 | Computer Name = IDEAPAD-S12 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
beendet: %%5
Error - 27.01.2012 16:23:37 | Computer Name = IDEAPAD-S12 | Source = DCOM | ID = 10010
Description = Der Server "{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 27.01.2012 16:34:56 | Computer Name = IDEAPAD-S12 | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
Error - 27.01.2012 16:34:56 | Computer Name = IDEAPAD-S12 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
beendet: %%5
Error - 27.01.2012 16:42:03 | Computer Name = IDEAPAD-S12 | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
Error - 27.01.2012 16:42:03 | Computer Name = IDEAPAD-S12 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
beendet: %%5
Error - 27.01.2012 16:53:47 | Computer Name = IDEAPAD-S12 | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
Error - 27.01.2012 16:53:48 | Computer Name = IDEAPAD-S12 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
beendet: %%5
< End of report >
GMER.log Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-01-27 22:12:40
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD16 rev.11.0
Running: tjc3ltwv.exe; Driver: C:\DOKUME~1\Sarah\LOKALE~1\Temp\uwrdrpow.sys
---- Kernel code sections - GMER 1.0.15 ----
.vmp2 C:\WINDOWS\system32\drivers\acedrv11.sys entry point in ".vmp2" section [0xA6EA769D]
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\SearchIndexer.exe[2992] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs tvtumon.sys (Windows Update Monitor Driver/Lenovo)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat tvtumon.sys (Windows Update Monitor Driver/Lenovo)
---- EOF - GMER 1.0.15 ----
CCleaner intall.txt Code:
7-Zip 9.13 beta
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 10.0.45.2
Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 11.0.1.152
Adobe Reader 9.5.0 - Deutsch Adobe Systems Incorporated 9.5.0
ALPS Touch Pad Driver
Bonjour Apple Inc. 2.0.4.0
Broadcom Gigabit Integrated Controller Broadcom Corporation 10.52.04
Broadcom WLAN Lenovo Electronics Inc. 5.10.38.14 Round2
CCleaner Piriform 2.30
Energy Management Lenovo 3.0.2.5
ESET Online Scanner v3
HiJackThis Trend Micro 1.0.0
Intel(R) Graphics Media Accelerator Driver
Intel(R) Matrix Storage Manager Intel Corporation
Java(TM) 6 Update 26 Oracle 6.0.260
Lenovo Bluetooth with Enhanced Data Rate Software Lenovo. 5.5.0.6100
Lenovo Care System Update Lenovo 3.14.0024
Lenovo EasyCamera Vimicro Corporation 1.9.0217.01
Lenovo OneKey Recovery CyberLink Corp. 6.0.2215
Lenovo Quick Start DeviceVM, Inc. 1.1.8.7
Lenovo System Repair - Windows Update Monitor Lenovo 1.3.0.2127
Lexmark 1200 Series
Malwarebytes Anti-Malware Version 1.60.0.1800 Malwarebytes Corporation 1.60.0.1800
Microsoft .NET Framework 2.0 Service Pack 2 Microsoft Corporation 2.2.30729
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU Microsoft Corporation 2.2.30729
Microsoft .NET Framework 3.0 Service Pack 2 Microsoft Corporation 3.2.30729
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU Microsoft Corporation 3.2.30729
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation
Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Corporation 1
Microsoft Office Enterprise 2007 Microsoft Corporation 12.0.6425.1000
Microsoft Office File Validation Add-In Microsoft Corporation 14.0.5130.5003
Microsoft Office Small Business Connectivity Components Microsoft Corporation 2.0.7024.0
Microsoft Security Essentials Microsoft Corporation 2.1.1116.0
Microsoft Silverlight Microsoft Corporation 4.0.60831.0
Microsoft SQL Server 2005 Microsoft Corporation
Microsoft SQL Server Native Client Microsoft Corporation 9.00.5000.00
Microsoft SQL Server VSS Writer Microsoft Corporation 9.00.5000.00
Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Corporation
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 8.0.61001
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 9.0.30729.6161
Microsoft-Basissmartcard-Kryptografiedienstanbieterpaket Microsoft Corporation
MSXML 6.0 Parser Microsoft Corporation 6.10.1129.0
Protect Disc License Helper 1.0.125 (IE) Protect Disc 1.0.125
ProtectDisc Driver, Version 11 ProtectDisc Software GmbH 11.0.0.14
QuickTime Apple Inc. 7.69.80.9
Ravensburger tiptoi
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 5.10.0.5817
Security Update for Windows Search 4 - KB963093 Microsoft Corporation
SmartTools Publishing • Outlook LockOutlook SmartTools Publishing v2.00
Spelling Dictionaries Support For Adobe Reader 9 Adobe Systems Incorporated 9.0.0
Spybot - Search & Destroy Safer Networking Limited 1.6.2
ThinkPad Energie-Manager 1.80
Uninstall 1.0.0.1
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) Microsoft Corporation 9.00.5000.00
USB2.0 Card Reader Software Realtek Semiconductor Corp. 6.0.6000.81
VLC media player 1.1.9 VideoLAN 1.1.9
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray Microsoft Corporation 1.0
Windows Genuine Advantage Validation Tool (KB892130) Microsoft Corporation
Windows Internet Explorer 8 Microsoft Corporation 20090308.140743
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0 Microsoft Corporation 04.00.6001.503
|
aswMBR.exe und speichere die Datei auf deinem Desktop.