Windows aus Sicherheitsgründen blockiert

sravy · 24.03.2012, 20:13

Hallo Freunde,

bin neu in Forum und habe folgendes Problem. Ich weiß dass das Problem hier mehrmals erwähnt ist und dass ich die OTL Logs hier anhängen soll. Die lade ich hoch. Ohne internet kann ich mich richtig anmelden und mit Internetverbindung bekomme ich dieses problem.. Mit Wlan kommt immer wieder der Fehler "Windows aus Sicherheitsgründen blockiert, bezahlen und runterladen" Ich habe mozilla benutzt und ausversehen auf ein link geklickt, was zu diese Virus geführt hat.

OTL Log ist Folgendes

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 24.03.2012 20:05:57 - Run 4
OTL by OldTimer - Version 3.2.39.2     Folder = E:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,49 Gb Total Physical Memory | 2,60 Gb Available Physical Memory | 74,58% Memory free
5,32 Gb Paging File | 4,46 Gb Available in Paging File | 83,70% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 40,00 Gb Total Space | 17,75 Gb Free Space | 44,38% Space Free | Partition Type: NTFS
Drive D: | 425,26 Gb Total Space | 294,34 Gb Free Space | 69,21% Space Free | Partition Type: NTFS
Drive E: | 988,00 Mb Total Space | 916,86 Mb Free Space | 92,80% Space Free | Partition Type: FAT
 
Computer Name: MC00019325 | User Name: Sravan Kumar Puppala | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - E:\OTL.exe (OldTimer Tools)
PRC - C:\Programme\TelevisionFanatic\bar\1.bin\64brmon.exe (VER_COMPANY_NAME)
PRC - C:\Programme\Connected\AGENTSRV.EXE (Connected Corporation)
PRC - C:\Programme\Connected\CBSysTray.exe (Connected Corporation)
PRC - C:\Programme\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.)
PRC - C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe (Lenovo Group Limited)
PRC - C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe ()
PRC - C:\Programme\ThinkPad\Utilities\SCHTASK.EXE (Lenovo Group Limited)
PRC - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated)
PRC - C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo )
PRC - C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
PRC - C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
PRC - C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )
PRC - C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )
PRC - C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
PRC - C:\Programme\Novell\ZENworks\bin\ZenworksWindowsService.exe (Novell, Inc.)
PRC - C:\Programme\Novell\ZENworks\bin\ZenUserDaemon.exe (Novell, Inc.)
PRC - C:\Programme\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Programme\Mobile Broadband drivers\WMCore\WMCore.exe (Ericsson AB)
PRC - C:\Programme\Novell\ZENworks\bin\TSUsage32.exe (Novell, Inc.)
PRC - C:\Programme\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Intel Corporation)
PRC - C:\Programme\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)
PRC - C:\Programme\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Programme\Lenovo\HOTKEY\tpnumlkd.exe (Lenovo Group Limited)
PRC - C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
PRC - C:\Programme\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Programme\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe (Microsoft Corporation)
PRC - C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\tpnumlk.exe (Lenovo Group Limited)
PRC - C:\Programme\Novell\CASA\bin\micasad.exe (Novell, Inc)
PRC - C:\Programme\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - C:\Programme\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
PRC - C:\Programme\Symantec\Symantec Endpoint Protection\SmcGui.exe (Symantec Corporation)
PRC - C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited)
PRC - C:\Programme\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Programme\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
PRC - C:\WINDOWS\system32\CCM\CcmExec.exe (Microsoft Corporation)
PRC - C:\Programme\PatchLink\Update Agent\GravitixService.exe (Novell, Inc.)
PRC - C:\Programme\PatchLink\Update Agent\pddm.exe (Novell, Inc.)
PRC - C:\Programme\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
PRC - C:\Programme\SAP\SapSetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe (SAP AG)
PRC - C:\Programme\SAP\SapSetup\setup\Updater\NwSapSetupUserNotificationTool.exe (SAP AG)
PRC - C:\Notes\nslsvice.exe (IBM Corp)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Lokale Einstellungen\Anwendungsdaten\Skype\SkypePM.exe (Microsoft Corporation)
PRC - C:\Programme\Novell\ZENworks\NalAgent.exe (Novell, Inc)
PRC - C:\Programme\Novell\ZENworks\WM.EXE (Novell, Inc.)
PRC - C:\WINDOWS\system32\novell\xtagent.exe (Novell, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Programme\Novell\ZENworks\WMRUNDLL.EXE (Novell, Inc.)
PRC - C:\Programme\Novell\ZENworks\NALNTSRV.EXE (Novell, Inc.)
PRC - C:\Programme\TechSmith\SnagIt 8\SnagIt32.exe (TechSmith Corporation)
PRC - C:\Programme\TechSmith\SnagIt 8\TscHelp.exe (TechSmith Corporation)
PRC - C:\Programme\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe (Novell, Inc.)
PRC - C:\Programme\UPHClean\uphclean.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\dpmw32.exe (Novell, Inc.)
PRC - C:\WINDOWS\system32\nwtray.exe (Novell, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\acc5ec6c04f1eff1029f88e339c98e47\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d4a5aced0ec83076368bad3f7277da5f\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\1cb3849720ed4eb09c75725675a3ef31\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\facce4c3f0327583278401d360310a99\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\1af095ac130f585527b60abd230b4558\System.DirectoryServices.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\142e2b633a002e749dbd9d697dbf3f4f\System.Security.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\64bf8d2f963138ede81700b9fd525547\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\569ae3c239c7270b687996583ca97c28\UIAutomationProvider.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\9cf4a4fdd044bf3f033ae4fa26bdd796\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\891e536eaeebb1c3ea4a2b199f3b739b\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\f3877aa44425b257edad57137c5a2e21\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\0aacf518f032079557bc36a2eef2ccea\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\c54577f8280781a7fdfab0768a5e57dc\System.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\448062bb843b945803db54b94a340c0c\PresentationFramework.Luna.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\666b3b77f2bdbd072b199abd2f15f5f1\PresentationFramework.Classic.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\c29d0fd0724449a5e2e64f36c968f268\PresentationCore.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\5aa5f52223edf2f53fe90b153108d450\WindowsBase.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\12637de2619ee65d57c529f6c786dce1\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll ()
MOD - C:\Programme\Adobe\Reader 9.0\Reader\ViewerPS.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Novell.Casa.Client.Auth\1.7.0.0__ed0eb71059ea593b\Novell.Casa.Client.Auth.dll ()
MOD - C:\Programme\ThinkPad\Utilities\DE-DE\PWMUIAux.resources.dll ()
MOD - C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe ()
MOD - C:\Programme\ThinkPad\Utilities\GR\PWRMGRRO.DLL ()
MOD - C:\Programme\ThinkPad\Utilities\GR\PWRMGRRT.DLL ()
MOD - C:\Programme\Synaptics\SynTP\SynTPEnhPS.dll ()
MOD - C:\Programme\ThinkPad\ConnectUtilities\ACSonyEricssonHlpr.dll ()
MOD - C:\Programme\ThinkPad\ConnectUtilities\AcWrpc.dll ()
MOD - C:\Programme\Novell\ZENworks\bin\XmlSerializers\zmd.XmlSerializers.dll ()
MOD - C:\Programme\Novell\ZENworks\bin\XmlSerializers\Localizer.XmlSerializers.dll ()
MOD - C:\Programme\Novell\ZENworks\bin\sqlite3.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\WinProxyUI_de.dll ()
MOD - C:\Programme\Novell\ZENworks\bin\XmlSerializers\InventoryManager.XmlSerializers.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\InventoryManager_de.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\StatusCollectionPoint_de.dll ()
MOD - C:\Programme\Novell\ZENworks\bin\XmlSerializers\AppModule.XmlSerializers.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\AppModule_de.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\ContentDistributionPoint_de.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\AuthSatellite_de.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\LoggerUI_de.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\ZenNotifyIconPlugins_de.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\ZenNotifyIconModule_de.dll ()
MOD - C:\Programme\Novell\ZENworks\bin\XmlSerializers\RegistrationModule.XmlSerializers.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\RegistrationModule_de.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\SettingsModule_de.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\StatusSender_de.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\ZMD_de.dll ()
MOD - C:\Programme\ThinkPad\ConnectUtilities\Res\GR\GUIHlprRes.dll ()
MOD - C:\Programme\ThinkPad\ConnectUtilities\Res\GR\IconRes.dll ()
MOD - C:\Programme\ThinkPad\ConnectUtilities\Res\GR\SvcHlprRes.dll ()
MOD - C:\WINDOWS\system32\btwicons.dll ()
MOD - C:\Programme\ThinkPad\Bluetooth Software\BTKeyInd.dll ()
MOD - C:\Programme\Mobile Broadband drivers\WMCore\MBMDebug.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU ()
MOD - C:\Programme\Brother\BrUtilities\BrLogAPI.dll ()
MOD - C:\Programme\PatchLink\Update Agent\cryptocme2.dll ()
MOD - C:\WINDOWS\system32\nls\DEUTSCH\nwshlxnr.dll ()
MOD - C:\WINDOWS\system32\nwshlxnt.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\Programme\Novell\ZENworks\nls\deutsch\NalUIRes.dll ()
MOD - C:\Programme\Novell\ZENworks\nls\deutsch\NalRes.dll ()
MOD - C:\Programme\Novell\ZENworks\nls\deutsch\NalAgentRes.dll ()
MOD - C:\WINDOWS\system32\redmonnt.dll ()
MOD - C:\WINDOWS\system32\XMLPARSE.DLL ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (SMART Mirror Driver Monitor Service) -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\TANDBERG\See&Share\monitorservice.exe (SMART Technologies)
SRV - (TelevisionFanaticService) -- C:\Programme\TelevisionFanatic\bar\1.bin\64barsvc.exe (COMPANYVERS_NAME)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (DMService) -- C:\WINDOWS\DOWNLO~1\DMService.exe ()
SRV - (ZENPreAgent) -- C:\WINDOWS\novell\zenworks\bin\ZENPreAgent.exe ()
SRV - (AgentSrv) -- C:\Programme\Connected\AGENTSRV.EXE (Connected Corporation)
SRV - (DozeSvc) -- C:\Programme\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.)
SRV - (PwmEWSvc) -- C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe (Lenovo Group Limited)
SRV - (Power Manager DBC Service) -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe ()
SRV - (AcSvc) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )
SRV - (AcPrfMgrSvc) -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )
SRV - (LENOVO.CAMMUTE) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
SRV - (Novell ZENworks Agent Service) -- C:\Programme\Novell\ZENworks\bin\ZenworksWindowsService.exe (Novell, Inc.)
SRV - (WMCoreService) -- C:\Programme\Mobile Broadband drivers\WMCore\WMCore.exe (Ericsson AB)
SRV - (jhi_service) Intel(R) -- C:\Programme\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
SRV - (UNS) Intel(R) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (S24EventMonitor) Intel(R) -- C:\Programme\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)
SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (btwdins) -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
SRV - (TPHKLOAD) -- C:\Programme\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited)
SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (uagqecsvc) -- C:\Programme\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe (Microsoft Corporation)
SRV - (Lenovo.micmute) -- C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
SRV - (Novell Identity Store) -- C:\Programme\Novell\CASA\bin\micasad.exe (Novell, Inc)
SRV - (Symantec AntiVirus) -- C:\Programme\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (SmcService) -- C:\Programme\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Programme\Symantec\Symantec Endpoint Protection\SNAC.EXE (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (BrYNSvc) -- C:\Programme\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
SRV - (CcmExec) -- C:\WINDOWS\system32\CCM\CcmExec.exe (Microsoft Corporation)
SRV - (smstsmgr) -- C:\WINDOWS\System32\CCM\TSManager.exe (Microsoft Corporation)
SRV - (PatchLink Update) -- C:\Programme\PatchLink\Update Agent\GravitixService.exe (Novell, Inc.)
SRV - (NWSAPAutoWorkstationUpdateSvc) -- C:\Programme\SAP\SapSetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe (SAP AG)
SRV - (Lotus Notes Single Logon) -- C:\Notes\nslsvice.exe (IBM Corp)
SRV - (cusrvc) -- C:\WINDOWS\system32\cusrvc.exe (Novell, Inc.)
SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe (Nero AG)
SRV - (ZFDWM) -- C:\Programme\Novell\ZENworks\WM.EXE (Novell, Inc.)
SRV - (XTAgent) -- C:\WINDOWS\system32\novell\xtagent.exe (Novell, Inc.)
SRV - (IviRegMgr) -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (NALNTSERVICE) -- C:\Programme\Novell\ZENworks\NALNTSRV.EXE (Novell, Inc.)
SRV - (Remote Management Agent) -- C:\Programme\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe (Novell, Inc.)
SRV - (UPHClean) -- C:\Programme\UPHClean\uphclean.exe (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (NAVEX15) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20120323.023\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20120323.023\NAVENG.SYS (Symantec Corporation)
DRV - (smrtdrv) -- C:\WINDOWS\system32\drivers\smrtdrv.sys (SMART Technologies Inc.)
DRV - (eeCtrl) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (WpsHelper) -- C:\WINDOWS\system32\drivers\wpshelper.sys (Symantec Corporation)
DRV - (TrojanKillerDriver) -- C:\WINDOWS\system32\drivers\gtkdrv.sys (Windows (R) Win 7 DDK provider)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (NVHDA) -- C:\WINDOWS\system32\drivers\nvhda32.sys (NVIDIA Corporation)
DRV - (DozeHDD) -- C:\WINDOWS\system32\drivers\DOZEHDD.SYS (Lenovo.)
DRV - (TPPWRIF) -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS (Lenovo Group Limited)
DRV - (IBMTPCHK) -- C:\WINDOWS\system32\drivers\IBMBLDID.sys ()
DRV - (ANC) -- C:\WINDOWS\system32\drivers\ANC.sys (IBM Corp.)
DRV - (risdxc) -- C:\WINDOWS\system32\drivers\risdxc86.sys (REDC)
DRV - (WNTHW) -- C:\WINDOWS\system32\drivers\WNTHW.SYS ()
DRV - (Mbm4NUn) F5521gw Mobile Broadband Network Adapter (WDM) -- C:\WINDOWS\system32\drivers\Mbm4NUn.sys (MCCI Corporation)
DRV - (Mbm4mdm) -- C:\WINDOWS\system32\drivers\Mbm4mdm.sys (MCCI Corporation)
DRV - (Mbm4mgmt)  Mobile Broadband Device Management Driver (WDM) -- C:\WINDOWS\system32\drivers\Mbm4mgmt.sys (MCCI Corporation)
DRV - (Mbm4NNd5) F5521gw Mobile Broadband Network Adapter (NDIS) -- C:\WINDOWS\system32\drivers\Mbm4NNd5.sys (MCCI Corporation)
DRV - (Mbm4bus) F5521gw Mobile Broadband Device (WDM) -- C:\WINDOWS\system32\drivers\Mbm4bus.sys (MCCI Corporation)
DRV - (Mbm4mdfl) -- C:\WINDOWS\system32\drivers\Mbm4mdfl.sys (MCCI Corporation)
DRV - (CnxtHdAudService) -- C:\WINDOWS\system32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (Shockprf) -- C:\WINDOWS\system32\drivers\ApsX86.sys (Lenovo.)
DRV - (TPDIGIMN) -- C:\WINDOWS\system32\drivers\ApsHM86.sys (Lenovo.)
DRV - (TSMAPIP) -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS ()
DRV - (NETwNx32) ___ Intel(R) -- C:\WINDOWS\system32\drivers\NETwNx32.sys (Intel Corporation)
DRV - (e1cexpress) Intel(R) -- C:\WINDOWS\system32\drivers\e1c5132.sys (Intel Corporation)
DRV - (l36wgps) -- C:\WINDOWS\system32\drivers\l36wgps.sys (Ericsson AB)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (MEI) Intel(R) -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation)
DRV - (lenovo.smi) -- C:\WINDOWS\system32\drivers\smiif32.sys (Lenovo Group Limited)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (SysPlant) -- C:\WINDOWS\system32\drivers\SysPlant.sys (Symantec Corporation)
DRV - (WPS) -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys (Symantec Corporation)
DRV - (SRTSPL) -- C:\WINDOWS\system32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\srtspx.sys (Symantec Corporation)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (Teefer2) -- C:\WINDOWS\system32\drivers\Teefer2.sys (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (COH_Mon) -- C:\WINDOWS\system32\drivers\COH_Mon.sys (Symantec Corporation)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (prepdrvr) -- C:\WINDOWS\system32\CCM\PrepDrv.sys (Microsoft Corporation)
DRV - (smihlp) SMI Helper Driver (smihlp) -- C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys (UPEK Inc.)
DRV - (smsmdd) -- C:\WINDOWS\system32\drivers\smsmdm.sys (Microsoft Corporation)
DRV - (NetwareWorkstation) -- C:\WINDOWS\system32\NetWare\nwfs.sys (Novell, Inc.)
DRV - (SRVLOC) -- C:\WINDOWS\system32\NetWare\srvloc.sys (Novell, Inc.)
DRV - (NWSIPX32) -- C:\WINDOWS\system32\NetWare\nwsipx32.sys (Novell, Inc.)
DRV - (NWFILTER) -- C:\WINDOWS\system32\NetWare\nwfilter.sys (Novell, Inc.)
DRV - (RESMGR) -- C:\WINDOWS\system32\NetWare\resmgr.sys (Novell, Inc.)
DRV - (NWDNS) -- C:\WINDOWS\system32\NetWare\nwdns.sys (Novell, Inc.)
DRV - (Sony_EricssonWWSC) -- C:\WINDOWS\system32\drivers\lnvoscard.sys (Sony Ericsson)
DRV - (NWSLP) -- C:\WINDOWS\system32\NetWare\nwslp.sys (Novell, Inc.)
DRV - (NICM) -- C:\WINDOWS\system32\drivers\nicm.sys (Novell, Inc.)
DRV - (stmtpm) -- C:\WINDOWS\system32\drivers\stm_tpm.sys (STMicroelectronics, INC)
DRV - (BM) -- C:\WINDOWS\system32\drivers\vptunnel.sys (Novell, Inc.)
DRV - (NWDHCP) -- C:\WINDOWS\system32\NetWare\nwdhcp.sys (Novell, Inc.)
DRV - (NWHOST) -- C:\WINDOWS\system32\NetWare\nwhost.sys (Novell, Inc.)
DRV - (NWSNS) Novell Simple Naming Services (NWSNS) -- C:\WINDOWS\system32\NetWare\nwsns.sys (Novell, Inc.)
DRV - (BlankScr) -- C:\WINDOWS\System32\drivers\blankscr.sys (Novell Inc.)
DRV - (Darpan) -- C:\WINDOWS\system32\drivers\Darpan.sys (Novell, Inc.)
DRV - (NICICCS) -- C:\WINDOWS\System32\drivers\niciccs.sys ()
DRV - (NWSAP) -- C:\WINDOWS\system32\NetWare\nwsap.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.steria-mummert.de/intern/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.steria-mummert.de/intern/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XPxdm049YYde&ptnrS=XPxdm049YYde&si=49647&ptb=DDACAE69-42A6-4475-B7CB-5BC0B4AEAAB3&psa=&ind=2012022005&st=sb&n=77ed04f5&searchfor={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.steria-mummert.de/intern/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.steria-mummert.de/intern/
IE - HKCU\..\URLSearchHook: {0696f815-a3a9-490a-bb14-9ec3350b1276} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{068A3FEB-E034-4CD7-834C-20E7AB1D0B46}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=109867&babsrc=SP_ss&mntrId=a6ddc64300000000000060d819c0da1b
IE - HKCU\..\SearchScopes\{1003C13B-1BEF-4DB6-BEA1-DC5E2FD06A00}: "URL" = hxxp://www.google.de
IE - HKCU\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XPxdm049YYde&ptnrS=XPxdm049YYde&si=49647&ptb=DDACAE69-42A6-4475-B7CB-5BC0B4AEAAB3&psa=&ind=2012022005&st=sb&n=77ed04f5&searchfor={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.ad.econgas.com:8080
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = hxxp://wpad/wpad.dat
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@TelevisionFanatic.com/Plugin: C:\Programme\TelevisionFanatic\bar\1.bin\NP64Stub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\: 
 
[2011.12.20 16:17:31 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\Mozilla\Extensions
[2012.02.29 21:15:21 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\Mozilla\Firefox\Profiles\wbkl6vga.default\extensions
[2012.03.24 19:07:11 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\Mozilla\Firefox\Profiles\wbkl6vga.default\extensions\64ffxtbr@TelevisionFanatic.com
[2012.02.05 12:46:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.02.05 12:46:43 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.02.19 15:43:25 | 000,002,310 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml
 
O1 HOSTS File: ([2008.04.14 18:30:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programme\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Assistant BHO) - {5d79f641-c168-40df-a32f-bacea7509e75} - C:\Programme\TelevisionFanatic\bar\1.bin\64SrcAs.dll (MindSpark)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Toolbar BHO) - {cb41fc95-f1b3-4797-8bb6-1012ff62abba} - C:\PROGRA~2\TELEVI~2\bar\1.bin\64bar.dll File not found
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (TelevisionFanatic) - {c98d5b61-b0ea-4d48-9839-1079d352d880} - C:\Programme\TelevisionFanatic\bar\1.bin\64bar.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (TelevisionFanatic) - {C98D5B61-B0EA-4D48-9839-1079D352D880} - C:\Programme\TelevisionFanatic\bar\1.bin\64bar.dll File not found
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Application Explorer] C:\Programme\Novell\ZENworks\naldesk.exe (Novell, Inc.)
O4 - HKLM..\Run: [BrStsMon00] C:\Programme\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ccApp] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ControlCenter3] C:\Programme\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IMSS] C:\Programme\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [LenovoAutoScrollUtility] C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [LPMailChecker] C:\Programme\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [NDPS] C:\WINDOWS\system32\dpmw32.exe (Novell, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NWTRAY] C:\WINDOWS\System32\nwtray.exe (Novell, Inc.)
O4 - HKLM..\Run: [PDDM] C:\Programme\PatchLink\Update Agent\pddm.exe (Novell, Inc.)
O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [SAP_WUS_UNT] C:\Programme\SAP\SAPsetup\setup\Updater\NwSapSetupUserNotificationTool.exe (SAP AG)
O4 - HKLM..\Run: [SMART Mirror Driver Monitor Service] C:\Dokumente und Einstellungen\Sravan Kumar Puppala [2012.03.24 19:34:41 | 000,000,000 | ---D | M]
O4 - HKLM..\Run: [TelevisionFanatic Browser Plugin Loader] C:\Programme\TelevisionFanatic\bar\1.bin\64brmon.exe (VER_COMPANY_NAME)
O4 - HKLM..\Run: [TelevisionFanatic Search Scope Monitor] "C:\PROGRA~2\TELEVI~2\bar\1.bin\64srchmn.exe" /m=2 /w /h File not found
O4 - HKLM..\Run: [TPFNF7] C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [ZCM Install Helper] D:\Temp\~ZCM\cleanup.exe File not found
O4 - HKLM..\Run: [ZENRC Tray Icon] C:\WINDOWS\system32\zentray.exe (Novell, Inc.)
O4 - HKCU..\Run: [SkypePM] C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Lokale Einstellungen\Anwendungsdaten\Skype\SkypePM.exe (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Bluetooth.lnk = C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Connected TaskBar Icon.LNK = C:\Programme\Connected\CBSysTray.exe (Connected Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\SnagIt 8.lnk = C:\Programme\TechSmith\SnagIt 8\SnagIt32.exe (TechSmith Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: CompatibleRUPSecurity = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Home = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Fullscreen = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Tools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Print = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Edit = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Cut = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Copy = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Paste = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Encoding = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WarningMsgInBody = 
O8 - Extra context menu item: &Search - hxxp://tbedits.televisionfanatic.com/one-toolbaredits/menusearch.jhtml?s=100000415&p=XPxdm049YYde&si=49647&a=DDACAE69-42A6-4475-B7CB-5BC0B4AEAAB3&n=2012022005 File not found
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Programme\Novell\ZENworks\AxNalServer.dll (Novell, Inc)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\NetWare\nwws2nds.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\NetWare\nwws2sap.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\system32\NetWare\nwws2slp.dll (Novell, Inc.)
O15 - HKCU\..Trusted Domains: hotmail.de ([]http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: live.com ([login] https in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: srv7vie07 ([]http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: steria.com ([chgpwd.hq] https in Vertrauenswürdige Sites)
O16 - DPF: {7114683A-020D-4D16-80FD-6ACE384B66DF} hxxp://vsrv1gasx01:9080/gasx/activex/FPSPR70.ocx (FarPoint Spread 7.0 (OLEDB))
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} https://external.econgas.com/InternalSite/WhlCompMgr.cab (Forefront UAG client components)
O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} https://domino.koeln.steria-mummert.de/dwa8W.cab (Domino Web Access 8 Control)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_05)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://qliktech.webex.com/client/T27LD/nbr/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C9B80A69-0E19-4CC0-A499-C8F0C5544AA3}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\qvp {4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520} - C:\Programme\QlikView\QvProtocol\qvp.dll (QlikTech AB)
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Programme\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Programme\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (ziswin.exe) - C:\WINDOWS\System32\ZISWIN.EXE (Novell)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (NWGINA.DLL) - C:\WINDOWS\System32\nwgina.dll (Novell, Inc.)
O20 - Winlogon\Notify\ACNotify: DllName - (ACNotify.dll) - C:\Programme\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O20 - Winlogon\Notify\LCredMgr: DllName - (C:\Programme\Novell\CASA\bin\lcredmgr.dll) - C:\Programme\Novell\CASA\bin\lcredmgr.dll ()
O20 - Winlogon\Notify\NetIdentity Notification: DllName - (C:\WINDOWS\system32\Novell\XtNotify.dll) - C:\WINDOWS\system32\novell\xtnotify.dll (Novell, Inc.)
O20 - Winlogon\Notify\psfus: DllName - (C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\SMC Start Screen_1440w_Plain.BMP
O24 - Desktop BackupWallPaper: C:\WINDOWS\SMC Start Screen_1440w_Plain.BMP
O28 - HKLM ShellExecuteHooks: {763370C4-268E-4308-A60C-D8DA0342BE32} - C:\Programme\Novell\ZENworks\NalShell.dll (Novell, Inc)
O30 - LSA: Authentication Packages - (nwv1_0) - C:\WINDOWS\System32\nwv1_0.dll (Novell, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.12.01 14:06:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{7606a47c-52f5-11e1-a04e-028037ec0200}\Shell\AutoRun\command - "" = E:\Toshiba\more4you.exe
O33 - MountPoints2\{8140258f-3a1f-11e1-a010-60d819c0da1b}\Shell\AutoRun\command - "" = E:\Toshiba\Launcher\start.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - 
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{0E5911DD-EA12-4626-B1A8-CB9B7E701F9F} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.24 15:05:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\GridinSoft Trojan Killer
[2012.03.24 15:04:58 | 000,000,000 | ---D | C] -- C:\Programme\GridinSoft Trojan Killer
[2012.03.19 13:14:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\webex
[2012.03.14 12:31:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Desktop\SAP BW
[2012.03.05 06:57:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Desktop\Qlikview
[2012.03.01 15:01:37 | 000,002,432 | ---- | C] (SMART Technologies Inc.) -- C:\WINDOWS\System32\drivers\smrtdrv.sys
[2012.03.01 15:01:35 | 000,011,648 | ---- | C] (SMART Technologies Inc.) -- C:\WINDOWS\System32\smrtdrv.dll
[2012.03.01 15:01:35 | 000,003,584 | ---- | C] (SMART Technologies Inc.) -- C:\WINDOWS\System32\smrtexp.dll
[2012.02.29 11:54:15 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\IECompatCache
[2012.02.28 17:38:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\QlikView
[2012.02.24 17:40:31 | 000,000,000 | ---D | C] -- D:\Bilder
[2012.02.24 08:32:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2011.12.20 10:23:00 | 003,145,728 | ---- | C] (SAP Technology,Inc) -- C:\Programme\Gemeinsame Dateien\sapxlhelper.dll
[2011.12.20 10:23:00 | 000,626,688 | ---- | C] (SAP AG) -- C:\Programme\Gemeinsame Dateien\sapconsaccess.dll
[2011.12.20 10:23:00 | 000,192,512 | ---- | C] (SAP Tech Inc.) -- C:\Programme\Gemeinsame Dateien\sapconsr3.dll
[2011.12.20 10:23:00 | 000,040,960 | ---- | C] (SAP-TECHNOLOGY) -- C:\Programme\Gemeinsame Dateien\DigitalSignature.ocx
[62 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.24 19:35:25 | 000,002,076 | ---- | M] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Desktop\SMC Anwendungen.nal
[2012.03.24 19:35:16 | 000,573,893 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2012.03.24 19:34:51 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2012.03.24 19:34:50 | 000,573,893 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2012.03.24 19:34:40 | 000,000,972 | RHS- | M] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\ntuser.pol
[2012.03.24 19:34:39 | 000,019,868 | RHS- | M] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol
[2012.03.24 19:33:45 | 000,000,462 | ---- | M] () -- C:\WINDOWS\smscfg.ini
[2012.03.24 19:30:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.03.24 15:05:03 | 000,000,793 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Trojan Killer.lnk
[2012.03.24 13:42:42 | 000,000,731 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Connected TaskBar Icon.LNK
[2012.03.24 13:18:45 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.03.23 14:53:56 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012.03.22 10:09:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.03.16 22:32:43 | 000,437,661 | ---- | M] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Desktop\FLT_3F4HCB15413_0.pdf
[2012.03.01 15:01:37 | 000,002,432 | ---- | M] (SMART Technologies Inc.) -- C:\WINDOWS\System32\drivers\smrtdrv.sys
[2012.03.01 15:01:35 | 000,011,648 | ---- | M] (SMART Technologies Inc.) -- C:\WINDOWS\System32\smrtdrv.dll
[2012.03.01 15:01:35 | 000,003,584 | ---- | M] (SMART Technologies Inc.) -- C:\WINDOWS\System32\smrtexp.dll
[2012.02.28 17:03:43 | 000,002,010 | -H-- | M] () -- D:\Default.rdp
[2012.02.27 23:42:29 | 000,000,042 | ---- | M] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\default.pls
[62 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.24 19:35:13 | 000,002,076 | ---- | C] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Desktop\SMC Anwendungen.nal
[2012.03.24 15:05:03 | 000,000,793 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Trojan Killer.lnk
[2012.03.16 22:32:43 | 000,437,661 | ---- | C] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Desktop\FLT_3F4HCB15413_0.pdf
[2012.02.27 23:42:29 | 000,000,042 | ---- | C] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\default.pls
[2012.02.19 15:12:52 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.02.07 12:15:05 | 000,007,680 | ---- | C] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.15 20:56:15 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF10A.DAT
[2012.01.15 20:56:13 | 000,000,425 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2012.01.03 19:20:29 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011.12.21 01:41:29 | 000,131,072 | ---- | C] () -- C:\WINDOWS\toggleql.exe
[2011.12.20 17:07:31 | 000,456,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\niciccs.sys
[2011.12.20 17:05:45 | 000,078,448 | ---- | C] () -- C:\WINDOWS\System32\bmnotify.dll
[2011.12.20 17:05:44 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\ldapmethod.dll
[2011.12.20 17:05:43 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\vpnlogin.exe
[2011.12.20 17:05:43 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\ikeapp.exe
[2011.12.20 17:05:43 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\vpnstats.exe
[2011.12.20 17:05:43 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\vpnext.dll
[2011.12.20 17:05:43 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\regvpn.exe
[2011.12.20 17:05:43 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\vpnrst.exe
[2011.12.20 17:05:43 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\SlpDnsRestore.exe
[2011.12.20 17:02:57 | 000,586,752 | R--- | C] () -- C:\WINDOWS\autolog.exe
[2011.12.20 17:02:57 | 000,080,384 | ---- | C] () -- C:\WINDOWS\cusrmgr.exe
[2011.12.20 17:02:55 | 000,262,227 | ---- | C] () -- C:\WINDOWS\System32\nwshlxnt.dll
[2011.12.20 17:02:55 | 000,065,619 | ---- | C] () -- C:\WINDOWS\System32\setupw2k.dll
[2011.12.20 17:02:55 | 000,015,898 | ---- | C] () -- C:\WINDOWS\System32\vlmsup.exe
[2011.12.20 17:02:55 | 000,001,724 | ---- | C] () -- C:\WINDOWS\System32\vipx.exe
[2011.12.20 17:02:54 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\lgncon32.dll
[2011.12.20 17:02:54 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\dplgnw32.dll
[2011.12.20 17:02:51 | 000,002,757 | ---- | C] () -- C:\WINDOWS\System32\rdrstats.ini
[2011.12.20 17:02:50 | 000,225,356 | ---- | C] () -- C:\WINDOWS\System32\lgnwnt32.dll
[2011.12.20 17:02:50 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\prtwin32.dll
[2011.12.20 17:02:50 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\nwpsrv32.dll
[2011.12.20 17:02:49 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nwslog32.dll
[2011.12.20 17:02:09 | 000,573,893 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2011.12.20 16:17:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011.12.20 12:28:36 | 000,256,580 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011.12.20 12:28:36 | 000,256,580 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011.12.20 12:28:36 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011.12.20 12:25:56 | 000,000,462 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2011.12.20 12:24:33 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2011.12.20 12:24:33 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2011.12.20 12:24:33 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2011.12.20 12:24:33 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2011.12.20 12:24:33 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2011.12.20 12:24:33 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2011.12.20 12:22:26 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\IntelMEFWVer.dll
[2011.12.20 12:19:14 | 000,521,856 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2011.12.20 11:55:49 | 000,023,116 | ---- | C] () -- C:\WINDOWS\System32\CcmFramework.ini
[2011.12.20 11:53:51 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.12.20 11:37:56 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2011.12.20 10:31:49 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\default_user_class.dat
[2011.12.20 10:24:49 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011.12.20 10:23:49 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\MSORFS.DLL
[2011.12.20 10:23:48 | 001,690,896 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL
[2011.12.20 10:23:48 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[2011.12.20 10:23:48 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[2011.12.20 10:23:00 | 000,955,904 | ---- | C] () -- C:\Programme\Gemeinsame Dateien\SAPActiveXL.xlt
[2011.12.20 10:23:00 | 000,949,760 | ---- | C] () -- C:\Programme\Gemeinsame Dateien\SAPActiveXL_nosig.xlt
[2011.12.20 10:21:43 | 001,064,960 | ---- | C] () -- C:\WINDOWS\System32\h5krnl32.dll
[2011.12.20 10:21:43 | 000,188,928 | ---- | C] () -- C:\WINDOWS\System32\h5icon32.dll
[2011.12.20 10:21:43 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\h5menu32.dll
[2011.12.20 10:21:43 | 000,095,744 | ---- | C] () -- C:\WINDOWS\System32\h5rtf32.dll
[2011.12.20 10:21:43 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\h5tool32.dll
[2011.12.20 10:18:43 | 000,009,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\WNTHW.SYS
[2011.11.09 09:08:01 | 000,001,372 | ---- | C] () -- C:\WINDOWS\System32\VoipUpdate.ini
[2011.11.09 09:07:54 | 000,030,893 | ---- | C] () -- C:\WINDOWS\System32\drivers\Mixer.ini
[2011.11.09 09:07:47 | 000,001,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\Altmixer.ini
[2011.11.09 09:03:42 | 002,286,930 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010.12.09 13:57:54 | 002,860,384 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2010.10.11 02:29:34 | 000,114,688 | ---- | C] () -- C:\Programme\ad_ff.dll
[2010.10.11 02:29:14 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\jmicasa.dll
[2010.10.11 02:29:04 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\micasa.dll
[2010.10.11 02:28:52 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\micasacache.dll
[2010.07.10 03:24:14 | 000,006,253 | ---- | C] () -- C:\Programme\eula.rtf
[2010.05.28 10:39:16 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\casa_authtoken.dll
[2010.05.14 11:08:12 | 000,024,632 | ---- | C] () -- C:\WINDOWS\System32\providers.bin
 
========== LOP Check ==========
 
[2012.02.19 15:43:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
[2011.12.20 10:29:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ConeXware
[2011.12.20 12:25:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lenovo
[2011.12.20 10:15:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mummert
[2012.02.28 16:03:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QlikTech
[2012.01.14 11:45:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TechSmith
[2012.02.19 15:43:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\Babylon
[2012.01.17 13:40:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\DBDesigner4
[2011.12.20 11:53:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\Lenovo
[2011.12.20 11:56:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\Mummert
[2011.12.20 15:47:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\PwrMgr
[2012.01.06 11:22:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\QlikTech
[2012.01.14 11:54:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\TANDBERG
[2012.01.19 11:36:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\TeamViewer
[2012.03.19 13:14:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\webex
[2012.01.13 13:27:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\Xerox
[2012.03.24 19:34:51 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2011.12.20 11:51:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2011.12.20 11:35:49 | 000,000,000 | -HSD | M] -- C:\DRIVERS
[2012.02.11 13:06:23 | 000,000,000 | ---D | M] -- C:\Forefront UAG Remote Access Agent
[2011.12.20 17:02:49 | 000,000,000 | -HSD | M] -- C:\INSTALLS
[2011.12.20 12:22:15 | 000,000,000 | ---D | M] -- C:\Intel
[2012.03.24 19:34:55 | 000,000,000 | -H-D | M] -- C:\NALCache
[2012.01.05 17:41:34 | 000,000,000 | ---D | M] -- C:\NDPS
[2012.03.19 19:58:40 | 000,000,000 | ---D | M] -- C:\Notes
[2011.12.20 10:10:12 | 000,000,000 | ---D | M] -- C:\Novell
[2012.03.24 15:04:58 | 000,000,000 | R--D | M] -- C:\Programme
[2012.01.08 18:44:06 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2011.12.20 17:01:14 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.03.24 17:47:32 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe >
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2008.04.14 18:30:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 18:30:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.04.14 18:30:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 18:30:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:atapi.sys
[2008.04.14 18:30:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 18:30:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 18:30:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.04.14 18:30:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 18:30:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\system32\dllcache\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2009.06.04 14:13:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\DRIVERS\000_SYSTEM\MSD\iastor\IaStor.sys
[2010.11.05 23:39:18 | 000,354,840 | ---- | M] (Intel Corporation) MD5=F4037A3FEDB92DD97C95F320766EA5C9 -- C:\DRIVERS\000_SYSTEM\IaStor.sys
[2010.11.05 19:09:18 | 000,354,840 | ---- | M] (Intel Corporation) MD5=F4037A3FEDB92DD97C95F320766EA5C9 -- C:\WINDOWS\system32\drivers\iastor.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 18:30:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 18:30:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 18:30:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 18:30:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.04.14 18:30:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\dllcache\user32.dll
[2008.04.14 18:30:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 18:30:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 18:30:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2008.04.14 18:30:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 18:30:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.04.14 18:30:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2008.04.14 18:30:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2009.12.01 19:28:19 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2009.12.01 19:28:18 | 001,093,632 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2009.12.01 19:28:18 | 000,450,560 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\system32\*.dll /lockedfiles >
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2011.12.20 15:02:28 | 000,069,011 | ---- | M] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\install.xml
[2012.03.24 19:11:09 | 004,980,736 | ---- | M] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\NTUSER.DAT
[2012.03.24 20:05:50 | 000,001,024 | -H-- | M] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\NTUSER.DAT.LOG
[2012.03.24 19:11:09 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\ntuser.ini
[2012.03.24 19:34:40 | 000,000,972 | RHS- | M] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\ntuser.pol
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2012.01.12 18:20:28 | 001,860,096 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
<           >

< End of report >

--- --- ---

Vielendank in Voraus
Sravy

Bitte kann jemand ein Tip geben welche Fix ich für OTL geben soll.

Vielendank

hallo ich habe Malwarebytes Antimalware laufen lassen und im Anhang ist der Log.
ich kann zwar anmelden jetzt nach der Ausführung von Malwarebytessoftware und behebung aber mein Rechner ist nicht 100% Sauber.

Der Log sieht so aus

Zitat:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Datenbank Version: v2012.03.25.02
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Sravan Kumar Puppala :: MC00019325 [Administrator]
25.03.2012 17:32:16
mbam-log-2012-03-25 (17-43-19).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 235764
Laufzeit: 7 Minute(n), 52 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 92
HKLM\SYSTEM\CurrentControlSet\Services\TelevisionFanaticService (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\CLSID\{0696f815-a3a9-490a-bb14-9ec3350b1276} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0696F815-A3A9-490A-BB14-9EC3350B1276} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\CLSID\{5d79f641-c168-40df-a32f-bacea7509e75} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5D79F641-C168-40DF-A32F-BACEA7509E75} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{5D79F641-C168-40DF-A32F-BACEA7509E75} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5D79F641-C168-40DF-A32F-BACEA7509E75} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\CLSID\{02515cef-2063-4d64-b87a-d504c99d40dd} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{aed3b1e0-fabb-4c27-a2da-ec8352ee7e30} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\Interface\{9989BC14-9B5B-4B3B-8040-478FD1685E34} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\CLSID\{04d2b915-19ff-41e9-994d-95dc898bea43} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{0597d3be-9a4d-4426-a8a7-572ad299852e} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\Interface\{4E7F49ED-8C94-4AAA-A407-3010D099B11A} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.SettingsPlugin.1 (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.SettingsPlugin (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{04D2B915-19FF-41E9-994D-95DC898BEA43} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\CLSID\{07494721-dfcf-41c1-8a03-b3fffb0f8409} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{952c6f00-cba7-47be-baf3-cfc5808e6c7b} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\Interface\{1E34EA93-600B-4CBC-9858-59BE04C1A581} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\CLSID\{0e8a6cb6-3b14-491d-8bba-86a95a62ff72} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.PseudoTransparentPlugin.1 (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.PseudoTransparentPlugin (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0E8A6CB6-3B14-491D-8BBA-86A95A62FF72} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\CLSID\{1D7E63AF-274B-426B-B51D-ADF161DF7F24} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.HTMLMenu.1 (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.HTMLMenu (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D7E63AF-274B-426B-B51D-ADF161DF7F24} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\CLSID\{387dface-9e46-415f-8c86-18083b7d6ead} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{73cadbbd-4dc5-419d-84f1-e7bf4c3b20c4} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\Interface\{32CC4D2E-999C-4853-9D3E-5DE4C02D57C6} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\CLSID\{38deffd9-9379-4ac4-baa9-1a883dba9cd2} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.MultipleButton.1 (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.MultipleButton (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\CLSID\{52d3c28f-c9ac-40b5-848f-1fb63d2badef} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.ScriptButton.1 (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.ScriptButton (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\CLSID\{67d33c35-62e9-4f77-a284-9e9d256f7846} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.DynamicBarButton.1 (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.DynamicBarButton (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\CLSID\{6ffb45e3-cffc-4b3a-95eb-334cb53c85b0} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{a378fd9d-b406-44bb-96d2-8cdaa668713f} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\Interface\{93A55DA3-83ED-4090-91B6-904C44647639} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.FeedManager.1 (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.FeedManager (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\CLSID\{7895609d-c8b4-4cf5-a2c7-28223d0c3d92} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{34979cb5-728d-4727-81bf-01850a3bb89b} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\Interface\{934063FB-A81D-4849-B02C-478446DF3219} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.ThirdPartyInstaller.1 (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.ThirdPartyInstaller (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7895609D-C8B4-4CF5-A2C7-28223D0C3D92} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\CLSID\{7952f465-ac46-4a82-b383-870f3784d1cd} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.UrlAlertButton.1 (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.UrlAlertButton (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\CLSID\{7ad9c324-3672-4d33-8477-d9c8e627f4bf} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.Radio.1 (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.Radio (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\CLSID\{8be781d8-5e70-423d-82de-9e4756fce53c} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{026fd9ba-112b-4d9f-86ea-589e28016e8c} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\Interface\{0328B630-EA94-4FA3-9F27-8250B6324DDB} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.XMLSessionPlugin.1 (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.XMLSessionPlugin (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8BE781D8-5E70-423D-82DE-9E4756FCE53C} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\CLSID\{91a8da6b-8013-44aa-b63f-00195312999a} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{03f59b4b-09d9-40f0-a01a-6e895023f2f0} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\Interface\{42CB7963-EFE0-4737-A927-CE076FAA3BA0} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.RadioSettings.1 (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.RadioSettings (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\CLSID\{c98d5b61-b0ea-4d48-9839-1079d352d880} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C98D5B61-B0EA-4D48-9839-1079D352D880} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C98D5B61-B0EA-4D48-9839-1079D352D880} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\CLSID\{cb41fc95-f1b3-4797-8bb6-1012ff62abba} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\CLSID\{d09094b3-b426-4f16-a6d9-e211fe222127} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D09094B3-B426-4F16-A6D9-E211FE222127} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\CLSID\{f02c0832-c85c-4b93-8c6f-9df20121a10d} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{6784d08d-cdc3-419d-9b97-744a351ed908} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\Interface\{844C2331-94DF-431E-9A67-426ED861D27F} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.HTMLPanel.1 (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.HTMLPanel (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F02C0832-C85C-4B93-8C6F-9DF20121A10D} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\CLSID\{fba7cbb1-fc93-4149-8862-d94451a7d167} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{608f7340-e221-4afb-a848-c4dad297cd58} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\Interface\{966430CC-2097-45CA-8626-2C3F454C3297} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4e7f49ed-8c94-4aaa-a407-3010d099b11a} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.SkinLauncher (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.SkinLauncher.1 (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.SkinLauncherSettings (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.SkinLauncherSettings.1 (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TelevisionFanaticbar Uninstall (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\MozillaPlugins\@TelevisionFanatic.com/Plugin (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
Infizierte Registrierungswerte: 8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|TelevisionFanatic Browser Plugin Loader (PUP.MyWebSearch) -> Daten: C:\PROGRA~2\TELEVI~2\bar\1.bin\64brmon.exe -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{0696F815-A3A9-490A-BB14-9EC3350B1276} (PUP.MyWebSearch) -> Daten: -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{C98D5B61-B0EA-4D48-9839-1079D352D880} (PUP.MyWebSearch) -> Daten: a[Éê°HM˜9yÓRØ€ -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{C98D5B61-B0EA-4D48-9839-1079D352D880} (PUP.MyWebSearch) -> Daten: -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{C98D5B61-B0EA-4D48-9839-1079D352D880} (PUP.MyWebSearch) -> Daten: -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{0696f815-a3a9-490a-bb14-9ec3350b1276} (PUP.MyWebSearch) -> Daten: -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{c98d5b61-b0ea-4d48-9839-1079d352d880} (PUP.MyWebSearch) -> Daten: -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|TelevisionFanatic Search Scope Monitor (PUP.MyWebSearch) -> Daten: "C:\PROGRA~2\TELEVI~2\bar\1.bin\64srchmn.exe" /m=2 /w /h -> Keine Aktion durchgeführt.
Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt.
Infizierte Verzeichnisse: 2
C:\Programme\TelevisionFanatic\bar\1.bin (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Programme\TelevisionFanatic\bar\1.bin\chrome (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
Infizierte Dateien: 30
C:\Programme\TelevisionFanatic\bar\1.bin\64brstub.dll (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Programme\TelevisionFanatic\bar\1.bin\64brmon.exe (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Programme\TelevisionFanatic\bar\1.bin\64barsvc.exe (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Programme\TelevisionFanatic\bar\1.bin\64SrcAs.dll (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Programme\TelevisionFanatic\bar\1.bin\64httpct.dll (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Programme\TelevisionFanatic\bar\1.bin\64skin.dll (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Programme\TelevisionFanatic\bar\1.bin\64htmlmu.dll (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Programme\TelevisionFanatic\bar\1.bin\64datact.dll (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Programme\TelevisionFanatic\bar\1.bin\64mlbtn.dll (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Programme\TelevisionFanatic\bar\1.bin\64script.dll (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Programme\TelevisionFanatic\bar\1.bin\64dyn.dll (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Programme\TelevisionFanatic\bar\1.bin\64feedmg.dll (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Programme\TelevisionFanatic\bar\1.bin\64uabtn.dll (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Programme\TelevisionFanatic\bar\1.bin\64msg.dll (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Programme\TelevisionFanatic\bar\1.bin\64auxstb.dll (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Programme\TelevisionFanatic\bar\1.bin\64highin.exe (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Programme\TelevisionFanatic\bar\1.bin\64idle.dll (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Programme\TelevisionFanatic\bar\1.bin\64ieovr.dll (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Programme\TelevisionFanatic\bar\1.bin\64impipe.exe (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Programme\TelevisionFanatic\bar\1.bin\64medint.exe (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Programme\TelevisionFanatic\bar\1.bin\64regfft.dll (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Programme\TelevisionFanatic\bar\1.bin\64regiet.dll (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Programme\TelevisionFanatic\bar\1.bin\64skplay.exe (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Programme\TelevisionFanatic\bar\1.bin\CHROME.MANIFEST (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Programme\TelevisionFanatic\bar\1.bin\INSTALL.RDF (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Programme\TelevisionFanatic\bar\1.bin\installKeys.js (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Programme\TelevisionFanatic\bar\1.bin\LOGO.BMP (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Programme\TelevisionFanatic\bar\1.bin\NP64Stub.dll (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Programme\TelevisionFanatic\bar\1.bin\T8RES.DLL (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Programme\TelevisionFanatic\bar\1.bin\chrome\64ffxtbr.jar (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
(Ende)

sravy · 25.03.2012, 17:37

Nochmal OTL ausgeführt und so siehts aus

OTL_text:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 25.03.2012 18:24:07 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,49 Gb Total Physical Memory | 2,45 Gb Available Physical Memory | 70,35% Memory free
5,32 Gb Paging File | 4,31 Gb Available in Paging File | 81,02% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 40,00 Gb Total Space | 17,81 Gb Free Space | 44,53% Space Free | Partition Type: NTFS
Drive D: | 425,26 Gb Total Space | 294,34 Gb Free Space | 69,21% Space Free | Partition Type: NTFS
Drive E: | 988,00 Mb Total Space | 917,44 Mb Free Space | 92,86% Space Free | Partition Type: FAT
 
Computer Name: MC00019325 | User Name: Sravan Kumar Puppala | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Connected\AGENTSRV.EXE (Connected Corporation)
PRC - C:\Programme\Connected\CBSysTray.exe (Connected Corporation)
PRC - C:\Programme\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.)
PRC - C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe (Lenovo Group Limited)
PRC - C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe ()
PRC - C:\Programme\ThinkPad\Utilities\SCHTASK.EXE (Lenovo Group Limited)
PRC - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated)
PRC - C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo )
PRC - C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
PRC - C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
PRC - C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )
PRC - C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )
PRC - C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
PRC - C:\Programme\Novell\ZENworks\bin\ZenworksWindowsService.exe (Novell, Inc.)
PRC - C:\Programme\Novell\ZENworks\bin\ZenUserDaemon.exe (Novell, Inc.)
PRC - C:\Programme\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Programme\Mobile Broadband drivers\WMCore\WMCore.exe (Ericsson AB)
PRC - C:\Programme\Novell\ZENworks\bin\TSUsage32.exe (Novell, Inc.)
PRC - C:\Programme\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Intel Corporation)
PRC - C:\Programme\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)
PRC - C:\Programme\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Programme\Lenovo\HOTKEY\tpnumlkd.exe (Lenovo Group Limited)
PRC - C:\Programme\ThinkPad\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
PRC - C:\Programme\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Programme\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe (Microsoft Corporation)
PRC - C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\tpnumlk.exe (Lenovo Group Limited)
PRC - C:\Programme\Novell\CASA\bin\micasad.exe (Novell, Inc)
PRC - C:\Programme\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - C:\Programme\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
PRC - C:\Programme\Symantec\Symantec Endpoint Protection\SmcGui.exe (Symantec Corporation)
PRC - C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited)
PRC - C:\Programme\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Programme\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
PRC - C:\WINDOWS\system32\CCM\CcmExec.exe (Microsoft Corporation)
PRC - C:\Programme\PatchLink\Update Agent\GravitixService.exe (Novell, Inc.)
PRC - C:\Programme\PatchLink\Update Agent\pddm.exe (Novell, Inc.)
PRC - C:\Programme\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
PRC - C:\Programme\SAP\SapSetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe (SAP AG)
PRC - C:\Programme\SAP\SapSetup\setup\Updater\NwSapSetupUserNotificationTool.exe (SAP AG)
PRC - C:\Notes\nslsvice.exe (IBM Corp)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Novell\ZENworks\NalAgent.exe (Novell, Inc)
PRC - C:\Programme\Novell\ZENworks\WM.EXE (Novell, Inc.)
PRC - C:\WINDOWS\system32\novell\xtagent.exe (Novell, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Programme\Novell\ZENworks\WMRUNDLL.EXE (Novell, Inc.)
PRC - C:\Programme\Novell\ZENworks\NALNTSRV.EXE (Novell, Inc.)
PRC - C:\Programme\TechSmith\SnagIt 8\SnagIt32.exe (TechSmith Corporation)
PRC - C:\Programme\TechSmith\SnagIt 8\TscHelp.exe (TechSmith Corporation)
PRC - C:\Programme\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe (Novell, Inc.)
PRC - C:\Programme\UPHClean\uphclean.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\dpmw32.exe (Novell, Inc.)
PRC - C:\WINDOWS\system32\nwtray.exe (Novell, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\acc5ec6c04f1eff1029f88e339c98e47\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d4a5aced0ec83076368bad3f7277da5f\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\1cb3849720ed4eb09c75725675a3ef31\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\facce4c3f0327583278401d360310a99\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\1af095ac130f585527b60abd230b4558\System.DirectoryServices.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\142e2b633a002e749dbd9d697dbf3f4f\System.Security.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\64bf8d2f963138ede81700b9fd525547\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\569ae3c239c7270b687996583ca97c28\UIAutomationProvider.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\9cf4a4fdd044bf3f033ae4fa26bdd796\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\891e536eaeebb1c3ea4a2b199f3b739b\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\f3877aa44425b257edad57137c5a2e21\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\0aacf518f032079557bc36a2eef2ccea\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\c54577f8280781a7fdfab0768a5e57dc\System.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\448062bb843b945803db54b94a340c0c\PresentationFramework.Luna.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\666b3b77f2bdbd072b199abd2f15f5f1\PresentationFramework.Classic.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\c29d0fd0724449a5e2e64f36c968f268\PresentationCore.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\5aa5f52223edf2f53fe90b153108d450\WindowsBase.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\12637de2619ee65d57c529f6c786dce1\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll ()
MOD - C:\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.swt.browser.dom.ie_6.1.2.200808010926\os\win32\x86\tlogpsdll.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Novell.Casa.Client.Auth\1.7.0.0__ed0eb71059ea593b\Novell.Casa.Client.Auth.dll ()
MOD - C:\Programme\ThinkPad\Utilities\DE-DE\PWMUIAux.resources.dll ()
MOD - C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe ()
MOD - C:\Programme\ThinkPad\Utilities\GR\PWRMGRRO.DLL ()
MOD - C:\Programme\ThinkPad\Utilities\GR\PWRMGRRT.DLL ()
MOD - C:\Programme\Synaptics\SynTP\SynTPEnhPS.dll ()
MOD - C:\Programme\ThinkPad\ConnectUtilities\ACSonyEricssonHlpr.dll ()
MOD - C:\Programme\ThinkPad\ConnectUtilities\AcWrpc.dll ()
MOD - C:\Programme\Novell\ZENworks\bin\XmlSerializers\zmd.XmlSerializers.dll ()
MOD - C:\Programme\Novell\ZENworks\bin\XmlSerializers\Localizer.XmlSerializers.dll ()
MOD - C:\Programme\Novell\ZENworks\bin\sqlite3.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\WinProxyUI_de.dll ()
MOD - C:\Programme\Novell\ZENworks\bin\XmlSerializers\InventoryManager.XmlSerializers.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\InventoryManager_de.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\StatusCollectionPoint_de.dll ()
MOD - C:\Programme\Novell\ZENworks\bin\XmlSerializers\AppModule.XmlSerializers.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\AppModule_de.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\ContentDistributionPoint_de.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\AuthSatellite_de.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\LoggerUI_de.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\ZenNotifyIconPlugins_de.dll ()
MOD - C:\Programme\Novell\ZENworks\bin\XmlSerializers\QuickTaskManager.XmlSerializers.dll ()
MOD - C:\Programme\Novell\ZENworks\bin\XmlSerializers\ContentManager.XmlSerializers.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\ContentManager_de.dll ()
MOD - C:\Programme\Novell\ZENworks\bin\XmlSerializers\AssignmentManager.XmlSerializers.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\ZenNotifyIconModule_de.dll ()
MOD - C:\Programme\Novell\ZENworks\bin\XmlSerializers\RegistrationModule.XmlSerializers.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\RegistrationModule_de.dll ()
MOD - C:\Programme\Novell\ZENworks\bin\XmlSerializers\Novell.Zenworks.Settings.XmlSerializers.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\SettingsModule_de.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\StatusSender_de.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\ZMD_de.dll ()
MOD - C:\Programme\ThinkPad\ConnectUtilities\Res\GR\GUIHlprRes.dll ()
MOD - C:\Programme\ThinkPad\ConnectUtilities\Res\GR\IconRes.dll ()
MOD - C:\Programme\ThinkPad\ConnectUtilities\Res\GR\SvcHlprRes.dll ()
MOD - C:\WINDOWS\system32\btwicons.dll ()
MOD - C:\Programme\ThinkPad\Bluetooth Software\BTKeyInd.dll ()
MOD - C:\Programme\Mobile Broadband drivers\WMCore\MBMDebug.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU ()
MOD - C:\Programme\Brother\BrUtilities\BrLogAPI.dll ()
MOD - C:\Programme\PatchLink\Update Agent\cryptocme2.dll ()
MOD - C:\WINDOWS\system32\nls\DEUTSCH\nwshlxnr.dll ()
MOD - C:\WINDOWS\system32\nwshlxnt.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\Programme\Novell\ZENworks\nls\deutsch\NalUIRes.dll ()
MOD - C:\Programme\Novell\ZENworks\nls\deutsch\NalRes.dll ()
MOD - C:\Programme\Novell\ZENworks\nls\deutsch\NalAgentRes.dll ()
MOD - C:\WINDOWS\system32\novell\novdhcp.dll ()
MOD - C:\WINDOWS\system32\redmonnt.dll ()
MOD - C:\WINDOWS\system32\XMLPARSE.DLL ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (SMART Mirror Driver Monitor Service) -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\TANDBERG\See&Share\monitorservice.exe (SMART Technologies)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (DMService) -- C:\WINDOWS\DOWNLO~1\DMService.exe ()
SRV - (ZENPreAgent) -- C:\WINDOWS\novell\zenworks\bin\ZENPreAgent.exe ()
SRV - (AgentSrv) -- C:\Programme\Connected\AGENTSRV.EXE (Connected Corporation)
SRV - (DozeSvc) -- C:\Programme\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.)
SRV - (PwmEWSvc) -- C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe (Lenovo Group Limited)
SRV - (Power Manager DBC Service) -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe ()
SRV - (AcSvc) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )
SRV - (AcPrfMgrSvc) -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )
SRV - (LENOVO.CAMMUTE) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
SRV - (Novell ZENworks Agent Service) -- C:\Programme\Novell\ZENworks\bin\ZenworksWindowsService.exe (Novell, Inc.)
SRV - (WMCoreService) -- C:\Programme\Mobile Broadband drivers\WMCore\WMCore.exe (Ericsson AB)
SRV - (jhi_service) Intel(R) -- C:\Programme\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
SRV - (UNS) Intel(R) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (S24EventMonitor) Intel(R) -- C:\Programme\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)
SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (btwdins) -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
SRV - (TPHKLOAD) -- C:\Programme\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited)
SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (uagqecsvc) -- C:\Programme\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe (Microsoft Corporation)
SRV - (Lenovo.micmute) -- C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
SRV - (Novell Identity Store) -- C:\Programme\Novell\CASA\bin\micasad.exe (Novell, Inc)
SRV - (Symantec AntiVirus) -- C:\Programme\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (SmcService) -- C:\Programme\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Programme\Symantec\Symantec Endpoint Protection\SNAC.EXE (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (BrYNSvc) -- C:\Programme\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
SRV - (CcmExec) -- C:\WINDOWS\system32\CCM\CcmExec.exe (Microsoft Corporation)
SRV - (smstsmgr) -- C:\WINDOWS\System32\CCM\TSManager.exe (Microsoft Corporation)
SRV - (PatchLink Update) -- C:\Programme\PatchLink\Update Agent\GravitixService.exe (Novell, Inc.)
SRV - (NWSAPAutoWorkstationUpdateSvc) -- C:\Programme\SAP\SapSetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe (SAP AG)
SRV - (Lotus Notes Single Logon) -- C:\Notes\nslsvice.exe (IBM Corp)
SRV - (cusrvc) -- C:\WINDOWS\system32\cusrvc.exe (Novell, Inc.)
SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe (Nero AG)
SRV - (ZFDWM) -- C:\Programme\Novell\ZENworks\WM.EXE (Novell, Inc.)
SRV - (XTAgent) -- C:\WINDOWS\system32\novell\xtagent.exe (Novell, Inc.)
SRV - (IviRegMgr) -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (NALNTSERVICE) -- C:\Programme\Novell\ZENworks\NALNTSRV.EXE (Novell, Inc.)
SRV - (Remote Management Agent) -- C:\Programme\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe (Novell, Inc.)
SRV - (UPHClean) -- C:\Programme\UPHClean\uphclean.exe (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (NAVEX15) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20120324.019\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20120324.019\NAVENG.SYS (Symantec Corporation)
DRV - (smrtdrv) -- C:\WINDOWS\system32\drivers\smrtdrv.sys (SMART Technologies Inc.)
DRV - (eeCtrl) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (WpsHelper) -- C:\WINDOWS\system32\drivers\wpshelper.sys (Symantec Corporation)
DRV - (TrojanKillerDriver) -- C:\WINDOWS\system32\drivers\gtkdrv.sys (Windows (R) Win 7 DDK provider)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (NVHDA) -- C:\WINDOWS\system32\drivers\nvhda32.sys (NVIDIA Corporation)
DRV - (DozeHDD) -- C:\WINDOWS\system32\drivers\DOZEHDD.SYS (Lenovo.)
DRV - (TPPWRIF) -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS (Lenovo Group Limited)
DRV - (IBMTPCHK) -- C:\WINDOWS\system32\drivers\IBMBLDID.sys ()
DRV - (ANC) -- C:\WINDOWS\system32\drivers\ANC.sys (IBM Corp.)
DRV - (risdxc) -- C:\WINDOWS\system32\drivers\risdxc86.sys (REDC)
DRV - (WNTHW) -- C:\WINDOWS\system32\drivers\WNTHW.SYS ()
DRV - (Mbm4NUn) F5521gw Mobile Broadband Network Adapter (WDM) -- C:\WINDOWS\system32\drivers\Mbm4NUn.sys (MCCI Corporation)
DRV - (Mbm4mdm) -- C:\WINDOWS\system32\drivers\Mbm4mdm.sys (MCCI Corporation)
DRV - (Mbm4mgmt)  Mobile Broadband Device Management Driver (WDM) -- C:\WINDOWS\system32\drivers\Mbm4mgmt.sys (MCCI Corporation)
DRV - (Mbm4NNd5) F5521gw Mobile Broadband Network Adapter (NDIS) -- C:\WINDOWS\system32\drivers\Mbm4NNd5.sys (MCCI Corporation)
DRV - (Mbm4bus) F5521gw Mobile Broadband Device (WDM) -- C:\WINDOWS\system32\drivers\Mbm4bus.sys (MCCI Corporation)
DRV - (Mbm4mdfl) -- C:\WINDOWS\system32\drivers\Mbm4mdfl.sys (MCCI Corporation)
DRV - (CnxtHdAudService) -- C:\WINDOWS\system32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (Shockprf) -- C:\WINDOWS\system32\drivers\ApsX86.sys (Lenovo.)
DRV - (TPDIGIMN) -- C:\WINDOWS\system32\drivers\ApsHM86.sys (Lenovo.)
DRV - (TSMAPIP) -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS ()
DRV - (NETwNx32) ___ Intel(R) -- C:\WINDOWS\system32\drivers\NETwNx32.sys (Intel Corporation)
DRV - (e1cexpress) Intel(R) -- C:\WINDOWS\system32\drivers\e1c5132.sys (Intel Corporation)
DRV - (l36wgps) -- C:\WINDOWS\system32\drivers\l36wgps.sys (Ericsson AB)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (MEI) Intel(R) -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation)
DRV - (lenovo.smi) -- C:\WINDOWS\system32\drivers\smiif32.sys (Lenovo Group Limited)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (SysPlant) -- C:\WINDOWS\system32\drivers\SysPlant.sys (Symantec Corporation)
DRV - (WPS) -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys (Symantec Corporation)
DRV - (SRTSPL) -- C:\WINDOWS\system32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\srtspx.sys (Symantec Corporation)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (Teefer2) -- C:\WINDOWS\system32\drivers\Teefer2.sys (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (COH_Mon) -- C:\WINDOWS\system32\drivers\COH_Mon.sys (Symantec Corporation)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (prepdrvr) -- C:\WINDOWS\system32\CCM\PrepDrv.sys (Microsoft Corporation)
DRV - (smihlp) SMI Helper Driver (smihlp) -- C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys (UPEK Inc.)
DRV - (smsmdd) -- C:\WINDOWS\system32\drivers\smsmdm.sys (Microsoft Corporation)
DRV - (NetwareWorkstation) -- C:\WINDOWS\system32\NetWare\nwfs.sys (Novell, Inc.)
DRV - (SRVLOC) -- C:\WINDOWS\system32\NetWare\srvloc.sys (Novell, Inc.)
DRV - (NWSIPX32) -- C:\WINDOWS\system32\NetWare\nwsipx32.sys (Novell, Inc.)
DRV - (NWFILTER) -- C:\WINDOWS\system32\NetWare\nwfilter.sys (Novell, Inc.)
DRV - (RESMGR) -- C:\WINDOWS\system32\NetWare\resmgr.sys (Novell, Inc.)
DRV - (NWDNS) -- C:\WINDOWS\system32\NetWare\nwdns.sys (Novell, Inc.)
DRV - (Sony_EricssonWWSC) -- C:\WINDOWS\system32\drivers\lnvoscard.sys (Sony Ericsson)
DRV - (NWSLP) -- C:\WINDOWS\system32\NetWare\nwslp.sys (Novell, Inc.)
DRV - (NICM) -- C:\WINDOWS\system32\drivers\nicm.sys (Novell, Inc.)
DRV - (stmtpm) -- C:\WINDOWS\system32\drivers\stm_tpm.sys (STMicroelectronics, INC)
DRV - (BM) -- C:\WINDOWS\system32\drivers\vptunnel.sys (Novell, Inc.)
DRV - (NWDHCP) -- C:\WINDOWS\system32\NetWare\nwdhcp.sys (Novell, Inc.)
DRV - (NWHOST) -- C:\WINDOWS\system32\NetWare\nwhost.sys (Novell, Inc.)
DRV - (NWSNS) Novell Simple Naming Services (NWSNS) -- C:\WINDOWS\system32\NetWare\nwsns.sys (Novell, Inc.)
DRV - (BlankScr) -- C:\WINDOWS\System32\drivers\blankscr.sys (Novell Inc.)
DRV - (Darpan) -- C:\WINDOWS\system32\drivers\Darpan.sys (Novell, Inc.)
DRV - (NICICCS) -- C:\WINDOWS\System32\drivers\niciccs.sys ()
DRV - (NWSAP) -- C:\WINDOWS\system32\NetWare\nwsap.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.steria-mummert.de/intern/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.steria-mummert.de/intern/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XPxdm049YYde&ptnrS=XPxdm049YYde&si=49647&ptb=DDACAE69-42A6-4475-B7CB-5BC0B4AEAAB3&psa=&ind=2012022005&st=sb&n=77ed04f5&searchfor={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.steria-mummert.de/intern/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.steria-mummert.de/intern/
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{068A3FEB-E034-4CD7-834C-20E7AB1D0B46}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=109867&babsrc=SP_ss&mntrId=a6ddc64300000000000060d819c0da1b
IE - HKCU\..\SearchScopes\{1003C13B-1BEF-4DB6-BEA1-DC5E2FD06A00}: "URL" = hxxp://www.google.de
IE - HKCU\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XPxdm049YYde&ptnrS=XPxdm049YYde&si=49647&ptb=DDACAE69-42A6-4475-B7CB-5BC0B4AEAAB3&psa=&ind=2012022005&st=sb&n=77ed04f5&searchfor={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.ad.econgas.com:8080
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = hxxp://wpad/wpad.dat
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\: 
 
[2011.12.20 17:17:31 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\Mozilla\Extensions
[2012.02.29 22:15:21 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\Mozilla\Firefox\Profiles\wbkl6vga.default\extensions
[2012.03.24 20:07:11 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\Mozilla\Firefox\Profiles\wbkl6vga.default\extensions\64ffxtbr@TelevisionFanatic.com
[2012.02.05 13:46:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.02.05 13:46:43 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.02.19 16:43:25 | 000,002,310 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml
 
O1 HOSTS File: ([2008.04.14 19:30:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programme\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Application Explorer] C:\Programme\Novell\ZENworks\naldesk.exe (Novell, Inc.)
O4 - HKLM..\Run: [BrStsMon00] C:\Programme\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ccApp] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ControlCenter3] C:\Programme\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IMSS] C:\Programme\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [LenovoAutoScrollUtility] C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [LPMailChecker] C:\Programme\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [NDPS] C:\WINDOWS\system32\dpmw32.exe (Novell, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NWTRAY] C:\WINDOWS\System32\nwtray.exe (Novell, Inc.)
O4 - HKLM..\Run: [PDDM] C:\Programme\PatchLink\Update Agent\pddm.exe (Novell, Inc.)
O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [SAP_WUS_UNT] C:\Programme\SAP\SAPsetup\setup\Updater\NwSapSetupUserNotificationTool.exe (SAP AG)
O4 - HKLM..\Run: [SMART Mirror Driver Monitor Service] C:\Dokumente und Einstellungen\Sravan Kumar Puppala [2012.03.25 17:48:58 | 000,000,000 | ---D | M]
O4 - HKLM..\Run: [TPFNF7] C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [ZCM Install Helper] D:\Temp\~ZCM\cleanup.exe File not found
O4 - HKLM..\Run: [ZENRC Tray Icon] C:\WINDOWS\system32\zentray.exe (Novell, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Bluetooth.lnk = C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Connected TaskBar Icon.LNK = C:\Programme\Connected\CBSysTray.exe (Connected Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\SnagIt 8.lnk = C:\Programme\TechSmith\SnagIt 8\SnagIt32.exe (TechSmith Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: CompatibleRUPSecurity = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Home = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Fullscreen = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Tools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Print = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Edit = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Cut = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Copy = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Paste = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Encoding = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WarningMsgInBody = 
O8 - Extra context menu item: &Search - hxxp://tbedits.televisionfanatic.com/one-toolbaredits/menusearch.jhtml?s=100000415&p=XPxdm049YYde&si=49647&a=DDACAE69-42A6-4475-B7CB-5BC0B4AEAAB3&n=2012022005 File not found
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Programme\Novell\ZENworks\AxNalServer.dll (Novell, Inc)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\NetWare\nwws2nds.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\NetWare\nwws2sap.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\system32\NetWare\nwws2slp.dll (Novell, Inc.)
O15 - HKCU\..Trusted Domains: hotmail.de ([]http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: live.com ([login] https in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: srv7vie07 ([]http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: steria.com ([chgpwd.hq] https in Vertrauenswürdige Sites)
O16 - DPF: {7114683A-020D-4D16-80FD-6ACE384B66DF} hxxp://vsrv1gasx01:9080/gasx/activex/FPSPR70.ocx (FarPoint Spread 7.0 (OLEDB))
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} https://external.econgas.com/InternalSite/WhlCompMgr.cab (Forefront UAG client components)
O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} https://domino.koeln.steria-mummert.de/dwa8W.cab (Domino Web Access 8 Control)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_05)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://qliktech.webex.com/client/T27LD/nbr/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C9B80A69-0E19-4CC0-A499-C8F0C5544AA3}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\qvp {4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520} - C:\Programme\QlikView\QvProtocol\qvp.dll (QlikTech AB)
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Programme\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Programme\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (ziswin.exe) - C:\WINDOWS\System32\ZISWIN.EXE (Novell)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (NWGINA.DLL) - C:\WINDOWS\System32\nwgina.dll (Novell, Inc.)
O20 - Winlogon\Notify\ACNotify: DllName - (ACNotify.dll) - C:\Programme\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O20 - Winlogon\Notify\LCredMgr: DllName - (C:\Programme\Novell\CASA\bin\lcredmgr.dll) - C:\Programme\Novell\CASA\bin\lcredmgr.dll ()
O20 - Winlogon\Notify\NetIdentity Notification: DllName - (C:\WINDOWS\system32\Novell\XtNotify.dll) - C:\WINDOWS\system32\novell\xtnotify.dll (Novell, Inc.)
O20 - Winlogon\Notify\psfus: DllName - (C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\SMC Start Screen_1440w_Plain.BMP
O24 - Desktop BackupWallPaper: C:\WINDOWS\SMC Start Screen_1440w_Plain.BMP
O28 - HKLM ShellExecuteHooks: {763370C4-268E-4308-A60C-D8DA0342BE32} - C:\Programme\Novell\ZENworks\NalShell.dll (Novell, Inc)
O30 - LSA: Authentication Packages - (nwv1_0) - C:\WINDOWS\System32\nwv1_0.dll (Novell, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.12.01 15:06:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{7606a47c-52f5-11e1-a04e-028037ec0200}\Shell\AutoRun\command - "" = E:\Toshiba\more4you.exe
O33 - MountPoints2\{8140258f-3a1f-11e1-a010-60d819c0da1b}\Shell\AutoRun\command - "" = E:\Toshiba\Launcher\start.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - 
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{0E5911DD-EA12-4626-B1A8-CB9B7E701F9F} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.25 18:21:27 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Desktop\OTL.exe
[2012.03.25 17:46:38 | 000,000,000 | ---D | C] -- C:\Avenger
[2012.03.25 15:06:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\Malwarebytes
[2012.03.25 15:06:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.03.25 15:06:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.03.25 15:06:47 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.03.25 15:06:47 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.03.24 16:05:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\GridinSoft Trojan Killer
[2012.03.24 16:04:58 | 000,000,000 | ---D | C] -- C:\Programme\GridinSoft Trojan Killer
[2012.03.19 14:14:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\webex
[2012.03.14 13:31:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Desktop\SAP BW
[2012.03.05 07:57:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Desktop\Qlikview
[2012.03.01 16:01:37 | 000,002,432 | ---- | C] (SMART Technologies Inc.) -- C:\WINDOWS\System32\drivers\smrtdrv.sys
[2012.03.01 16:01:35 | 000,011,648 | ---- | C] (SMART Technologies Inc.) -- C:\WINDOWS\System32\smrtdrv.dll
[2012.03.01 16:01:35 | 000,003,584 | ---- | C] (SMART Technologies Inc.) -- C:\WINDOWS\System32\smrtexp.dll
[2012.02.29 12:54:15 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\IECompatCache
[2012.02.28 18:38:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\QlikView
[2012.02.24 18:40:31 | 000,000,000 | ---D | C] -- D:\Bilder
[2011.12.20 11:23:00 | 003,145,728 | ---- | C] (SAP Technology,Inc) -- C:\Programme\Gemeinsame Dateien\sapxlhelper.dll
[2011.12.20 11:23:00 | 000,626,688 | ---- | C] (SAP AG) -- C:\Programme\Gemeinsame Dateien\sapconsaccess.dll
[2011.12.20 11:23:00 | 000,192,512 | ---- | C] (SAP Tech Inc.) -- C:\Programme\Gemeinsame Dateien\sapconsr3.dll
[2011.12.20 11:23:00 | 000,040,960 | ---- | C] (SAP-TECHNOLOGY) -- C:\Programme\Gemeinsame Dateien\DigitalSignature.ocx
[62 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.25 18:21:35 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Desktop\OTL.exe
[2012.03.25 18:05:42 | 000,573,893 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2012.03.25 17:50:48 | 000,020,894 | RHS- | M] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol
[2012.03.25 17:50:47 | 000,000,462 | ---- | M] () -- C:\WINDOWS\smscfg.ini
[2012.03.25 17:50:26 | 000,002,076 | ---- | M] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Desktop\SMC Anwendungen.nal
[2012.03.25 17:49:14 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2012.03.25 17:49:09 | 000,573,893 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2012.03.25 17:48:58 | 000,000,972 | RHS- | M] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\ntuser.pol
[2012.03.25 17:47:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.03.25 17:05:15 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.03.25 17:03:18 | 000,188,200 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.03.25 15:23:21 | 000,442,740 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.03.25 15:23:21 | 000,367,280 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2012.03.25 15:23:21 | 000,365,016 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.03.25 15:23:21 | 000,355,152 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2012.03.25 15:23:21 | 000,071,912 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.03.25 15:23:21 | 000,069,076 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.03.25 15:23:21 | 000,049,376 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2012.03.25 15:23:21 | 000,048,468 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2012.03.25 15:06:48 | 000,000,763 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.24 16:05:03 | 000,000,793 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Trojan Killer.lnk
[2012.03.24 14:42:42 | 000,000,731 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Connected TaskBar Icon.LNK
[2012.03.23 15:53:56 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012.03.22 11:09:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.03.16 23:32:43 | 000,437,661 | ---- | M] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Desktop\FLT_3F4HCB15413_0.pdf
[2012.03.01 16:01:37 | 000,002,432 | ---- | M] (SMART Technologies Inc.) -- C:\WINDOWS\System32\drivers\smrtdrv.sys
[2012.03.01 16:01:35 | 000,011,648 | ---- | M] (SMART Technologies Inc.) -- C:\WINDOWS\System32\smrtdrv.dll
[2012.03.01 16:01:35 | 000,003,584 | ---- | M] (SMART Technologies Inc.) -- C:\WINDOWS\System32\smrtexp.dll
[2012.02.28 18:03:43 | 000,002,010 | -H-- | M] () -- D:\Default.rdp
[2012.02.28 00:42:29 | 000,000,042 | ---- | M] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\default.pls
[62 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.25 17:50:26 | 000,002,076 | ---- | C] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Desktop\SMC Anwendungen.nal
[2012.03.25 15:06:48 | 000,000,763 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.24 16:05:03 | 000,000,793 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Trojan Killer.lnk
[2012.03.16 23:32:43 | 000,437,661 | ---- | C] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Desktop\FLT_3F4HCB15413_0.pdf
[2012.02.28 00:42:29 | 000,000,042 | ---- | C] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\default.pls
[2012.02.19 16:12:52 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.02.07 13:15:05 | 000,007,680 | ---- | C] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.15 21:56:15 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF10A.DAT
[2012.01.15 21:56:13 | 000,000,425 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2012.01.03 20:20:29 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011.12.20 18:07:31 | 000,456,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\niciccs.sys
[2011.12.20 18:05:45 | 000,078,448 | ---- | C] () -- C:\WINDOWS\System32\bmnotify.dll
[2011.12.20 18:05:44 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\ldapmethod.dll
[2011.12.20 18:05:43 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\vpnlogin.exe
[2011.12.20 18:05:43 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\ikeapp.exe
[2011.12.20 18:05:43 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\vpnstats.exe
[2011.12.20 18:05:43 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\vpnext.dll
[2011.12.20 18:05:43 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\regvpn.exe
[2011.12.20 18:05:43 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\vpnrst.exe
[2011.12.20 18:05:43 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\SlpDnsRestore.exe
[2011.12.20 18:02:57 | 000,586,752 | R--- | C] () -- C:\WINDOWS\autolog.exe
[2011.12.20 18:02:57 | 000,080,384 | ---- | C] () -- C:\WINDOWS\cusrmgr.exe
[2011.12.20 18:02:55 | 000,262,227 | ---- | C] () -- C:\WINDOWS\System32\nwshlxnt.dll
[2011.12.20 18:02:55 | 000,065,619 | ---- | C] () -- C:\WINDOWS\System32\setupw2k.dll
[2011.12.20 18:02:55 | 000,015,898 | ---- | C] () -- C:\WINDOWS\System32\vlmsup.exe
[2011.12.20 18:02:55 | 000,001,724 | ---- | C] () -- C:\WINDOWS\System32\vipx.exe
[2011.12.20 18:02:54 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\lgncon32.dll
[2011.12.20 18:02:54 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\dplgnw32.dll
[2011.12.20 18:02:51 | 000,002,757 | ---- | C] () -- C:\WINDOWS\System32\rdrstats.ini
[2011.12.20 18:02:50 | 000,225,356 | ---- | C] () -- C:\WINDOWS\System32\lgnwnt32.dll
[2011.12.20 18:02:50 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\prtwin32.dll
[2011.12.20 18:02:50 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\nwpsrv32.dll
[2011.12.20 18:02:49 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nwslog32.dll
[2011.12.20 18:02:09 | 000,573,893 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2011.12.20 17:17:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011.12.20 13:28:36 | 000,256,580 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011.12.20 13:28:36 | 000,256,580 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011.12.20 13:28:36 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011.12.20 13:25:56 | 000,000,462 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2011.12.20 13:24:33 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2011.12.20 13:24:33 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2011.12.20 13:24:33 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2011.12.20 13:24:33 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2011.12.20 13:24:33 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2011.12.20 13:24:33 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2011.12.20 13:22:26 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\IntelMEFWVer.dll
[2011.12.20 13:19:14 | 000,638,784 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2011.12.20 12:55:49 | 000,023,116 | ---- | C] () -- C:\WINDOWS\System32\CcmFramework.ini
[2011.12.20 12:53:51 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.12.20 12:37:56 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2011.12.20 11:31:49 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\default_user_class.dat
[2011.12.20 11:24:49 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011.12.20 11:23:49 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\MSORFS.DLL
[2011.12.20 11:23:48 | 001,690,896 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL
[2011.12.20 11:23:48 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[2011.12.20 11:23:48 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[2011.12.20 11:23:00 | 000,955,904 | ---- | C] () -- C:\Programme\Gemeinsame Dateien\SAPActiveXL.xlt
[2011.12.20 11:23:00 | 000,949,760 | ---- | C] () -- C:\Programme\Gemeinsame Dateien\SAPActiveXL_nosig.xlt
[2011.12.20 11:21:43 | 001,064,960 | ---- | C] () -- C:\WINDOWS\System32\h5krnl32.dll
[2011.12.20 11:21:43 | 000,188,928 | ---- | C] () -- C:\WINDOWS\System32\h5icon32.dll
[2011.12.20 11:21:43 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\h5menu32.dll
[2011.12.20 11:21:43 | 000,095,744 | ---- | C] () -- C:\WINDOWS\System32\h5rtf32.dll
[2011.12.20 11:21:43 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\h5tool32.dll
[2011.12.20 11:18:43 | 000,009,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\WNTHW.SYS
[2011.11.09 10:08:01 | 000,001,372 | ---- | C] () -- C:\WINDOWS\System32\VoipUpdate.ini
[2011.11.09 10:07:54 | 000,030,893 | ---- | C] () -- C:\WINDOWS\System32\drivers\Mixer.ini
[2011.11.09 10:07:47 | 000,001,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\Altmixer.ini
[2011.11.09 10:03:42 | 002,286,930 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010.12.09 14:57:54 | 002,860,384 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2010.10.11 03:29:34 | 000,114,688 | ---- | C] () -- C:\Programme\ad_ff.dll
[2010.10.11 03:29:14 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\jmicasa.dll
[2010.10.11 03:29:04 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\micasa.dll
[2010.10.11 03:28:52 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\micasacache.dll
[2010.07.10 04:24:14 | 000,006,253 | ---- | C] () -- C:\Programme\eula.rtf
[2010.05.28 11:39:16 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\casa_authtoken.dll
[2010.05.14 12:08:12 | 000,024,632 | ---- | C] () -- C:\WINDOWS\System32\providers.bin
 
========== LOP Check ==========
 
[2012.02.19 16:43:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
[2011.12.20 11:29:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ConeXware
[2011.12.20 13:25:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lenovo
[2011.12.20 11:15:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mummert
[2012.02.28 17:03:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QlikTech
[2012.01.14 12:45:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TechSmith
[2012.02.19 16:43:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\Babylon
[2012.01.17 14:40:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\DBDesigner4
[2011.12.20 12:53:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\Lenovo
[2011.12.20 12:56:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\Mummert
[2011.12.20 16:47:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\PwrMgr
[2012.01.06 12:22:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\QlikTech
[2012.01.14 12:54:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\TANDBERG
[2012.01.19 12:36:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\TeamViewer
[2012.03.19 14:14:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\webex
[2012.01.13 14:27:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\Xerox
[2012.03.25 17:49:14 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.03.25 17:47:24 | 000,000,000 | ---D | M] -- C:\Avenger
[2011.12.20 12:51:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2011.12.20 12:35:49 | 000,000,000 | -HSD | M] -- C:\DRIVERS
[2012.02.11 14:06:23 | 000,000,000 | ---D | M] -- C:\Forefront UAG Remote Access Agent
[2011.12.20 18:02:49 | 000,000,000 | -HSD | M] -- C:\INSTALLS
[2011.12.20 13:22:15 | 000,000,000 | ---D | M] -- C:\Intel
[2012.03.25 17:50:15 | 000,000,000 | -H-D | M] -- C:\NALCache
[2012.01.05 18:41:34 | 000,000,000 | ---D | M] -- C:\NDPS
[2012.03.19 20:58:40 | 000,000,000 | ---D | M] -- C:\Notes
[2011.12.20 11:10:12 | 000,000,000 | ---D | M] -- C:\Novell
[2012.03.25 15:06:47 | 000,000,000 | R--D | M] -- C:\Programme
[2012.01.08 19:44:06 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2011.12.20 18:01:14 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.03.25 15:12:34 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe >
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2008.04.14 19:30:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 19:30:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.04.14 19:30:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 19:30:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:atapi.sys
[2008.04.14 19:30:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 19:30:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 19:30:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.04.14 19:30:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 19:30:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\system32\dllcache\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2009.06.04 15:13:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\DRIVERS\000_SYSTEM\MSD\iastor\IaStor.sys
[2010.11.06 00:39:18 | 000,354,840 | ---- | M] (Intel Corporation) MD5=F4037A3FEDB92DD97C95F320766EA5C9 -- C:\DRIVERS\000_SYSTEM\IaStor.sys
[2010.11.05 20:09:18 | 000,354,840 | ---- | M] (Intel Corporation) MD5=F4037A3FEDB92DD97C95F320766EA5C9 -- C:\WINDOWS\system32\drivers\iastor.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 19:30:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 19:30:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 19:30:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 19:30:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.04.14 19:30:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\dllcache\user32.dll
[2008.04.14 19:30:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 19:30:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 19:30:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 19:30:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 19:30:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.04.14 19:30:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2008.04.14 19:30:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2009.12.01 20:28:19 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2009.12.01 20:28:18 | 001,093,632 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2009.12.01 20:28:18 | 000,450,560 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\system32\*.dll /lockedfiles >
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2011.12.20 16:02:28 | 000,069,011 | ---- | M] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\install.xml
[2012.03.25 17:45:59 | 004,980,736 | ---- | M] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\NTUSER.DAT
[2012.03.25 18:23:48 | 000,001,024 | -H-- | M] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\NTUSER.DAT.LOG
[2012.03.25 17:45:59 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\ntuser.ini
[2012.03.25 17:48:58 | 000,000,972 | RHS- | M] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\ntuser.pol
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2012.01.12 19:20:28 | 001,860,096 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
<          Schliesse bitte nun alle Programme >

< End of report >

--- --- ---

[/CODE]

OTL_Extras:
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 25.03.2012 18:24:07 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,49 Gb Total Physical Memory | 2,45 Gb Available Physical Memory | 70,35% Memory free
5,32 Gb Paging File | 4,31 Gb Available in Paging File | 81,02% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 40,00 Gb Total Space | 17,81 Gb Free Space | 44,53% Space Free | Partition Type: NTFS
Drive D: | 425,26 Gb Total Space | 294,34 Gb Free Space | 69,21% Space Free | Partition Type: NTFS
Drive E: | 988,00 Mb Total Space | 917,44 Mb Free Space | 92,86% Space Free | Partition Type: FAT
 
Computer Name: MC00019325 | User Name: Sravan Kumar Puppala | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3024:UDP" = 3024:UDP:*:Enabled:Novell Bordermanager Proxy Services
"1761:TCP" = 1761:TCP:*:Enabled:Novell ZENworks Services
"1761:UDP" = 1761:UDP:*:Enabled:Novell ZENworks Services
"7461:TCP" = 7461:TCP:*:Enabled:Novell Asset Management
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3024:UDP" = 3024:UDP:*:Enabled:Novell Bordermanager Proxy Services
"1761:TCP" = 1761:TCP:*:Enabled:Novell ZENworks Services
"1761:UDP" = 1761:UDP:*:Enabled:Novell ZENworks Services
"2967:TCP" = 2967:TCP:*:Enabled:Symantec Client Security 1
"2967:UDP" = 2967:UDP:*:Enabled:Symantec Client Security 2
"38293:UDP" = 38293:UDP:*:Enabled:Symantec Client Security 3
"7461:TCP" = 7461:TCP:*:Enabled:Novell Asset Management
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%WINDIR%\system32\dpmw32.exe" = %WINDIR%\system32\dpmw32.exe:*:Enabled:Novell Distributed Print Services -- (Novell, Inc.)
"%WINDIR%\system32\vpnstats.exe" = %WINDIR%\system32\vpnstats.exe:*:Enabled:Novell Bordermanager VPN Services -- ()
"%WINDIR%\system32\ikeapp.exe" = %WINDIR%\system32\ikeapp.exe:*:Enabled:Novell Bordermanager VPN Services -- ()
"C:\Programme\Connected\COBackup.exe" = C:\Programme\Connected\COBackup.exe:10.0.0.0/255.0.0.0,193.26.252.0/255.255.255.0:Enabled:Connected DataProtector -- (Connected Corporation)
"C:\Programme\Connected\AgentSrv.exe" = C:\Programme\Connected\AgentSrv.exe:10.0.0.0/255.0.0.0,193.26.252.0/255.255.255.0:Enabled:Connected DataProtector -- (Connected Corporation)
"C:\WINDOWS\system32\dpmw32.exe" = C:\WINDOWS\system32\dpmw32.exe:*:Enabled:Novell Distributed Print Services -- (Novell, Inc.)
"C:\WINDOWS\system32\ikeapp.exe" = C:\WINDOWS\system32\ikeapp.exe:*:Enabled:Novell Bordermanager VPN Services -- ()
"C:\WINDOWS\system32\vpnstats.exe" = C:\WINDOWS\system32\vpnstats.exe:*:Enabled:Novell Bordermanager VPN Services -- ()
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%WINDIR%\system32\dpmw32.exe" = %WINDIR%\system32\dpmw32.exe:*:Enabled:Novell Distributed Print Services -- (Novell, Inc.)
"%WINDIR%\system32\vpnstats.exe" = %WINDIR%\system32\vpnstats.exe:*:Enabled:Novell Bordermanager VPN Services -- ()
"%WINDIR%\system32\ikeapp.exe" = %WINDIR%\system32\ikeapp.exe:*:Enabled:Novell Bordermanager VPN Services -- ()
"C:\Programme\Connected\AgentSrv.exe" = C:\Programme\Connected\AgentSrv.exe:10.0.0.0/255.0.0.0,193.26.252.0/255.255.255.0:Enabled:Connected DataProtector -- (Connected Corporation)
"C:\Programme\Connected\COBackup.exe" = C:\Programme\Connected\COBackup.exe:10.0.0.0/255.0.0.0,193.26.252.0/255.255.255.0:Enabled:Connected DataProtector -- (Connected Corporation)
"C:\WINDOWS\system32\dpmw32.exe" = C:\WINDOWS\system32\dpmw32.exe:*:Enabled:Novell Distributed Print Services -- (Novell, Inc.)
"C:\WINDOWS\system32\ikeapp.exe" = C:\WINDOWS\system32\ikeapp.exe:*:Enabled:Novell Bordermanager VPN Services -- ()
"C:\WINDOWS\system32\vpnstats.exe" = C:\WINDOWS\system32\vpnstats.exe:*:Enabled:Novell Bordermanager VPN Services -- ()
"C:\Programme\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Programme\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Programme\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Programme\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" = C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
"C:\Programme\TeamViewer\Version7\TeamViewer.exe" = C:\Programme\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe" = C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04EB530D-EFBE-4624-BC83-611E557B9F03}" = STM TPM Driver 1.0.4.15 - 32 bits
"{118C9AEE-A282-445C-8B56-A6B50795B8A6}" = Powerarchiver
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad-Dienstprogramm 'EasyEject'
"{15A3C0D8-3D81-4CF6-8797-E27BDE5F8573}" = ZENworks Uninstaller
"{1717FEDC-6D5A-44B7-AB98-814834F0E695}" = ZENworks Agent Bundle Management
"{176E8FD2-5BE4-47f5-A7FB-379428C0C027}" = ZENworks Patch Management Agent
"{17C573A8-D916-4166-81A6-7C5C608919CA}" = ZENworks Agent Authentication Satellite Module
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{1BE23A18-1B51-4F59-8326-33CA5F1294F4}" = ZENworks Primary Agent
"{1CA2B9F5-835B-46C2-8961-D52C96C613B7}" = ZENworks Imaging Server
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20F7117E-1B6F-4EEC-8F47-FB7A142FAC12}" = ZENworks Desktop Management Agent
"{21EFE22F-B9A5-4842-9EB6-0D37442F6B9E}" = assetmanagementmodule-langs
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{2BF03149-7323-4347-A72E-A48642C248A4}" = SMC Vorlagen für Office 2003
"{2CB10E96-23CD-4AE2-A7C4-9CF75463C174}" = ZENworks Information Icon
"{2FE4A854-6739-45B9-AF0B-270AA25215F4}" = ZENworks Agent System Update Module
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{364DA896-84B4-4887-95AA-5A2953234217}" = windows-desktop-langs
"{3C189690-43B8-4E98-A2E4-3908A8F691D0}" = PDF Konverter
"{3C1AE512-3C37-44FA-BA42-ABB721EC5B1D}" = Symantec Endpoint Protection
"{3C6849B6-1953-4DAF-9A8B-783FB72F3CBB}" = Novell CASA Authentication Token Client
"{44D66AD9-AE19-4AFD-BE7E-A1B44C856697}" = MSXML4.0 redistributable
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{4CD57A44-0FE0-44B5-AC1A-BDE5490FEA6F}" = status-collection-point-langs
"{4DF669B8-5B56-4174-AFDE-BE7DA0662850}" = primary-agent-langs
"{4E7344D7-84E3-4FB6-967F-DD4624D7EA9C}" = ZFD Mini Inventory
"{5248DF85-F55D-4F84-A08F-3B323DB036B8}" = ThinkVantage Fingerprint Software
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53675532-C165-4916-BD97-59CE0DCF5D09}" = ConText
"{55A976DD-9D1A-4B70-B36B-459D7EE3D380}" = Steria ConfigMgr Local Policy
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5FCDC863-72E2-4C1A-86B2-593018307B1C}" = zencore-agent-langs
"{6034D614-E53F-46F2-B0BC-280222D569C2}" = CASA
"{63C63A5D-44C8-4734-85D6-72D8332721E4}" = Mummert Zertifikate
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Präsentationsdirektor
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" = 
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142050}" = Java 2 Runtime Environment, SE v1.4.2_05
"{721ABC3B-5F12-4332-9C0C-C11424EF666C}" = WIMGAPI
"{72E37E13-0FB8-4644-A8E8-F2900B9C7B67}" = See & Share
"{79EE919C-7A93-4868-8B42-EF8F9B14FFFC}" = ZENworks Status Collection Point
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87467DDA-0189-4730-A3A6-079429D1657B}" = ZENworks Agent WinProxy Module
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{89FB3889-47EE-4CDA-A2DC-565C1D6CEE6C}" = QlikView x86
"{8E770F99-CF23-4BF9-BF4E-E3A2924FEB27}" = Microsoft redistributable runtime DLLs VS2005 SP1(x86)
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90F80407-6000-11D3-8CFE-0150048383C9}" = Tool zum Entfernen verborgener Daten
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{925E8226-FBED-43FD-BC8C-41207B999AF0}" = ZENworks Extensions Libraries
"{93699C3E-005E-4294-87CA-F5B7DE2CD687}" = SnagIt 8
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{951F94FD-DDBB-4A15-B8E7-1560D3D28900}" = actions-langs
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{98AA657D-9790-4454-9DB2-E8ED0EF8C571}" = Configuration Manager Client
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B427732-573E-4E78-B6FA-AC3E5A218BA2}" = NMAS Client
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E7260AC-22D9-4622-AA26-7CD6011D9DA4}" = SAP Mobile Infrastructure
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Energie-Manager
"{A0F74D9F-ECC1-48BB-8105-6FD5B70DD55B}" = ZENworks Agent Asset Management Module
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6D5C59E-F97B-4665-B811-DC93635E05B0}" = ZENworks Action Utilities
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch
"{AD98F2ED-D92A-43AA-9F28-0466928AA13C}" = content-distribution-point-langs
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF2E0395-7695-41E8-AC23-D58C328126F7}" = zennotifyicon-langs
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Display Control Panel
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9A5A789-D491-49FB-958C-BFEC2C11BB1D}" = NMAS Challenge Response Method
"{BC9FD7FB-5929-47F7-9B24-D9237B14F26E}" = ZENworks Version Information
"{BE0B37FE-EF39-4B9C-A329-904616EE633C}" = ZENworks Action Handlers
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6D4B05A-EA7E-1027-80EF-C925E740E99C}" = Intel(R) Identity Protection Technology 1.0.74.0
"{C8FE6530-2E39-4563-A7D8-183C7FA2B76A}" = ZENworks Agent Inventory Management
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB5EDF53-10D0-44F1-A25D-C7BB352AF1B8}" = Novell BorderManager 3.8.15 VPN Client
"{CBA13F11-D29E-48CC-9EBC-F122567F9119}" = Action Handler Resources
"{CD124C12-BEFD-4DBA-A915-A2F995F56B13}" = Policy Action Handler Resources
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D4CAD0A4-A14D-4F70-A8CB-475776C76CF8}" = inventory-langs
"{D6C9AF27-9414-46C8-B9D8-D878BA041031}" = Nero 8
"{D6EA1689-AA4C-4CF6-862C-87D9877F3651}" = ZENworks Content Distribution Point
"{D728E945-256D-4477-B377-6BBA693714AC}" = Ergänzung zu Productivity Center für ThinkPad
"{D9CFF2FF-620F-4842-A075-8A0769816FA4}" = Novell ZENworks Adaptive Agent Help
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{E8542277-8C9D-4CC9-8D92-7C126EE7110E}" = bundle-langs
"{E855E69B-79FA-499D-866B-16B082D6D83A}" = Lotus Notes 8.0.2 de
"{EA9640BE-414E-4195-B53B-7905BF1A5A09}" = Mobile Broadband Drivers
"{EC482C6E-8F7F-4187-BB4C-841E1B64022B}" = ZENworks Actions
"{EE1B5DDC-BE68-4F19-BEEE-7FFD4DD43BFD}" = ZENworks Agent Core Modules
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F02DBC5D-33E3-45E9-B0F8-B7745229ED1C}" = NICI (Shared) U.S./Worldwide (128 bit) (2.7.4-1)
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F48BE301-EC78-4686-B580-EE4934558798}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{F594EA1A-5603-4B82-B624-BE1F807BC8E1}" = WinProxy-langs
"{F5F97313-4454-4B49-A602-285447A55B86}" = Intel(R) PROSet/Wireless WiFi-Software
"{F6B2EDDE-108F-463B-B788-42329FE00D9E}" = Microsoft Redistributable Files (x86)
"{FB6C607F-B865-42A2-B14B-14E207F2EA90}" = QvPluginSetup
"{FB83EAC4-E3F6-4666-B45B-44522F2344B6}" = Brother MFL-Pro Suite DCP-J315W
"{FE041B02-234C-4AAA-9511-80DF6482A458}" = RICOH_Media_Driver_v2.13.18.02
"{FEAD3C72-1A18-4BAB-94FB-E508C31B2E79}" = auth-satellite-server-langs
"{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CNXT_AUDIO_HDA" = Conexant 20672 SmartAudio HD
"Connected" = Connected DataProtector
"GridinSoft Trojan Killer" = Trojan Killer
"ie8" = Windows Internet Explorer 8
"InstallShield_{9E7260AC-22D9-4622-AA26-7CD6011D9DA4}" = SAP Mobile Infrastructure
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Forefront UAG endpoint components 3.1.0" = Microsoft Forefront UAG endpoint components v4.0.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NICI U.S./Worldwide (128 bit)" = NICI U.S./Worldwide 1.7.0 (128 bit)
"Novell Client for Windows" = Novell Client für Windows
"OnScreenDisplay" = On Screen Display
"Power Management Driver" = ThinkPad Power Management Driver
"PPTView97" = Microsoft PowerPoint Viewer 97
"ProInst" = Intel PROSet Wireless
"RDC" = RDC
"SAP_ALD80" = Adobe LiveCycle Designer 8.0
"SAP_WUS" = SAPSetup Automatic Workstation Update Service
"SAPBI" = SAP Business Explorer
"SAPGUI710" = SAP GUI 7.10
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"TeamViewer 7" = TeamViewer 7
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"TreeSize Professional_is1" = TreeSize Professional 4.3
"VLC media player" = VLC media player 1.1.11
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZENworks" = Novell ZENworks
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 22.03.2012 05:11:45 | Computer Name = MC00019325 | Source = MSSHA | ID = 1008
Description = Ein Offlinescanvorgang konnte vom Windows-Sicherheitsintegritäts-Agent
 nicht abgeschlossen werden. Fehlercode: 80070422.
 
Error - 22.03.2012 06:11:45 | Computer Name = MC00019325 | Source = MSSHA | ID = 1008
Description = Ein Offlinescanvorgang konnte vom Windows-Sicherheitsintegritäts-Agent
 nicht abgeschlossen werden. Fehlercode: 80070422.
 
Error - 22.03.2012 07:11:46 | Computer Name = MC00019325 | Source = MSSHA | ID = 1008
Description = Ein Offlinescanvorgang konnte vom Windows-Sicherheitsintegritäts-Agent
 nicht abgeschlossen werden. Fehlercode: 80070422.
 
Error - 22.03.2012 08:11:47 | Computer Name = MC00019325 | Source = MSSHA | ID = 1008
Description = Ein Offlinescanvorgang konnte vom Windows-Sicherheitsintegritäts-Agent
 nicht abgeschlossen werden. Fehlercode: 80070422.
 
Error - 22.03.2012 09:11:47 | Computer Name = MC00019325 | Source = MSSHA | ID = 1008
Description = Ein Offlinescanvorgang konnte vom Windows-Sicherheitsintegritäts-Agent
 nicht abgeschlossen werden. Fehlercode: 80070422.
 
Error - 22.03.2012 15:08:07 | Computer Name = MC00019325 | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 23.03.2012 02:33:26 | Computer Name = MC00019325 | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 23.03.2012 05:22:01 | Computer Name = MC00019325 | Source = PerfNet | ID = 2005
Description = Die Leistungsinformationen vom Serverdienst konnten nicht gelesen 
werden.  Es werden keine Server-Leistungsinformationen zurückgegeben.  Der zurückgegebene
 Fehlercode befindet sich in DWORD 0, der IOSB.Status ist DWORD 1 und  die IOSB.Information
 ist DWORD 2.
 
Error - 23.03.2012 05:22:01 | Computer Name = MC00019325 | Source = PerfNet | ID = 2006
Description = Die Server Queue-Leistungsinformationen konnten nicht gelesen werden.
Es
 werden keine Server-Leistungsinformationen zurückgegeben.  Der zurückgegebene Fehlercode
 ist DWORD 0, der IOSB.Status ist DWORD 1 und  die IOSB.Information ist DWORD 2.
 
Error - 23.03.2012 05:23:37 | Computer Name = MC00019325 | Source = MSSHA | ID = 1008
Description = Ein Offlinescanvorgang konnte vom Windows-Sicherheitsintegritäts-Agent
 nicht abgeschlossen werden. Fehlercode: 80070422.
 
[ Lumension Events ]
Error - 15.03.2012 14:11:37 | Computer Name = MC00019325 | Source = ZENworks Patch Management Detection Agent | ID = 2
Description =     Error occurred posting detection to PLUS (full diff) - error code
 = -2  error msg = ''
 
Error - 15.03.2012 14:12:37 | Computer Name = MC00019325 | Source = ZENworks Patch Management Detection Agent | ID = 2
Description =   Error occurred posting fingerprints results to PLUS - error code
 = -2
 
Error - 15.03.2012 14:13:37 | Computer Name = MC00019325 | Source = ZENworks Patch Management Detection Agent | ID = 2
Description =     Error occurred posting detection to PLUS (full diff) - error code
 = -2  error msg = ''
 
Error - 15.03.2012 14:14:37 | Computer Name = MC00019325 | Source = ZENworks Patch Management Detection Agent | ID = 2
Description =   Error occurred posting fingerprints results to PLUS - error code
 = -2
 
Error - 15.03.2012 14:15:37 | Computer Name = MC00019325 | Source = ZENworks Patch Management Detection Agent | ID = 2
Description =     Error occurred posting detection to PLUS (full diff) - error code
 = -2  error msg = ''
 
Error - 15.03.2012 14:16:37 | Computer Name = MC00019325 | Source = ZENworks Patch Management Detection Agent | ID = 2
Description =   Error occurred posting fingerprints results to PLUS - error code
 = -2
 
Error - 17.03.2012 05:06:54 | Computer Name = MC00019325 | Source = ZENworks Patch Management Detection Agent | ID = 2
Description =     Error occurred posting detection to PLUS (incremental diff) - 
error code = -30  error msg = 'Error: Invalid CheckSum'
 
Error - 19.03.2012 05:07:56 | Computer Name = MC00019325 | Source = ZENworks Patch Management Detection Agent | ID = 2
Description =     Error occurred posting detection to PLUS (incremental diff) - 
error code = -30  error msg = 'Error: Invalid CheckSum'
 
Error - 24.03.2012 07:20:40 | Computer Name = MC00019325 | Source = ZENworks Patch Management Detection Agent | ID = 2
Description =     Error occurred posting detection to PLUS (incremental diff) - 
error code = -30  error msg = 'Error: Invalid CheckSum'
 
Error - 25.03.2012 09:25:55 | Computer Name = MC00019325 | Source = ZENworks Patch Management Detection Agent | ID = 2
Description =     Error occurred posting detection to PLUS (incremental diff) - 
error code = -30  error msg = 'Error: Invalid CheckSum'
 
[ PatchLink Events ]
Error - 03.01.2012 11:33:29 | Computer Name = MC00019325 | Source = ZENworks Patch Management Detection Agent | ID = 2
Description =     Error occurred posting detection to PLUS (incremental diff) - 
error code = -30  error msg = 'Error: Invalid CheckSum'
 
Error - 04.01.2012 10:26:29 | Computer Name = MC00019325 | Source = ZENworks Patch Management Detection Agent | ID = 2
Description =     Error occurred posting detection to PLUS (incremental diff) - 
error code = -30  error msg = 'Error: Invalid CheckSum'
 
Error - 06.01.2012 04:45:50 | Computer Name = MC00019325 | Source = ZENworks Patch Management Detection Agent | ID = 2
Description =     Error occurred posting detection to PLUS (incremental diff) - 
error code = -30  error msg = 'Error: Invalid CheckSum'
 
Error - 08.01.2012 03:15:00 | Computer Name = MC00019325 | Source = ZENworks Patch Management Detection Agent | ID = 2
Description =     Error occurred posting detection to PLUS (incremental diff) - 
error code = -30  error msg = 'Error: Invalid CheckSum'
 
[ System Events ]
Error - 15.03.2012 14:25:15 | Computer Name = MC00019325 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IBMTPCHK" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%31
 
Error - 15.03.2012 14:25:15 | Computer Name = MC00019325 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IBMTPCHK" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%31
 
Error - 15.03.2012 14:25:46 | Computer Name = MC00019325 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IBMTPCHK" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%31
 
Error - 15.03.2012 14:25:48 | Computer Name = MC00019325 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IBMTPCHK" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%31
 
Error - 15.03.2012 14:56:37 | Computer Name = MC00019325 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "wuauserv"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {E60687F7-01A1-40AA-86AC-DB1CBF673334}
 
Error - 15.03.2012 14:56:37 | Computer Name = MC00019325 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "wuauserv"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {E60687F7-01A1-40AA-86AC-DB1CBF673334}
 
Error - 15.03.2012 14:58:03 | Computer Name = MC00019325 | Source = NapAgent | ID = 30
Description = Der System-Integritäts-Agent 79745 hat den Fehlercode FailureCategory
 Other zurückgeliefert.
 
Error - 15.03.2012 15:56:37 | Computer Name = MC00019325 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "wuauserv"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {E60687F7-01A1-40AA-86AC-DB1CBF673334}
 
Error - 15.03.2012 15:56:37 | Computer Name = MC00019325 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "wuauserv"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {E60687F7-01A1-40AA-86AC-DB1CBF673334}
 
Error - 16.03.2012 01:37:57 | Computer Name = MC00019325 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IBMTPCHK" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%31
 
 
< End of report >

--- --- ---

[/CODE]

cosinus · 25.03.2012, 17:38

Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

sravy · 25.03.2012, 17:38

Nochmal OTL ausgeführt und so siehts aus:

OTL_text:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 25.03.2012 18:24:07 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,49 Gb Total Physical Memory | 2,45 Gb Available Physical Memory | 70,35% Memory free
5,32 Gb Paging File | 4,31 Gb Available in Paging File | 81,02% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 40,00 Gb Total Space | 17,81 Gb Free Space | 44,53% Space Free | Partition Type: NTFS
Drive D: | 425,26 Gb Total Space | 294,34 Gb Free Space | 69,21% Space Free | Partition Type: NTFS
Drive E: | 988,00 Mb Total Space | 917,44 Mb Free Space | 92,86% Space Free | Partition Type: FAT
 
Computer Name: MC00019325 | User Name: Sravan Kumar Puppala | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Connected\AGENTSRV.EXE (Connected Corporation)
PRC - C:\Programme\Connected\CBSysTray.exe (Connected Corporation)
PRC - C:\Programme\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.)
PRC - C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe (Lenovo Group Limited)
PRC - C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe ()
PRC - C:\Programme\ThinkPad\Utilities\SCHTASK.EXE (Lenovo Group Limited)
PRC - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated)
PRC - C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo )
PRC - C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
PRC - C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
PRC - C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )
PRC - C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )
PRC - C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
PRC - C:\Programme\Novell\ZENworks\bin\ZenworksWindowsService.exe (Novell, Inc.)
PRC - C:\Programme\Novell\ZENworks\bin\ZenUserDaemon.exe (Novell, Inc.)
PRC - C:\Programme\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Programme\Mobile Broadband drivers\WMCore\WMCore.exe (Ericsson AB)
PRC - C:\Programme\Novell\ZENworks\bin\TSUsage32.exe (Novell, Inc.)
PRC - C:\Programme\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Intel Corporation)
PRC - C:\Programme\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)
PRC - C:\Programme\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Programme\Lenovo\HOTKEY\tpnumlkd.exe (Lenovo Group Limited)
PRC - C:\Programme\ThinkPad\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
PRC - C:\Programme\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Programme\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe (Microsoft Corporation)
PRC - C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\tpnumlk.exe (Lenovo Group Limited)
PRC - C:\Programme\Novell\CASA\bin\micasad.exe (Novell, Inc)
PRC - C:\Programme\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - C:\Programme\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
PRC - C:\Programme\Symantec\Symantec Endpoint Protection\SmcGui.exe (Symantec Corporation)
PRC - C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited)
PRC - C:\Programme\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Programme\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
PRC - C:\WINDOWS\system32\CCM\CcmExec.exe (Microsoft Corporation)
PRC - C:\Programme\PatchLink\Update Agent\GravitixService.exe (Novell, Inc.)
PRC - C:\Programme\PatchLink\Update Agent\pddm.exe (Novell, Inc.)
PRC - C:\Programme\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
PRC - C:\Programme\SAP\SapSetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe (SAP AG)
PRC - C:\Programme\SAP\SapSetup\setup\Updater\NwSapSetupUserNotificationTool.exe (SAP AG)
PRC - C:\Notes\nslsvice.exe (IBM Corp)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Novell\ZENworks\NalAgent.exe (Novell, Inc)
PRC - C:\Programme\Novell\ZENworks\WM.EXE (Novell, Inc.)
PRC - C:\WINDOWS\system32\novell\xtagent.exe (Novell, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Programme\Novell\ZENworks\WMRUNDLL.EXE (Novell, Inc.)
PRC - C:\Programme\Novell\ZENworks\NALNTSRV.EXE (Novell, Inc.)
PRC - C:\Programme\TechSmith\SnagIt 8\SnagIt32.exe (TechSmith Corporation)
PRC - C:\Programme\TechSmith\SnagIt 8\TscHelp.exe (TechSmith Corporation)
PRC - C:\Programme\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe (Novell, Inc.)
PRC - C:\Programme\UPHClean\uphclean.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\dpmw32.exe (Novell, Inc.)
PRC - C:\WINDOWS\system32\nwtray.exe (Novell, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\acc5ec6c04f1eff1029f88e339c98e47\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d4a5aced0ec83076368bad3f7277da5f\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\1cb3849720ed4eb09c75725675a3ef31\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\facce4c3f0327583278401d360310a99\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\1af095ac130f585527b60abd230b4558\System.DirectoryServices.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\142e2b633a002e749dbd9d697dbf3f4f\System.Security.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\64bf8d2f963138ede81700b9fd525547\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\569ae3c239c7270b687996583ca97c28\UIAutomationProvider.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\9cf4a4fdd044bf3f033ae4fa26bdd796\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\891e536eaeebb1c3ea4a2b199f3b739b\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\f3877aa44425b257edad57137c5a2e21\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\0aacf518f032079557bc36a2eef2ccea\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\c54577f8280781a7fdfab0768a5e57dc\System.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\448062bb843b945803db54b94a340c0c\PresentationFramework.Luna.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\666b3b77f2bdbd072b199abd2f15f5f1\PresentationFramework.Classic.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\c29d0fd0724449a5e2e64f36c968f268\PresentationCore.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\5aa5f52223edf2f53fe90b153108d450\WindowsBase.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\12637de2619ee65d57c529f6c786dce1\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll ()
MOD - C:\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.swt.browser.dom.ie_6.1.2.200808010926\os\win32\x86\tlogpsdll.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Novell.Casa.Client.Auth\1.7.0.0__ed0eb71059ea593b\Novell.Casa.Client.Auth.dll ()
MOD - C:\Programme\ThinkPad\Utilities\DE-DE\PWMUIAux.resources.dll ()
MOD - C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe ()
MOD - C:\Programme\ThinkPad\Utilities\GR\PWRMGRRO.DLL ()
MOD - C:\Programme\ThinkPad\Utilities\GR\PWRMGRRT.DLL ()
MOD - C:\Programme\Synaptics\SynTP\SynTPEnhPS.dll ()
MOD - C:\Programme\ThinkPad\ConnectUtilities\ACSonyEricssonHlpr.dll ()
MOD - C:\Programme\ThinkPad\ConnectUtilities\AcWrpc.dll ()
MOD - C:\Programme\Novell\ZENworks\bin\XmlSerializers\zmd.XmlSerializers.dll ()
MOD - C:\Programme\Novell\ZENworks\bin\XmlSerializers\Localizer.XmlSerializers.dll ()
MOD - C:\Programme\Novell\ZENworks\bin\sqlite3.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\WinProxyUI_de.dll ()
MOD - C:\Programme\Novell\ZENworks\bin\XmlSerializers\InventoryManager.XmlSerializers.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\InventoryManager_de.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\StatusCollectionPoint_de.dll ()
MOD - C:\Programme\Novell\ZENworks\bin\XmlSerializers\AppModule.XmlSerializers.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\AppModule_de.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\ContentDistributionPoint_de.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\AuthSatellite_de.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\LoggerUI_de.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\ZenNotifyIconPlugins_de.dll ()
MOD - C:\Programme\Novell\ZENworks\bin\XmlSerializers\QuickTaskManager.XmlSerializers.dll ()
MOD - C:\Programme\Novell\ZENworks\bin\XmlSerializers\ContentManager.XmlSerializers.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\ContentManager_de.dll ()
MOD - C:\Programme\Novell\ZENworks\bin\XmlSerializers\AssignmentManager.XmlSerializers.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\ZenNotifyIconModule_de.dll ()
MOD - C:\Programme\Novell\ZENworks\bin\XmlSerializers\RegistrationModule.XmlSerializers.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\RegistrationModule_de.dll ()
MOD - C:\Programme\Novell\ZENworks\bin\XmlSerializers\Novell.Zenworks.Settings.XmlSerializers.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\SettingsModule_de.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\StatusSender_de.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\ZMD_de.dll ()
MOD - C:\Programme\ThinkPad\ConnectUtilities\Res\GR\GUIHlprRes.dll ()
MOD - C:\Programme\ThinkPad\ConnectUtilities\Res\GR\IconRes.dll ()
MOD - C:\Programme\ThinkPad\ConnectUtilities\Res\GR\SvcHlprRes.dll ()
MOD - C:\WINDOWS\system32\btwicons.dll ()
MOD - C:\Programme\ThinkPad\Bluetooth Software\BTKeyInd.dll ()
MOD - C:\Programme\Mobile Broadband drivers\WMCore\MBMDebug.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU ()
MOD - C:\Programme\Brother\BrUtilities\BrLogAPI.dll ()
MOD - C:\Programme\PatchLink\Update Agent\cryptocme2.dll ()
MOD - C:\WINDOWS\system32\nls\DEUTSCH\nwshlxnr.dll ()
MOD - C:\WINDOWS\system32\nwshlxnt.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\Programme\Novell\ZENworks\nls\deutsch\NalUIRes.dll ()
MOD - C:\Programme\Novell\ZENworks\nls\deutsch\NalRes.dll ()
MOD - C:\Programme\Novell\ZENworks\nls\deutsch\NalAgentRes.dll ()
MOD - C:\WINDOWS\system32\novell\novdhcp.dll ()
MOD - C:\WINDOWS\system32\redmonnt.dll ()
MOD - C:\WINDOWS\system32\XMLPARSE.DLL ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (SMART Mirror Driver Monitor Service) -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\TANDBERG\See&Share\monitorservice.exe (SMART Technologies)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (DMService) -- C:\WINDOWS\DOWNLO~1\DMService.exe ()
SRV - (ZENPreAgent) -- C:\WINDOWS\novell\zenworks\bin\ZENPreAgent.exe ()
SRV - (AgentSrv) -- C:\Programme\Connected\AGENTSRV.EXE (Connected Corporation)
SRV - (DozeSvc) -- C:\Programme\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.)
SRV - (PwmEWSvc) -- C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe (Lenovo Group Limited)
SRV - (Power Manager DBC Service) -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe ()
SRV - (AcSvc) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )
SRV - (AcPrfMgrSvc) -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )
SRV - (LENOVO.CAMMUTE) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
SRV - (Novell ZENworks Agent Service) -- C:\Programme\Novell\ZENworks\bin\ZenworksWindowsService.exe (Novell, Inc.)
SRV - (WMCoreService) -- C:\Programme\Mobile Broadband drivers\WMCore\WMCore.exe (Ericsson AB)
SRV - (jhi_service) Intel(R) -- C:\Programme\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
SRV - (UNS) Intel(R) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (S24EventMonitor) Intel(R) -- C:\Programme\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)
SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (btwdins) -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
SRV - (TPHKLOAD) -- C:\Programme\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited)
SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (uagqecsvc) -- C:\Programme\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe (Microsoft Corporation)
SRV - (Lenovo.micmute) -- C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
SRV - (Novell Identity Store) -- C:\Programme\Novell\CASA\bin\micasad.exe (Novell, Inc)
SRV - (Symantec AntiVirus) -- C:\Programme\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (SmcService) -- C:\Programme\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Programme\Symantec\Symantec Endpoint Protection\SNAC.EXE (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (BrYNSvc) -- C:\Programme\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
SRV - (CcmExec) -- C:\WINDOWS\system32\CCM\CcmExec.exe (Microsoft Corporation)
SRV - (smstsmgr) -- C:\WINDOWS\System32\CCM\TSManager.exe (Microsoft Corporation)
SRV - (PatchLink Update) -- C:\Programme\PatchLink\Update Agent\GravitixService.exe (Novell, Inc.)
SRV - (NWSAPAutoWorkstationUpdateSvc) -- C:\Programme\SAP\SapSetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe (SAP AG)
SRV - (Lotus Notes Single Logon) -- C:\Notes\nslsvice.exe (IBM Corp)
SRV - (cusrvc) -- C:\WINDOWS\system32\cusrvc.exe (Novell, Inc.)
SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe (Nero AG)
SRV - (ZFDWM) -- C:\Programme\Novell\ZENworks\WM.EXE (Novell, Inc.)
SRV - (XTAgent) -- C:\WINDOWS\system32\novell\xtagent.exe (Novell, Inc.)
SRV - (IviRegMgr) -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (NALNTSERVICE) -- C:\Programme\Novell\ZENworks\NALNTSRV.EXE (Novell, Inc.)
SRV - (Remote Management Agent) -- C:\Programme\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe (Novell, Inc.)
SRV - (UPHClean) -- C:\Programme\UPHClean\uphclean.exe (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (NAVEX15) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20120324.019\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20120324.019\NAVENG.SYS (Symantec Corporation)
DRV - (smrtdrv) -- C:\WINDOWS\system32\drivers\smrtdrv.sys (SMART Technologies Inc.)
DRV - (eeCtrl) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (WpsHelper) -- C:\WINDOWS\system32\drivers\wpshelper.sys (Symantec Corporation)
DRV - (TrojanKillerDriver) -- C:\WINDOWS\system32\drivers\gtkdrv.sys (Windows (R) Win 7 DDK provider)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (NVHDA) -- C:\WINDOWS\system32\drivers\nvhda32.sys (NVIDIA Corporation)
DRV - (DozeHDD) -- C:\WINDOWS\system32\drivers\DOZEHDD.SYS (Lenovo.)
DRV - (TPPWRIF) -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS (Lenovo Group Limited)
DRV - (IBMTPCHK) -- C:\WINDOWS\system32\drivers\IBMBLDID.sys ()
DRV - (ANC) -- C:\WINDOWS\system32\drivers\ANC.sys (IBM Corp.)
DRV - (risdxc) -- C:\WINDOWS\system32\drivers\risdxc86.sys (REDC)
DRV - (WNTHW) -- C:\WINDOWS\system32\drivers\WNTHW.SYS ()
DRV - (Mbm4NUn) F5521gw Mobile Broadband Network Adapter (WDM) -- C:\WINDOWS\system32\drivers\Mbm4NUn.sys (MCCI Corporation)
DRV - (Mbm4mdm) -- C:\WINDOWS\system32\drivers\Mbm4mdm.sys (MCCI Corporation)
DRV - (Mbm4mgmt)  Mobile Broadband Device Management Driver (WDM) -- C:\WINDOWS\system32\drivers\Mbm4mgmt.sys (MCCI Corporation)
DRV - (Mbm4NNd5) F5521gw Mobile Broadband Network Adapter (NDIS) -- C:\WINDOWS\system32\drivers\Mbm4NNd5.sys (MCCI Corporation)
DRV - (Mbm4bus) F5521gw Mobile Broadband Device (WDM) -- C:\WINDOWS\system32\drivers\Mbm4bus.sys (MCCI Corporation)
DRV - (Mbm4mdfl) -- C:\WINDOWS\system32\drivers\Mbm4mdfl.sys (MCCI Corporation)
DRV - (CnxtHdAudService) -- C:\WINDOWS\system32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (Shockprf) -- C:\WINDOWS\system32\drivers\ApsX86.sys (Lenovo.)
DRV - (TPDIGIMN) -- C:\WINDOWS\system32\drivers\ApsHM86.sys (Lenovo.)
DRV - (TSMAPIP) -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS ()
DRV - (NETwNx32) ___ Intel(R) -- C:\WINDOWS\system32\drivers\NETwNx32.sys (Intel Corporation)
DRV - (e1cexpress) Intel(R) -- C:\WINDOWS\system32\drivers\e1c5132.sys (Intel Corporation)
DRV - (l36wgps) -- C:\WINDOWS\system32\drivers\l36wgps.sys (Ericsson AB)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (MEI) Intel(R) -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation)
DRV - (lenovo.smi) -- C:\WINDOWS\system32\drivers\smiif32.sys (Lenovo Group Limited)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (SysPlant) -- C:\WINDOWS\system32\drivers\SysPlant.sys (Symantec Corporation)
DRV - (WPS) -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys (Symantec Corporation)
DRV - (SRTSPL) -- C:\WINDOWS\system32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\srtspx.sys (Symantec Corporation)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (Teefer2) -- C:\WINDOWS\system32\drivers\Teefer2.sys (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (COH_Mon) -- C:\WINDOWS\system32\drivers\COH_Mon.sys (Symantec Corporation)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (prepdrvr) -- C:\WINDOWS\system32\CCM\PrepDrv.sys (Microsoft Corporation)
DRV - (smihlp) SMI Helper Driver (smihlp) -- C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys (UPEK Inc.)
DRV - (smsmdd) -- C:\WINDOWS\system32\drivers\smsmdm.sys (Microsoft Corporation)
DRV - (NetwareWorkstation) -- C:\WINDOWS\system32\NetWare\nwfs.sys (Novell, Inc.)
DRV - (SRVLOC) -- C:\WINDOWS\system32\NetWare\srvloc.sys (Novell, Inc.)
DRV - (NWSIPX32) -- C:\WINDOWS\system32\NetWare\nwsipx32.sys (Novell, Inc.)
DRV - (NWFILTER) -- C:\WINDOWS\system32\NetWare\nwfilter.sys (Novell, Inc.)
DRV - (RESMGR) -- C:\WINDOWS\system32\NetWare\resmgr.sys (Novell, Inc.)
DRV - (NWDNS) -- C:\WINDOWS\system32\NetWare\nwdns.sys (Novell, Inc.)
DRV - (Sony_EricssonWWSC) -- C:\WINDOWS\system32\drivers\lnvoscard.sys (Sony Ericsson)
DRV - (NWSLP) -- C:\WINDOWS\system32\NetWare\nwslp.sys (Novell, Inc.)
DRV - (NICM) -- C:\WINDOWS\system32\drivers\nicm.sys (Novell, Inc.)
DRV - (stmtpm) -- C:\WINDOWS\system32\drivers\stm_tpm.sys (STMicroelectronics, INC)
DRV - (BM) -- C:\WINDOWS\system32\drivers\vptunnel.sys (Novell, Inc.)
DRV - (NWDHCP) -- C:\WINDOWS\system32\NetWare\nwdhcp.sys (Novell, Inc.)
DRV - (NWHOST) -- C:\WINDOWS\system32\NetWare\nwhost.sys (Novell, Inc.)
DRV - (NWSNS) Novell Simple Naming Services (NWSNS) -- C:\WINDOWS\system32\NetWare\nwsns.sys (Novell, Inc.)
DRV - (BlankScr) -- C:\WINDOWS\System32\drivers\blankscr.sys (Novell Inc.)
DRV - (Darpan) -- C:\WINDOWS\system32\drivers\Darpan.sys (Novell, Inc.)
DRV - (NICICCS) -- C:\WINDOWS\System32\drivers\niciccs.sys ()
DRV - (NWSAP) -- C:\WINDOWS\system32\NetWare\nwsap.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.steria-mummert.de/intern/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.steria-mummert.de/intern/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XPxdm049YYde&ptnrS=XPxdm049YYde&si=49647&ptb=DDACAE69-42A6-4475-B7CB-5BC0B4AEAAB3&psa=&ind=2012022005&st=sb&n=77ed04f5&searchfor={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.steria-mummert.de/intern/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.steria-mummert.de/intern/
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{068A3FEB-E034-4CD7-834C-20E7AB1D0B46}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=109867&babsrc=SP_ss&mntrId=a6ddc64300000000000060d819c0da1b
IE - HKCU\..\SearchScopes\{1003C13B-1BEF-4DB6-BEA1-DC5E2FD06A00}: "URL" = hxxp://www.google.de
IE - HKCU\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XPxdm049YYde&ptnrS=XPxdm049YYde&si=49647&ptb=DDACAE69-42A6-4475-B7CB-5BC0B4AEAAB3&psa=&ind=2012022005&st=sb&n=77ed04f5&searchfor={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.ad.econgas.com:8080
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = hxxp://wpad/wpad.dat
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\: 
 
[2011.12.20 17:17:31 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\Mozilla\Extensions
[2012.02.29 22:15:21 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\Mozilla\Firefox\Profiles\wbkl6vga.default\extensions
[2012.03.24 20:07:11 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\Mozilla\Firefox\Profiles\wbkl6vga.default\extensions\64ffxtbr@TelevisionFanatic.com
[2012.02.05 13:46:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.02.05 13:46:43 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.02.19 16:43:25 | 000,002,310 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml
 
O1 HOSTS File: ([2008.04.14 19:30:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programme\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Application Explorer] C:\Programme\Novell\ZENworks\naldesk.exe (Novell, Inc.)
O4 - HKLM..\Run: [BrStsMon00] C:\Programme\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ccApp] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ControlCenter3] C:\Programme\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IMSS] C:\Programme\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [LenovoAutoScrollUtility] C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [LPMailChecker] C:\Programme\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [NDPS] C:\WINDOWS\system32\dpmw32.exe (Novell, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NWTRAY] C:\WINDOWS\System32\nwtray.exe (Novell, Inc.)
O4 - HKLM..\Run: [PDDM] C:\Programme\PatchLink\Update Agent\pddm.exe (Novell, Inc.)
O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [SAP_WUS_UNT] C:\Programme\SAP\SAPsetup\setup\Updater\NwSapSetupUserNotificationTool.exe (SAP AG)
O4 - HKLM..\Run: [SMART Mirror Driver Monitor Service] C:\Dokumente und Einstellungen\Sravan Kumar Puppala [2012.03.25 17:48:58 | 000,000,000 | ---D | M]
O4 - HKLM..\Run: [TPFNF7] C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [ZCM Install Helper] D:\Temp\~ZCM\cleanup.exe File not found
O4 - HKLM..\Run: [ZENRC Tray Icon] C:\WINDOWS\system32\zentray.exe (Novell, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Bluetooth.lnk = C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Connected TaskBar Icon.LNK = C:\Programme\Connected\CBSysTray.exe (Connected Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\SnagIt 8.lnk = C:\Programme\TechSmith\SnagIt 8\SnagIt32.exe (TechSmith Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: CompatibleRUPSecurity = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Home = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Fullscreen = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Tools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Print = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Edit = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Cut = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Copy = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Paste = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Encoding = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WarningMsgInBody = 
O8 - Extra context menu item: &Search - hxxp://tbedits.televisionfanatic.com/one-toolbaredits/menusearch.jhtml?s=100000415&p=XPxdm049YYde&si=49647&a=DDACAE69-42A6-4475-B7CB-5BC0B4AEAAB3&n=2012022005 File not found
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Programme\Novell\ZENworks\AxNalServer.dll (Novell, Inc)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\NetWare\nwws2nds.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\NetWare\nwws2sap.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\system32\NetWare\nwws2slp.dll (Novell, Inc.)
O15 - HKCU\..Trusted Domains: hotmail.de ([]http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: live.com ([login] https in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: srv7vie07 ([]http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: steria.com ([chgpwd.hq] https in Vertrauenswürdige Sites)
O16 - DPF: {7114683A-020D-4D16-80FD-6ACE384B66DF} hxxp://vsrv1gasx01:9080/gasx/activex/FPSPR70.ocx (FarPoint Spread 7.0 (OLEDB))
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} https://external.econgas.com/InternalSite/WhlCompMgr.cab (Forefront UAG client components)
O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} https://domino.koeln.steria-mummert.de/dwa8W.cab (Domino Web Access 8 Control)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_05)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://qliktech.webex.com/client/T27LD/nbr/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C9B80A69-0E19-4CC0-A499-C8F0C5544AA3}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\qvp {4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520} - C:\Programme\QlikView\QvProtocol\qvp.dll (QlikTech AB)
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Programme\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Programme\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (ziswin.exe) - C:\WINDOWS\System32\ZISWIN.EXE (Novell)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (NWGINA.DLL) - C:\WINDOWS\System32\nwgina.dll (Novell, Inc.)
O20 - Winlogon\Notify\ACNotify: DllName - (ACNotify.dll) - C:\Programme\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O20 - Winlogon\Notify\LCredMgr: DllName - (C:\Programme\Novell\CASA\bin\lcredmgr.dll) - C:\Programme\Novell\CASA\bin\lcredmgr.dll ()
O20 - Winlogon\Notify\NetIdentity Notification: DllName - (C:\WINDOWS\system32\Novell\XtNotify.dll) - C:\WINDOWS\system32\novell\xtnotify.dll (Novell, Inc.)
O20 - Winlogon\Notify\psfus: DllName - (C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\SMC Start Screen_1440w_Plain.BMP
O24 - Desktop BackupWallPaper: C:\WINDOWS\SMC Start Screen_1440w_Plain.BMP
O28 - HKLM ShellExecuteHooks: {763370C4-268E-4308-A60C-D8DA0342BE32} - C:\Programme\Novell\ZENworks\NalShell.dll (Novell, Inc)
O30 - LSA: Authentication Packages - (nwv1_0) - C:\WINDOWS\System32\nwv1_0.dll (Novell, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.12.01 15:06:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{7606a47c-52f5-11e1-a04e-028037ec0200}\Shell\AutoRun\command - "" = E:\Toshiba\more4you.exe
O33 - MountPoints2\{8140258f-3a1f-11e1-a010-60d819c0da1b}\Shell\AutoRun\command - "" = E:\Toshiba\Launcher\start.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - 
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{0E5911DD-EA12-4626-B1A8-CB9B7E701F9F} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.25 18:21:27 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Desktop\OTL.exe
[2012.03.25 17:46:38 | 000,000,000 | ---D | C] -- C:\Avenger
[2012.03.25 15:06:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\Malwarebytes
[2012.03.25 15:06:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.03.25 15:06:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.03.25 15:06:47 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.03.25 15:06:47 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.03.24 16:05:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\GridinSoft Trojan Killer
[2012.03.24 16:04:58 | 000,000,000 | ---D | C] -- C:\Programme\GridinSoft Trojan Killer
[2012.03.19 14:14:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\webex
[2012.03.14 13:31:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Desktop\SAP BW
[2012.03.05 07:57:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Desktop\Qlikview
[2012.03.01 16:01:37 | 000,002,432 | ---- | C] (SMART Technologies Inc.) -- C:\WINDOWS\System32\drivers\smrtdrv.sys
[2012.03.01 16:01:35 | 000,011,648 | ---- | C] (SMART Technologies Inc.) -- C:\WINDOWS\System32\smrtdrv.dll
[2012.03.01 16:01:35 | 000,003,584 | ---- | C] (SMART Technologies Inc.) -- C:\WINDOWS\System32\smrtexp.dll
[2012.02.29 12:54:15 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\IECompatCache
[2012.02.28 18:38:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\QlikView
[2012.02.24 18:40:31 | 000,000,000 | ---D | C] -- D:\Bilder
[2011.12.20 11:23:00 | 003,145,728 | ---- | C] (SAP Technology,Inc) -- C:\Programme\Gemeinsame Dateien\sapxlhelper.dll
[2011.12.20 11:23:00 | 000,626,688 | ---- | C] (SAP AG) -- C:\Programme\Gemeinsame Dateien\sapconsaccess.dll
[2011.12.20 11:23:00 | 000,192,512 | ---- | C] (SAP Tech Inc.) -- C:\Programme\Gemeinsame Dateien\sapconsr3.dll
[2011.12.20 11:23:00 | 000,040,960 | ---- | C] (SAP-TECHNOLOGY) -- C:\Programme\Gemeinsame Dateien\DigitalSignature.ocx
[62 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.25 18:21:35 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Desktop\OTL.exe
[2012.03.25 18:05:42 | 000,573,893 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2012.03.25 17:50:48 | 000,020,894 | RHS- | M] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol
[2012.03.25 17:50:47 | 000,000,462 | ---- | M] () -- C:\WINDOWS\smscfg.ini
[2012.03.25 17:50:26 | 000,002,076 | ---- | M] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Desktop\SMC Anwendungen.nal
[2012.03.25 17:49:14 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2012.03.25 17:49:09 | 000,573,893 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2012.03.25 17:48:58 | 000,000,972 | RHS- | M] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\ntuser.pol
[2012.03.25 17:47:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.03.25 17:05:15 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.03.25 17:03:18 | 000,188,200 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.03.25 15:23:21 | 000,442,740 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.03.25 15:23:21 | 000,367,280 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2012.03.25 15:23:21 | 000,365,016 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.03.25 15:23:21 | 000,355,152 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2012.03.25 15:23:21 | 000,071,912 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.03.25 15:23:21 | 000,069,076 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.03.25 15:23:21 | 000,049,376 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2012.03.25 15:23:21 | 000,048,468 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2012.03.25 15:06:48 | 000,000,763 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.24 16:05:03 | 000,000,793 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Trojan Killer.lnk
[2012.03.24 14:42:42 | 000,000,731 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Connected TaskBar Icon.LNK
[2012.03.23 15:53:56 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012.03.22 11:09:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.03.16 23:32:43 | 000,437,661 | ---- | M] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Desktop\FLT_3F4HCB15413_0.pdf
[2012.03.01 16:01:37 | 000,002,432 | ---- | M] (SMART Technologies Inc.) -- C:\WINDOWS\System32\drivers\smrtdrv.sys
[2012.03.01 16:01:35 | 000,011,648 | ---- | M] (SMART Technologies Inc.) -- C:\WINDOWS\System32\smrtdrv.dll
[2012.03.01 16:01:35 | 000,003,584 | ---- | M] (SMART Technologies Inc.) -- C:\WINDOWS\System32\smrtexp.dll
[2012.02.28 18:03:43 | 000,002,010 | -H-- | M] () -- D:\Default.rdp
[2012.02.28 00:42:29 | 000,000,042 | ---- | M] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\default.pls
[62 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.25 17:50:26 | 000,002,076 | ---- | C] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Desktop\SMC Anwendungen.nal
[2012.03.25 15:06:48 | 000,000,763 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.24 16:05:03 | 000,000,793 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Trojan Killer.lnk
[2012.03.16 23:32:43 | 000,437,661 | ---- | C] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Desktop\FLT_3F4HCB15413_0.pdf
[2012.02.28 00:42:29 | 000,000,042 | ---- | C] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\default.pls
[2012.02.19 16:12:52 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.02.07 13:15:05 | 000,007,680 | ---- | C] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.15 21:56:15 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF10A.DAT
[2012.01.15 21:56:13 | 000,000,425 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2012.01.03 20:20:29 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011.12.20 18:07:31 | 000,456,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\niciccs.sys
[2011.12.20 18:05:45 | 000,078,448 | ---- | C] () -- C:\WINDOWS\System32\bmnotify.dll
[2011.12.20 18:05:44 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\ldapmethod.dll
[2011.12.20 18:05:43 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\vpnlogin.exe
[2011.12.20 18:05:43 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\ikeapp.exe
[2011.12.20 18:05:43 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\vpnstats.exe
[2011.12.20 18:05:43 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\vpnext.dll
[2011.12.20 18:05:43 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\regvpn.exe
[2011.12.20 18:05:43 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\vpnrst.exe
[2011.12.20 18:05:43 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\SlpDnsRestore.exe
[2011.12.20 18:02:57 | 000,586,752 | R--- | C] () -- C:\WINDOWS\autolog.exe
[2011.12.20 18:02:57 | 000,080,384 | ---- | C] () -- C:\WINDOWS\cusrmgr.exe
[2011.12.20 18:02:55 | 000,262,227 | ---- | C] () -- C:\WINDOWS\System32\nwshlxnt.dll
[2011.12.20 18:02:55 | 000,065,619 | ---- | C] () -- C:\WINDOWS\System32\setupw2k.dll
[2011.12.20 18:02:55 | 000,015,898 | ---- | C] () -- C:\WINDOWS\System32\vlmsup.exe
[2011.12.20 18:02:55 | 000,001,724 | ---- | C] () -- C:\WINDOWS\System32\vipx.exe
[2011.12.20 18:02:54 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\lgncon32.dll
[2011.12.20 18:02:54 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\dplgnw32.dll
[2011.12.20 18:02:51 | 000,002,757 | ---- | C] () -- C:\WINDOWS\System32\rdrstats.ini
[2011.12.20 18:02:50 | 000,225,356 | ---- | C] () -- C:\WINDOWS\System32\lgnwnt32.dll
[2011.12.20 18:02:50 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\prtwin32.dll
[2011.12.20 18:02:50 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\nwpsrv32.dll
[2011.12.20 18:02:49 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nwslog32.dll
[2011.12.20 18:02:09 | 000,573,893 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2011.12.20 17:17:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011.12.20 13:28:36 | 000,256,580 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011.12.20 13:28:36 | 000,256,580 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011.12.20 13:28:36 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011.12.20 13:25:56 | 000,000,462 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2011.12.20 13:24:33 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2011.12.20 13:24:33 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2011.12.20 13:24:33 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2011.12.20 13:24:33 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2011.12.20 13:24:33 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2011.12.20 13:24:33 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2011.12.20 13:22:26 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\IntelMEFWVer.dll
[2011.12.20 13:19:14 | 000,638,784 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2011.12.20 12:55:49 | 000,023,116 | ---- | C] () -- C:\WINDOWS\System32\CcmFramework.ini
[2011.12.20 12:53:51 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.12.20 12:37:56 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2011.12.20 11:31:49 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\default_user_class.dat
[2011.12.20 11:24:49 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011.12.20 11:23:49 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\MSORFS.DLL
[2011.12.20 11:23:48 | 001,690,896 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL
[2011.12.20 11:23:48 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[2011.12.20 11:23:48 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[2011.12.20 11:23:00 | 000,955,904 | ---- | C] () -- C:\Programme\Gemeinsame Dateien\SAPActiveXL.xlt
[2011.12.20 11:23:00 | 000,949,760 | ---- | C] () -- C:\Programme\Gemeinsame Dateien\SAPActiveXL_nosig.xlt
[2011.12.20 11:21:43 | 001,064,960 | ---- | C] () -- C:\WINDOWS\System32\h5krnl32.dll
[2011.12.20 11:21:43 | 000,188,928 | ---- | C] () -- C:\WINDOWS\System32\h5icon32.dll
[2011.12.20 11:21:43 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\h5menu32.dll
[2011.12.20 11:21:43 | 000,095,744 | ---- | C] () -- C:\WINDOWS\System32\h5rtf32.dll
[2011.12.20 11:21:43 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\h5tool32.dll
[2011.12.20 11:18:43 | 000,009,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\WNTHW.SYS
[2011.11.09 10:08:01 | 000,001,372 | ---- | C] () -- C:\WINDOWS\System32\VoipUpdate.ini
[2011.11.09 10:07:54 | 000,030,893 | ---- | C] () -- C:\WINDOWS\System32\drivers\Mixer.ini
[2011.11.09 10:07:47 | 000,001,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\Altmixer.ini
[2011.11.09 10:03:42 | 002,286,930 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010.12.09 14:57:54 | 002,860,384 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2010.10.11 03:29:34 | 000,114,688 | ---- | C] () -- C:\Programme\ad_ff.dll
[2010.10.11 03:29:14 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\jmicasa.dll
[2010.10.11 03:29:04 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\micasa.dll
[2010.10.11 03:28:52 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\micasacache.dll
[2010.07.10 04:24:14 | 000,006,253 | ---- | C] () -- C:\Programme\eula.rtf
[2010.05.28 11:39:16 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\casa_authtoken.dll
[2010.05.14 12:08:12 | 000,024,632 | ---- | C] () -- C:\WINDOWS\System32\providers.bin
 
========== LOP Check ==========
 
[2012.02.19 16:43:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
[2011.12.20 11:29:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ConeXware
[2011.12.20 13:25:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lenovo
[2011.12.20 11:15:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mummert
[2012.02.28 17:03:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QlikTech
[2012.01.14 12:45:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TechSmith
[2012.02.19 16:43:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\Babylon
[2012.01.17 14:40:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\DBDesigner4
[2011.12.20 12:53:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\Lenovo
[2011.12.20 12:56:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\Mummert
[2011.12.20 16:47:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\PwrMgr
[2012.01.06 12:22:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\QlikTech
[2012.01.14 12:54:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\TANDBERG
[2012.01.19 12:36:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\TeamViewer
[2012.03.19 14:14:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\webex
[2012.01.13 14:27:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\Xerox
[2012.03.25 17:49:14 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.03.25 17:47:24 | 000,000,000 | ---D | M] -- C:\Avenger
[2011.12.20 12:51:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2011.12.20 12:35:49 | 000,000,000 | -HSD | M] -- C:\DRIVERS
[2012.02.11 14:06:23 | 000,000,000 | ---D | M] -- C:\Forefront UAG Remote Access Agent
[2011.12.20 18:02:49 | 000,000,000 | -HSD | M] -- C:\INSTALLS
[2011.12.20 13:22:15 | 000,000,000 | ---D | M] -- C:\Intel
[2012.03.25 17:50:15 | 000,000,000 | -H-D | M] -- C:\NALCache
[2012.01.05 18:41:34 | 000,000,000 | ---D | M] -- C:\NDPS
[2012.03.19 20:58:40 | 000,000,000 | ---D | M] -- C:\Notes
[2011.12.20 11:10:12 | 000,000,000 | ---D | M] -- C:\Novell
[2012.03.25 15:06:47 | 000,000,000 | R--D | M] -- C:\Programme
[2012.01.08 19:44:06 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2011.12.20 18:01:14 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.03.25 15:12:34 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe >
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2008.04.14 19:30:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 19:30:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.04.14 19:30:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 19:30:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:atapi.sys
[2008.04.14 19:30:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 19:30:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 19:30:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.04.14 19:30:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 19:30:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\system32\dllcache\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2009.06.04 15:13:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\DRIVERS\000_SYSTEM\MSD\iastor\IaStor.sys
[2010.11.06 00:39:18 | 000,354,840 | ---- | M] (Intel Corporation) MD5=F4037A3FEDB92DD97C95F320766EA5C9 -- C:\DRIVERS\000_SYSTEM\IaStor.sys
[2010.11.05 20:09:18 | 000,354,840 | ---- | M] (Intel Corporation) MD5=F4037A3FEDB92DD97C95F320766EA5C9 -- C:\WINDOWS\system32\drivers\iastor.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 19:30:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 19:30:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 19:30:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 19:30:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.04.14 19:30:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\dllcache\user32.dll
[2008.04.14 19:30:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 19:30:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 19:30:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 19:30:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 19:30:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.04.14 19:30:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2008.04.14 19:30:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2009.12.01 20:28:19 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2009.12.01 20:28:18 | 001,093,632 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2009.12.01 20:28:18 | 000,450,560 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\system32\*.dll /lockedfiles >
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2011.12.20 16:02:28 | 000,069,011 | ---- | M] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\install.xml
[2012.03.25 17:45:59 | 004,980,736 | ---- | M] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\NTUSER.DAT
[2012.03.25 18:23:48 | 000,001,024 | -H-- | M] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\NTUSER.DAT.LOG
[2012.03.25 17:45:59 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\ntuser.ini
[2012.03.25 17:48:58 | 000,000,972 | RHS- | M] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\ntuser.pol
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2012.01.12 19:20:28 | 001,860,096 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
<          Schliesse bitte nun alle Programme >

< End of report >

--- --- ---

[/CODE]

OTL_Extras:
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 25.03.2012 18:24:07 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,49 Gb Total Physical Memory | 2,45 Gb Available Physical Memory | 70,35% Memory free
5,32 Gb Paging File | 4,31 Gb Available in Paging File | 81,02% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 40,00 Gb Total Space | 17,81 Gb Free Space | 44,53% Space Free | Partition Type: NTFS
Drive D: | 425,26 Gb Total Space | 294,34 Gb Free Space | 69,21% Space Free | Partition Type: NTFS
Drive E: | 988,00 Mb Total Space | 917,44 Mb Free Space | 92,86% Space Free | Partition Type: FAT
 
Computer Name: MC00019325 | User Name: Sravan Kumar Puppala | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3024:UDP" = 3024:UDP:*:Enabled:Novell Bordermanager Proxy Services
"1761:TCP" = 1761:TCP:*:Enabled:Novell ZENworks Services
"1761:UDP" = 1761:UDP:*:Enabled:Novell ZENworks Services
"7461:TCP" = 7461:TCP:*:Enabled:Novell Asset Management
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3024:UDP" = 3024:UDP:*:Enabled:Novell Bordermanager Proxy Services
"1761:TCP" = 1761:TCP:*:Enabled:Novell ZENworks Services
"1761:UDP" = 1761:UDP:*:Enabled:Novell ZENworks Services
"2967:TCP" = 2967:TCP:*:Enabled:Symantec Client Security 1
"2967:UDP" = 2967:UDP:*:Enabled:Symantec Client Security 2
"38293:UDP" = 38293:UDP:*:Enabled:Symantec Client Security 3
"7461:TCP" = 7461:TCP:*:Enabled:Novell Asset Management
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%WINDIR%\system32\dpmw32.exe" = %WINDIR%\system32\dpmw32.exe:*:Enabled:Novell Distributed Print Services -- (Novell, Inc.)
"%WINDIR%\system32\vpnstats.exe" = %WINDIR%\system32\vpnstats.exe:*:Enabled:Novell Bordermanager VPN Services -- ()
"%WINDIR%\system32\ikeapp.exe" = %WINDIR%\system32\ikeapp.exe:*:Enabled:Novell Bordermanager VPN Services -- ()
"C:\Programme\Connected\COBackup.exe" = C:\Programme\Connected\COBackup.exe:10.0.0.0/255.0.0.0,193.26.252.0/255.255.255.0:Enabled:Connected DataProtector -- (Connected Corporation)
"C:\Programme\Connected\AgentSrv.exe" = C:\Programme\Connected\AgentSrv.exe:10.0.0.0/255.0.0.0,193.26.252.0/255.255.255.0:Enabled:Connected DataProtector -- (Connected Corporation)
"C:\WINDOWS\system32\dpmw32.exe" = C:\WINDOWS\system32\dpmw32.exe:*:Enabled:Novell Distributed Print Services -- (Novell, Inc.)
"C:\WINDOWS\system32\ikeapp.exe" = C:\WINDOWS\system32\ikeapp.exe:*:Enabled:Novell Bordermanager VPN Services -- ()
"C:\WINDOWS\system32\vpnstats.exe" = C:\WINDOWS\system32\vpnstats.exe:*:Enabled:Novell Bordermanager VPN Services -- ()
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%WINDIR%\system32\dpmw32.exe" = %WINDIR%\system32\dpmw32.exe:*:Enabled:Novell Distributed Print Services -- (Novell, Inc.)
"%WINDIR%\system32\vpnstats.exe" = %WINDIR%\system32\vpnstats.exe:*:Enabled:Novell Bordermanager VPN Services -- ()
"%WINDIR%\system32\ikeapp.exe" = %WINDIR%\system32\ikeapp.exe:*:Enabled:Novell Bordermanager VPN Services -- ()
"C:\Programme\Connected\AgentSrv.exe" = C:\Programme\Connected\AgentSrv.exe:10.0.0.0/255.0.0.0,193.26.252.0/255.255.255.0:Enabled:Connected DataProtector -- (Connected Corporation)
"C:\Programme\Connected\COBackup.exe" = C:\Programme\Connected\COBackup.exe:10.0.0.0/255.0.0.0,193.26.252.0/255.255.255.0:Enabled:Connected DataProtector -- (Connected Corporation)
"C:\WINDOWS\system32\dpmw32.exe" = C:\WINDOWS\system32\dpmw32.exe:*:Enabled:Novell Distributed Print Services -- (Novell, Inc.)
"C:\WINDOWS\system32\ikeapp.exe" = C:\WINDOWS\system32\ikeapp.exe:*:Enabled:Novell Bordermanager VPN Services -- ()
"C:\WINDOWS\system32\vpnstats.exe" = C:\WINDOWS\system32\vpnstats.exe:*:Enabled:Novell Bordermanager VPN Services -- ()
"C:\Programme\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Programme\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Programme\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Programme\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" = C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
"C:\Programme\TeamViewer\Version7\TeamViewer.exe" = C:\Programme\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe" = C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04EB530D-EFBE-4624-BC83-611E557B9F03}" = STM TPM Driver 1.0.4.15 - 32 bits
"{118C9AEE-A282-445C-8B56-A6B50795B8A6}" = Powerarchiver
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad-Dienstprogramm 'EasyEject'
"{15A3C0D8-3D81-4CF6-8797-E27BDE5F8573}" = ZENworks Uninstaller
"{1717FEDC-6D5A-44B7-AB98-814834F0E695}" = ZENworks Agent Bundle Management
"{176E8FD2-5BE4-47f5-A7FB-379428C0C027}" = ZENworks Patch Management Agent
"{17C573A8-D916-4166-81A6-7C5C608919CA}" = ZENworks Agent Authentication Satellite Module
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{1BE23A18-1B51-4F59-8326-33CA5F1294F4}" = ZENworks Primary Agent
"{1CA2B9F5-835B-46C2-8961-D52C96C613B7}" = ZENworks Imaging Server
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20F7117E-1B6F-4EEC-8F47-FB7A142FAC12}" = ZENworks Desktop Management Agent
"{21EFE22F-B9A5-4842-9EB6-0D37442F6B9E}" = assetmanagementmodule-langs
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{2BF03149-7323-4347-A72E-A48642C248A4}" = SMC Vorlagen für Office 2003
"{2CB10E96-23CD-4AE2-A7C4-9CF75463C174}" = ZENworks Information Icon
"{2FE4A854-6739-45B9-AF0B-270AA25215F4}" = ZENworks Agent System Update Module
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{364DA896-84B4-4887-95AA-5A2953234217}" = windows-desktop-langs
"{3C189690-43B8-4E98-A2E4-3908A8F691D0}" = PDF Konverter
"{3C1AE512-3C37-44FA-BA42-ABB721EC5B1D}" = Symantec Endpoint Protection
"{3C6849B6-1953-4DAF-9A8B-783FB72F3CBB}" = Novell CASA Authentication Token Client
"{44D66AD9-AE19-4AFD-BE7E-A1B44C856697}" = MSXML4.0 redistributable
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{4CD57A44-0FE0-44B5-AC1A-BDE5490FEA6F}" = status-collection-point-langs
"{4DF669B8-5B56-4174-AFDE-BE7DA0662850}" = primary-agent-langs
"{4E7344D7-84E3-4FB6-967F-DD4624D7EA9C}" = ZFD Mini Inventory
"{5248DF85-F55D-4F84-A08F-3B323DB036B8}" = ThinkVantage Fingerprint Software
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53675532-C165-4916-BD97-59CE0DCF5D09}" = ConText
"{55A976DD-9D1A-4B70-B36B-459D7EE3D380}" = Steria ConfigMgr Local Policy
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5FCDC863-72E2-4C1A-86B2-593018307B1C}" = zencore-agent-langs
"{6034D614-E53F-46F2-B0BC-280222D569C2}" = CASA
"{63C63A5D-44C8-4734-85D6-72D8332721E4}" = Mummert Zertifikate
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Präsentationsdirektor
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" = 
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142050}" = Java 2 Runtime Environment, SE v1.4.2_05
"{721ABC3B-5F12-4332-9C0C-C11424EF666C}" = WIMGAPI
"{72E37E13-0FB8-4644-A8E8-F2900B9C7B67}" = See & Share
"{79EE919C-7A93-4868-8B42-EF8F9B14FFFC}" = ZENworks Status Collection Point
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87467DDA-0189-4730-A3A6-079429D1657B}" = ZENworks Agent WinProxy Module
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{89FB3889-47EE-4CDA-A2DC-565C1D6CEE6C}" = QlikView x86
"{8E770F99-CF23-4BF9-BF4E-E3A2924FEB27}" = Microsoft redistributable runtime DLLs VS2005 SP1(x86)
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90F80407-6000-11D3-8CFE-0150048383C9}" = Tool zum Entfernen verborgener Daten
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{925E8226-FBED-43FD-BC8C-41207B999AF0}" = ZENworks Extensions Libraries
"{93699C3E-005E-4294-87CA-F5B7DE2CD687}" = SnagIt 8
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{951F94FD-DDBB-4A15-B8E7-1560D3D28900}" = actions-langs
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{98AA657D-9790-4454-9DB2-E8ED0EF8C571}" = Configuration Manager Client
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B427732-573E-4E78-B6FA-AC3E5A218BA2}" = NMAS Client
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E7260AC-22D9-4622-AA26-7CD6011D9DA4}" = SAP Mobile Infrastructure
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Energie-Manager
"{A0F74D9F-ECC1-48BB-8105-6FD5B70DD55B}" = ZENworks Agent Asset Management Module
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6D5C59E-F97B-4665-B811-DC93635E05B0}" = ZENworks Action Utilities
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch
"{AD98F2ED-D92A-43AA-9F28-0466928AA13C}" = content-distribution-point-langs
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF2E0395-7695-41E8-AC23-D58C328126F7}" = zennotifyicon-langs
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Display Control Panel
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9A5A789-D491-49FB-958C-BFEC2C11BB1D}" = NMAS Challenge Response Method
"{BC9FD7FB-5929-47F7-9B24-D9237B14F26E}" = ZENworks Version Information
"{BE0B37FE-EF39-4B9C-A329-904616EE633C}" = ZENworks Action Handlers
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6D4B05A-EA7E-1027-80EF-C925E740E99C}" = Intel(R) Identity Protection Technology 1.0.74.0
"{C8FE6530-2E39-4563-A7D8-183C7FA2B76A}" = ZENworks Agent Inventory Management
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB5EDF53-10D0-44F1-A25D-C7BB352AF1B8}" = Novell BorderManager 3.8.15 VPN Client
"{CBA13F11-D29E-48CC-9EBC-F122567F9119}" = Action Handler Resources
"{CD124C12-BEFD-4DBA-A915-A2F995F56B13}" = Policy Action Handler Resources
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D4CAD0A4-A14D-4F70-A8CB-475776C76CF8}" = inventory-langs
"{D6C9AF27-9414-46C8-B9D8-D878BA041031}" = Nero 8
"{D6EA1689-AA4C-4CF6-862C-87D9877F3651}" = ZENworks Content Distribution Point
"{D728E945-256D-4477-B377-6BBA693714AC}" = Ergänzung zu Productivity Center für ThinkPad
"{D9CFF2FF-620F-4842-A075-8A0769816FA4}" = Novell ZENworks Adaptive Agent Help
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{E8542277-8C9D-4CC9-8D92-7C126EE7110E}" = bundle-langs
"{E855E69B-79FA-499D-866B-16B082D6D83A}" = Lotus Notes 8.0.2 de
"{EA9640BE-414E-4195-B53B-7905BF1A5A09}" = Mobile Broadband Drivers
"{EC482C6E-8F7F-4187-BB4C-841E1B64022B}" = ZENworks Actions
"{EE1B5DDC-BE68-4F19-BEEE-7FFD4DD43BFD}" = ZENworks Agent Core Modules
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F02DBC5D-33E3-45E9-B0F8-B7745229ED1C}" = NICI (Shared) U.S./Worldwide (128 bit) (2.7.4-1)
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F48BE301-EC78-4686-B580-EE4934558798}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{F594EA1A-5603-4B82-B624-BE1F807BC8E1}" = WinProxy-langs
"{F5F97313-4454-4B49-A602-285447A55B86}" = Intel(R) PROSet/Wireless WiFi-Software
"{F6B2EDDE-108F-463B-B788-42329FE00D9E}" = Microsoft Redistributable Files (x86)
"{FB6C607F-B865-42A2-B14B-14E207F2EA90}" = QvPluginSetup
"{FB83EAC4-E3F6-4666-B45B-44522F2344B6}" = Brother MFL-Pro Suite DCP-J315W
"{FE041B02-234C-4AAA-9511-80DF6482A458}" = RICOH_Media_Driver_v2.13.18.02
"{FEAD3C72-1A18-4BAB-94FB-E508C31B2E79}" = auth-satellite-server-langs
"{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CNXT_AUDIO_HDA" = Conexant 20672 SmartAudio HD
"Connected" = Connected DataProtector
"GridinSoft Trojan Killer" = Trojan Killer
"ie8" = Windows Internet Explorer 8
"InstallShield_{9E7260AC-22D9-4622-AA26-7CD6011D9DA4}" = SAP Mobile Infrastructure
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Forefront UAG endpoint components 3.1.0" = Microsoft Forefront UAG endpoint components v4.0.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NICI U.S./Worldwide (128 bit)" = NICI U.S./Worldwide 1.7.0 (128 bit)
"Novell Client for Windows" = Novell Client für Windows
"OnScreenDisplay" = On Screen Display
"Power Management Driver" = ThinkPad Power Management Driver
"PPTView97" = Microsoft PowerPoint Viewer 97
"ProInst" = Intel PROSet Wireless
"RDC" = RDC
"SAP_ALD80" = Adobe LiveCycle Designer 8.0
"SAP_WUS" = SAPSetup Automatic Workstation Update Service
"SAPBI" = SAP Business Explorer
"SAPGUI710" = SAP GUI 7.10
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"TeamViewer 7" = TeamViewer 7
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"TreeSize Professional_is1" = TreeSize Professional 4.3
"VLC media player" = VLC media player 1.1.11
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZENworks" = Novell ZENworks
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 22.03.2012 05:11:45 | Computer Name = MC00019325 | Source = MSSHA | ID = 1008
Description = Ein Offlinescanvorgang konnte vom Windows-Sicherheitsintegritäts-Agent
 nicht abgeschlossen werden. Fehlercode: 80070422.
 
Error - 22.03.2012 06:11:45 | Computer Name = MC00019325 | Source = MSSHA | ID = 1008
Description = Ein Offlinescanvorgang konnte vom Windows-Sicherheitsintegritäts-Agent
 nicht abgeschlossen werden. Fehlercode: 80070422.
 
Error - 22.03.2012 07:11:46 | Computer Name = MC00019325 | Source = MSSHA | ID = 1008
Description = Ein Offlinescanvorgang konnte vom Windows-Sicherheitsintegritäts-Agent
 nicht abgeschlossen werden. Fehlercode: 80070422.
 
Error - 22.03.2012 08:11:47 | Computer Name = MC00019325 | Source = MSSHA | ID = 1008
Description = Ein Offlinescanvorgang konnte vom Windows-Sicherheitsintegritäts-Agent
 nicht abgeschlossen werden. Fehlercode: 80070422.
 
Error - 22.03.2012 09:11:47 | Computer Name = MC00019325 | Source = MSSHA | ID = 1008
Description = Ein Offlinescanvorgang konnte vom Windows-Sicherheitsintegritäts-Agent
 nicht abgeschlossen werden. Fehlercode: 80070422.
 
Error - 22.03.2012 15:08:07 | Computer Name = MC00019325 | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 23.03.2012 02:33:26 | Computer Name = MC00019325 | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 23.03.2012 05:22:01 | Computer Name = MC00019325 | Source = PerfNet | ID = 2005
Description = Die Leistungsinformationen vom Serverdienst konnten nicht gelesen 
werden.  Es werden keine Server-Leistungsinformationen zurückgegeben.  Der zurückgegebene
 Fehlercode befindet sich in DWORD 0, der IOSB.Status ist DWORD 1 und  die IOSB.Information
 ist DWORD 2.
 
Error - 23.03.2012 05:22:01 | Computer Name = MC00019325 | Source = PerfNet | ID = 2006
Description = Die Server Queue-Leistungsinformationen konnten nicht gelesen werden.
Es
 werden keine Server-Leistungsinformationen zurückgegeben.  Der zurückgegebene Fehlercode
 ist DWORD 0, der IOSB.Status ist DWORD 1 und  die IOSB.Information ist DWORD 2.
 
Error - 23.03.2012 05:23:37 | Computer Name = MC00019325 | Source = MSSHA | ID = 1008
Description = Ein Offlinescanvorgang konnte vom Windows-Sicherheitsintegritäts-Agent
 nicht abgeschlossen werden. Fehlercode: 80070422.
 
[ Lumension Events ]
Error - 15.03.2012 14:11:37 | Computer Name = MC00019325 | Source = ZENworks Patch Management Detection Agent | ID = 2
Description =     Error occurred posting detection to PLUS (full diff) - error code
 = -2  error msg = ''
 
Error - 15.03.2012 14:12:37 | Computer Name = MC00019325 | Source = ZENworks Patch Management Detection Agent | ID = 2
Description =   Error occurred posting fingerprints results to PLUS - error code
 = -2
 
Error - 15.03.2012 14:13:37 | Computer Name = MC00019325 | Source = ZENworks Patch Management Detection Agent | ID = 2
Description =     Error occurred posting detection to PLUS (full diff) - error code
 = -2  error msg = ''
 
Error - 15.03.2012 14:14:37 | Computer Name = MC00019325 | Source = ZENworks Patch Management Detection Agent | ID = 2
Description =   Error occurred posting fingerprints results to PLUS - error code
 = -2
 
Error - 15.03.2012 14:15:37 | Computer Name = MC00019325 | Source = ZENworks Patch Management Detection Agent | ID = 2
Description =     Error occurred posting detection to PLUS (full diff) - error code
 = -2  error msg = ''
 
Error - 15.03.2012 14:16:37 | Computer Name = MC00019325 | Source = ZENworks Patch Management Detection Agent | ID = 2
Description =   Error occurred posting fingerprints results to PLUS - error code
 = -2
 
Error - 17.03.2012 05:06:54 | Computer Name = MC00019325 | Source = ZENworks Patch Management Detection Agent | ID = 2
Description =     Error occurred posting detection to PLUS (incremental diff) - 
error code = -30  error msg = 'Error: Invalid CheckSum'
 
Error - 19.03.2012 05:07:56 | Computer Name = MC00019325 | Source = ZENworks Patch Management Detection Agent | ID = 2
Description =     Error occurred posting detection to PLUS (incremental diff) - 
error code = -30  error msg = 'Error: Invalid CheckSum'
 
Error - 24.03.2012 07:20:40 | Computer Name = MC00019325 | Source = ZENworks Patch Management Detection Agent | ID = 2
Description =     Error occurred posting detection to PLUS (incremental diff) - 
error code = -30  error msg = 'Error: Invalid CheckSum'
 
Error - 25.03.2012 09:25:55 | Computer Name = MC00019325 | Source = ZENworks Patch Management Detection Agent | ID = 2
Description =     Error occurred posting detection to PLUS (incremental diff) - 
error code = -30  error msg = 'Error: Invalid CheckSum'
 
[ PatchLink Events ]
Error - 03.01.2012 11:33:29 | Computer Name = MC00019325 | Source = ZENworks Patch Management Detection Agent | ID = 2
Description =     Error occurred posting detection to PLUS (incremental diff) - 
error code = -30  error msg = 'Error: Invalid CheckSum'
 
Error - 04.01.2012 10:26:29 | Computer Name = MC00019325 | Source = ZENworks Patch Management Detection Agent | ID = 2
Description =     Error occurred posting detection to PLUS (incremental diff) - 
error code = -30  error msg = 'Error: Invalid CheckSum'
 
Error - 06.01.2012 04:45:50 | Computer Name = MC00019325 | Source = ZENworks Patch Management Detection Agent | ID = 2
Description =     Error occurred posting detection to PLUS (incremental diff) - 
error code = -30  error msg = 'Error: Invalid CheckSum'
 
Error - 08.01.2012 03:15:00 | Computer Name = MC00019325 | Source = ZENworks Patch Management Detection Agent | ID = 2
Description =     Error occurred posting detection to PLUS (incremental diff) - 
error code = -30  error msg = 'Error: Invalid CheckSum'
 
[ System Events ]
Error - 15.03.2012 14:25:15 | Computer Name = MC00019325 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IBMTPCHK" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%31
 
Error - 15.03.2012 14:25:15 | Computer Name = MC00019325 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IBMTPCHK" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%31
 
Error - 15.03.2012 14:25:46 | Computer Name = MC00019325 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IBMTPCHK" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%31
 
Error - 15.03.2012 14:25:48 | Computer Name = MC00019325 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IBMTPCHK" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%31
 
Error - 15.03.2012 14:56:37 | Computer Name = MC00019325 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "wuauserv"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {E60687F7-01A1-40AA-86AC-DB1CBF673334}
 
Error - 15.03.2012 14:56:37 | Computer Name = MC00019325 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "wuauserv"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {E60687F7-01A1-40AA-86AC-DB1CBF673334}
 
Error - 15.03.2012 14:58:03 | Computer Name = MC00019325 | Source = NapAgent | ID = 30
Description = Der System-Integritäts-Agent 79745 hat den Fehlercode FailureCategory
 Other zurückgeliefert.
 
Error - 15.03.2012 15:56:37 | Computer Name = MC00019325 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "wuauserv"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {E60687F7-01A1-40AA-86AC-DB1CBF673334}
 
Error - 15.03.2012 15:56:37 | Computer Name = MC00019325 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "wuauserv"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {E60687F7-01A1-40AA-86AC-DB1CBF673334}
 
Error - 16.03.2012 01:37:57 | Computer Name = MC00019325 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IBMTPCHK" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%31
 
 
< End of report >

--- --- ---

[/CODE]

Danke für Hilfe in voraus

cosinus · 25.03.2012, 18:13

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XPxdm049YYde&ptnrS=XPxdm049YYde&si=49647&ptb=DDACAE69-42A6-4475-B7CB-5BC0B4AEAAB3&psa=&ind=2012022005&st=sb&n=77ed04f5&searchfor={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{068A3FEB-E034-4CD7-834C-20E7AB1D0B46}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=109867&babsrc=SP_ss&mntrId=a6ddc64300000000000060d819c0da1b
IE - HKCU\..\SearchScopes\{1003C13B-1BEF-4DB6-BEA1-DC5E2FD06A00}: "URL" = http://www.google.de
IE - HKCU\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XPxdm049YYde&ptnrS=XPxdm049YYde&si=49647&ptb=DDACAE69-42A6-4475-B7CB-5BC0B4AEAAB3&psa=&ind=2012022005&st=sb&n=77ed04f5&searchfor={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.ad.econgas.com:8080
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://wpad/wpad.dat
[2012.02.19 16:43:25 | 000,002,310 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ZCM Install Helper] D:\Temp\~ZCM\cleanup.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: CompatibleRUPSecurity = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Home = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Fullscreen = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Tools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Print = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Edit = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Cut = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Copy = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Paste = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Encoding = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WarningMsgInBody =
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.12.01 15:06:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{7606a47c-52f5-11e1-a04e-028037ec0200}\Shell\AutoRun\command - "" = E:\Toshiba\more4you.exe
O33 - MountPoints2\{8140258f-3a1f-11e1-a010-60d819c0da1b}\Shell\AutoRun\command - "" = E:\Toshiba\Launcher\start.exe
[2012.02.19 16:43:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
[2012.03.25 17:47:24 | 000,000,000 | ---D | M] -- C:\Avenger
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

sravy · 25.03.2012, 19:02

Dankeschön für die Hilfe.

ich habe OTL Fix gemacht und der Log sieht so aus:

Code:

ATTFilter

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchDefaultBranded| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{068A3FEB-E034-4CD7-834C-20E7AB1D0B46}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{068A3FEB-E034-4CD7-834C-20E7AB1D0B46}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1003C13B-1BEF-4DB6-BEA1-DC5E2FD06A00}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1003C13B-1BEF-4DB6-BEA1-DC5E2FD06A00}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL deleted successfully.
File C:\Programme\mozilla firefox\searchplugins\babylon.xml not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ZCM Install Helper deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Infodelivery\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoMSAppLogo5ChannelNotify deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoToolbarCustomize deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoBandCustomize deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\CompatibleRUPSecurity deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\SynchronousMachineGroupPolicy deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\SynchronousUserGroupPolicy deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Infodelivery\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Persistence\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\Btn_Home deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\Btn_Fullscreen deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\Btn_Tools deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\Btn_Print deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\Btn_Edit deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\Btn_Cut deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\Btn_Copy deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\Btn_Paste deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\Btn_Encoding deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\WarningMsgInBody deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7606a47c-52f5-11e1-a04e-028037ec0200}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7606a47c-52f5-11e1-a04e-028037ec0200}\ not found.
File E:\Toshiba\more4you.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8140258f-3a1f-11e1-a010-60d819c0da1b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8140258f-3a1f-11e1-a010-60d819c0da1b}\ not found.
File E:\Toshiba\Launcher\start.exe not found.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon folder moved successfully.
C:\Avenger folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 20206629 bytes
->Temporary Internet Files folder emptied: 42100 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 89441015 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 43146 bytes
 
User: Sravan Kumar Puppala
->Temp folder emptied: 67550723 bytes
->Temporary Internet Files folder emptied: 86417206 bytes
->Java cache emptied: 1683626 bytes
->Flash cache emptied: 35348 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 3011718 bytes
%systemroot%\System32 .tmp files removed: 275335 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2711997 bytes
Session Manager Temp folder emptied: 1213731011 bytes
Session Manager Tmp folder emptied: 94208 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33438 bytes
RecycleBin emptied: 752471865 bytes
 
Total Files Cleaned = 2.134,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.39.2 log created on 03252012_195040

Files\Folders moved on Reboot...
C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Lokale Einstellungen\Temporary Internet Files\Content.IE5\VXVMIEUH\112237-windows-sicherheitsgruenden-blockiert[1].html moved successfully.
C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Lokale Einstellungen\Temporary Internet Files\Content.IE5\UDXEJF2V\adsCAYJCN6W.htm moved successfully.
C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Lokale Einstellungen\Temporary Internet Files\Content.IE5\5PFWIQOD\ads[1].htm moved successfully.
File move failed. D:\Temp\BtwEventTrace_5_6_0_6500.etl scheduled to be moved on reboot.
File\Folder D:\Temp\~DF72C0.tmp not found!
File\Folder D:\Temp\~DF9153.tmp not found!

Registry entries deleted on Reboot...

Nochmal malware ausgeführt und
die Logdatei ist

Code:

ATTFilter

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.25.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Sravan Kumar Puppala :: MC00019325 [Administrator]

25.03.2012 20:03:36
mbam-log-2012-03-25 (20-11-56).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 234261
Laufzeit: 7 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

was könnte ich noch machen?

vielendank

cosinus · 26.03.2012, 12:11

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

sravy · 26.03.2012, 20:53

Hi danke nochmal für die Antwort

Code:

ATTFilter

21:49:22.0656 4156	TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
21:49:22.0859 4156	============================================================
21:49:22.0859 4156	Current date / time: 2012/03/26 21:49:22.0859
21:49:22.0859 4156	SystemInfo:
21:49:22.0859 4156	
21:49:22.0859 4156	OS Version: 5.1.2600 ServicePack: 3.0
21:49:22.0859 4156	Product type: Workstation
21:49:22.0859 4156	ComputerName: MC00019325
21:49:22.0859 4156	UserName: Sravan Kumar Puppala
21:49:22.0859 4156	Windows directory: C:\WINDOWS
21:49:22.0859 4156	System windows directory: C:\WINDOWS
21:49:22.0859 4156	Processor architecture: Intel x86
21:49:22.0859 4156	Number of processors: 4
21:49:22.0859 4156	Page size: 0x1000
21:49:22.0859 4156	Boot type: Normal boot
21:49:22.0859 4156	============================================================
21:49:23.0656 4156	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:49:23.0656 4156	\Device\Harddisk0\DR0:
21:49:23.0656 4156	MBR used
21:49:23.0656 4156	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x5000000
21:49:23.0656 4156	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x5000800, BlocksNum 0x35284800
21:49:23.0656 4156	\Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x3A285000, BlocksNum 0x100800
21:49:23.0734 4156	Initialize success
21:49:23.0734 4156	============================================================
21:50:19.0328 7060	============================================================
21:50:19.0328 7060	Scan started
21:50:19.0328 7060	Mode: Manual; SigCheck; TDLFS; 
21:50:19.0328 7060	============================================================
21:50:19.0890 7060	Abiosdsk - ok
21:50:19.0906 7060	abp480n5 - ok
21:50:19.0968 7060	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:50:20.0500 7060	ACPI - ok
21:50:20.0531 7060	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
21:50:20.0656 7060	ACPIEC - ok
21:50:20.0718 7060	AcPrfMgrSvc     (02150acb98286c98cd00a3b5d0daea44) C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
21:50:20.0734 7060	AcPrfMgrSvc - ok
21:50:20.0750 7060	AcSvc           (bf7d32fa7ceba8fab34049dbc8631b2e) C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
21:50:20.0765 7060	AcSvc - ok
21:50:20.0781 7060	adpu160m - ok
21:50:20.0828 7060	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:50:20.0921 7060	aec - ok
21:50:20.0953 7060	AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:50:20.0968 7060	AFD - ok
21:50:21.0000 7060	AgentSrv - ok
21:50:21.0015 7060	Aha154x - ok
21:50:21.0031 7060	aic78u2 - ok
21:50:21.0046 7060	aic78xx - ok
21:50:21.0062 7060	Alerter         (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
21:50:21.0250 7060	Alerter - ok
21:50:21.0265 7060	ALG             (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
21:50:21.0359 7060	ALG - ok
21:50:21.0375 7060	AliIde - ok
21:50:21.0375 7060	amsint - ok
21:50:21.0390 7060	ANC             (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS
21:50:21.0421 7060	ANC ( UnsignedFile.Multi.Generic ) - warning
21:50:21.0421 7060	ANC - detected UnsignedFile.Multi.Generic (1)
21:50:21.0421 7060	AppMgmt         (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
21:50:21.0531 7060	AppMgmt - ok
21:50:21.0531 7060	asc - ok
21:50:21.0546 7060	asc3350p - ok
21:50:21.0562 7060	asc3550 - ok
21:50:21.0625 7060	aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:50:21.0750 7060	aspnet_state - ok
21:50:21.0781 7060	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:50:21.0953 7060	AsyncMac - ok
21:50:21.0984 7060	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:50:22.0140 7060	atapi - ok
21:50:22.0156 7060	Atdisk - ok
21:50:22.0171 7060	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:50:22.0218 7060	Atmarpc - ok
21:50:22.0250 7060	AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
21:50:22.0296 7060	AudioSrv - ok
21:50:22.0312 7060	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:50:22.0359 7060	audstub - ok
21:50:22.0375 7060	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:50:22.0421 7060	Beep - ok
21:50:22.0453 7060	BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
21:50:22.0515 7060	BITS - ok
21:50:22.0562 7060	BlankScr        (0d266f08aed52d9b17b3c61be01dd576) C:\WINDOWS\system32\drivers\BlankScr.sys
21:50:22.0562 7060	BlankScr ( UnsignedFile.Multi.Generic ) - warning
21:50:22.0562 7060	BlankScr - detected UnsignedFile.Multi.Generic (1)
21:50:22.0593 7060	BM              (7351f1dbfe9284f632c4ea47b355b061) C:\WINDOWS\system32\DRIVERS\vptunnel.sys
21:50:22.0609 7060	BM ( UnsignedFile.Multi.Generic ) - warning
21:50:22.0609 7060	BM - detected UnsignedFile.Multi.Generic (1)
21:50:22.0640 7060	Browser         (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
21:50:22.0687 7060	Browser - ok
21:50:22.0703 7060	BrScnUsb        (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
21:50:22.0718 7060	BrScnUsb - ok
21:50:22.0750 7060	BrYNSvc         (ea7e57f87d6fee5fd6c5f813c04e8cd2) C:\Programme\Browny02\BrYNSvc.exe
21:50:22.0765 7060	BrYNSvc ( UnsignedFile.Multi.Generic ) - warning
21:50:22.0765 7060	BrYNSvc - detected UnsignedFile.Multi.Generic (1)
21:50:22.0812 7060	btaudio         (4c1e8749d280f9b8e41c4eff6a6bbc04) C:\WINDOWS\system32\drivers\btaudio.sys
21:50:22.0843 7060	btaudio - ok
21:50:22.0875 7060	BTDriver        (a47b37b97f9348e81a60c44b99011416) C:\WINDOWS\system32\DRIVERS\btport.sys
21:50:22.0875 7060	BTDriver - ok
21:50:22.0921 7060	BTKRNL          (658548bdda675ae2e36aa5604f8e9549) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
21:50:22.0968 7060	BTKRNL - ok
21:50:23.0046 7060	btwdins         (4b9e1a7798a80d075f53d1049fd4dab0) C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
21:50:23.0078 7060	btwdins - ok
21:50:23.0093 7060	BTWDNDIS        (eb80e51cb4045571066d8ad1871e284e) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
21:50:23.0109 7060	BTWDNDIS - ok
21:50:23.0140 7060	BTWUSB          (083497b731aa32288a9a84b49757307c) C:\WINDOWS\system32\Drivers\btwusb.sys
21:50:23.0140 7060	BTWUSB - ok
21:50:23.0187 7060	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:50:23.0250 7060	cbidf2k - ok
21:50:23.0296 7060	CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:50:23.0359 7060	CCDECODE - ok
21:50:23.0390 7060	ccEvtMgr        (260a069f403da226d18c058ad14fd3a3) C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
21:50:23.0406 7060	ccEvtMgr - ok
21:50:23.0453 7060	CcmExec         (a454a9baa25b8c8e76735dd86bd4b017) C:\WINDOWS\system32\CCM\CcmExec.exe
21:50:23.0531 7060	CcmExec - ok
21:50:23.0531 7060	ccSetMgr        (260a069f403da226d18c058ad14fd3a3) C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
21:50:23.0546 7060	ccSetMgr - ok
21:50:23.0562 7060	cd20xrnt - ok
21:50:23.0578 7060	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:50:23.0687 7060	Cdaudio - ok
21:50:23.0718 7060	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:50:23.0765 7060	Cdfs - ok
21:50:23.0781 7060	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:50:23.0843 7060	Cdrom - ok
21:50:23.0859 7060	Changer - ok
21:50:23.0875 7060	CiSvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
21:50:23.0921 7060	CiSvc - ok
21:50:23.0937 7060	ClipSrv         (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
21:50:23.0984 7060	ClipSrv - ok
21:50:24.0031 7060	clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:50:24.0062 7060	clr_optimization_v2.0.50727_32 - ok
21:50:24.0093 7060	CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:50:24.0234 7060	CmBatt - ok
21:50:24.0250 7060	CmdIde - ok
21:50:24.0296 7060	CnxtHdAudService (108d22ae4b97307668ae5f951aed72d1) C:\WINDOWS\system32\drivers\CHDRT32.sys
21:50:24.0390 7060	CnxtHdAudService - ok
21:50:24.0437 7060	COH_Mon         (de88a385898f6d13026f94f749fbaed2) C:\WINDOWS\system32\Drivers\COH_Mon.sys
21:50:24.0468 7060	COH_Mon - ok
21:50:24.0500 7060	Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:50:24.0562 7060	Compbatt - ok
21:50:24.0562 7060	COMSysApp - ok
21:50:24.0578 7060	Cpqarray - ok
21:50:24.0609 7060	CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
21:50:24.0750 7060	CryptSvc - ok
21:50:24.0765 7060	cusrvc          (ccdf15672bfdadef3b39e249fed23298) C:\WINDOWS\system32\cusrvc.exe
21:50:24.0781 7060	cusrvc ( UnsignedFile.Multi.Generic ) - warning
21:50:24.0781 7060	cusrvc - detected UnsignedFile.Multi.Generic (1)
21:50:24.0796 7060	dac2w2k - ok
21:50:24.0796 7060	dac960nt - ok
21:50:24.0812 7060	Darpan          (566cca06fb1b98dff3e9eea563b6334e) C:\WINDOWS\system32\DRIVERS\Darpan.sys
21:50:24.0812 7060	Darpan ( UnsignedFile.Multi.Generic ) - warning
21:50:24.0812 7060	Darpan - detected UnsignedFile.Multi.Generic (1)
21:50:24.0859 7060	DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
21:50:24.0921 7060	DcomLaunch - ok
21:50:24.0968 7060	Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
21:50:25.0046 7060	Dhcp - ok
21:50:25.0062 7060	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:50:25.0250 7060	Disk - ok
21:50:25.0250 7060	dmadmin - ok
21:50:25.0281 7060	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
21:50:25.0390 7060	dmboot - ok
21:50:25.0406 7060	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
21:50:25.0484 7060	dmio - ok
21:50:25.0484 7060	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:50:25.0578 7060	dmload - ok
21:50:25.0609 7060	dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
21:50:25.0656 7060	dmserver - ok
21:50:25.0718 7060	DMService       (4e82a6c63af27769d116eab576e5357e) C:\WINDOWS\DOWNLO~1\DMService.exe
21:50:25.0796 7060	DMService - ok
21:50:25.0828 7060	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:50:25.0937 7060	DMusic - ok
21:50:25.0968 7060	Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
21:50:25.0984 7060	Dnscache - ok
21:50:26.0015 7060	Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
21:50:26.0125 7060	Dot3svc - ok
21:50:26.0156 7060	DozeHDD         (6d279bb0de1d8e34f454e1b353f4d738) C:\WINDOWS\system32\DRIVERS\DozeHDD.sys
21:50:26.0171 7060	DozeHDD - ok
21:50:26.0218 7060	DozeSvc         (a4ecdd165b0f7ee9e44a569881f4ca6d) C:\Programme\ThinkPad\Utilities\DOZESVC.EXE
21:50:26.0328 7060	DozeSvc - ok
21:50:26.0343 7060	dpti2o - ok
21:50:26.0359 7060	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:50:26.0453 7060	drmkaud - ok
21:50:26.0484 7060	e1cexpress      (f1ebf5b469f38379285e79b043527cfd) C:\WINDOWS\system32\DRIVERS\e1c5132.sys
21:50:26.0515 7060	e1cexpress - ok
21:50:26.0531 7060	EapHost         (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
21:50:26.0687 7060	EapHost - ok
21:50:26.0734 7060	eeCtrl          (579a6b6135d32b857faf0e3a974535d8) C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys
21:50:26.0765 7060	eeCtrl - ok
21:50:26.0812 7060	EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
21:50:26.0812 7060	EraserUtilRebootDrv - ok
21:50:26.0828 7060	ERSvc           (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
21:50:27.0000 7060	ERSvc - ok
21:50:27.0031 7060	Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
21:50:27.0062 7060	Eventlog - ok
21:50:27.0093 7060	EventSystem     (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
21:50:27.0125 7060	EventSystem - ok
21:50:27.0187 7060	EvtEng          (fe29bbf76408f47bbfef0e2cd5ccb891) C:\Programme\Intel\WiFi\bin\EvtEng.exe
21:50:27.0250 7060	EvtEng - ok
21:50:27.0296 7060	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:50:27.0343 7060	Fastfat - ok
21:50:27.0375 7060	FastUserSwitchingCompatibility (40602ebfbe06aa075c8e4560743f6883) C:\WINDOWS\System32\shsvcs.dll
21:50:27.0453 7060	FastUserSwitchingCompatibility - ok
21:50:27.0484 7060	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
21:50:27.0625 7060	Fdc - ok
21:50:27.0640 7060	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
21:50:27.0765 7060	Fips - ok
21:50:27.0781 7060	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
21:50:27.0828 7060	Flpydisk - ok
21:50:27.0843 7060	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
21:50:27.0968 7060	FltMgr - ok
21:50:28.0015 7060	FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:50:28.0015 7060	FontCache3.0.0.0 - ok
21:50:28.0031 7060	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:50:28.0078 7060	Fs_Rec - ok
21:50:28.0093 7060	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:50:28.0140 7060	Ftdisk - ok
21:50:28.0156 7060	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:50:28.0218 7060	Gpc - ok
21:50:28.0234 7060	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:50:28.0281 7060	HDAudBus - ok
21:50:28.0312 7060	helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:50:28.0468 7060	helpsvc - ok
21:50:28.0468 7060	HidServ - ok
21:50:28.0484 7060	hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:50:28.0578 7060	hidusb - ok
21:50:28.0593 7060	hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
21:50:28.0640 7060	hkmsvc - ok
21:50:28.0656 7060	hpn - ok
21:50:28.0671 7060	HTTP            (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
21:50:28.0750 7060	HTTP - ok
21:50:28.0765 7060	HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
21:50:28.0843 7060	HTTPFilter - ok
21:50:28.0859 7060	i2omgmt - ok
21:50:28.0859 7060	i2omp - ok
21:50:28.0875 7060	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:50:28.0937 7060	i8042prt - ok
21:50:28.0968 7060	iaStor          (f4037a3fedb92dd97c95f320766ea5c9) C:\WINDOWS\system32\DRIVERS\iaStor.sys
21:50:28.0984 7060	iaStor - ok
21:50:29.0015 7060	IBMPMDRV        (fa3d0a6da7bb7968efe5c5bc267f0e55) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
21:50:29.0015 7060	IBMPMDRV - ok
21:50:29.0046 7060	IBMPMSVC        (495f184a29b80b51735bcee91d84fe8f) C:\WINDOWS\system32\ibmpmsvc.exe
21:50:29.0062 7060	IBMPMSVC - ok
21:50:29.0093 7060	IBMTPCHK        (3a7dbe81ec5edb96a0a61c7d4af3198d) C:\WINDOWS\system32\Drivers\IBMBLDID.sys
21:50:29.0125 7060	IBMTPCHK ( UnsignedFile.Multi.Generic ) - warning
21:50:29.0125 7060	IBMTPCHK - detected UnsignedFile.Multi.Generic (1)
21:50:29.0187 7060	idsvc           (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:50:29.0281 7060	idsvc - ok
21:50:29.0359 7060	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:50:29.0453 7060	Imapi - ok
21:50:29.0468 7060	ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
21:50:29.0609 7060	ImapiService - ok
21:50:29.0625 7060	ini910u - ok
21:50:29.0625 7060	IntelIde - ok
21:50:29.0656 7060	intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:50:29.0828 7060	intelppm - ok
21:50:29.0875 7060	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
21:50:29.0937 7060	Ip6Fw - ok
21:50:29.0968 7060	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:50:30.0078 7060	IpFilterDriver - ok
21:50:30.0109 7060	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:50:30.0171 7060	IpInIp - ok
21:50:30.0203 7060	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:50:30.0265 7060	IpNat - ok
21:50:30.0296 7060	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:50:30.0359 7060	IPSec - ok
21:50:30.0390 7060	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:50:30.0437 7060	IRENUM - ok
21:50:30.0468 7060	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:50:30.0562 7060	isapnp - ok
21:50:30.0609 7060	IviRegMgr       (213822072085b5bbad9af30ab577d817) C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe
21:50:30.0640 7060	IviRegMgr - ok
21:50:30.0703 7060	JavaQuickStarterService (5e06a9d23727daf96faa796f1135fdcd) C:\Programme\Java\jre6\bin\jqs.exe
21:50:30.0750 7060	JavaQuickStarterService - ok
21:50:30.0765 7060	jhi_service     (6faf199fdffdd2376973143c3e012765) C:\Programme\Intel\Services\IPT\jhi_service.exe
21:50:30.0875 7060	jhi_service - ok
21:50:30.0906 7060	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:50:31.0093 7060	Kbdclass - ok
21:50:31.0109 7060	kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:50:31.0265 7060	kbdhid - ok
21:50:31.0296 7060	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:50:31.0453 7060	kmixer - ok
21:50:31.0484 7060	KSecDD          (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
21:50:31.0656 7060	KSecDD - ok
21:50:31.0687 7060	l36wgps         (31c584c4f630b253cceaea12ab930b64) C:\WINDOWS\system32\DRIVERS\l36wgps.sys
21:50:31.0687 7060	l36wgps - ok
21:50:31.0734 7060	LanmanServer    (d6eb4916b203cbe525f8eff5fd5ab16c) C:\WINDOWS\System32\srvsvc.dll
21:50:31.0781 7060	LanmanServer - ok
21:50:31.0812 7060	lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
21:50:31.0828 7060	lanmanworkstation - ok
21:50:31.0843 7060	lbrtfdc - ok
21:50:31.0875 7060	LENOVO.CAMMUTE  (1ef45f1bd62b8f4c19458326a3e91930) C:\Programme\Lenovo\Communications Utility\CAMMUTE.exe
21:50:31.0890 7060	LENOVO.CAMMUTE - ok
21:50:31.0921 7060	Lenovo.micmute  (fce735941da27929dbfc1918f286ffd8) C:\Programme\LENOVO\HOTKEY\MICMUTE.exe
21:50:31.0937 7060	Lenovo.micmute - ok
21:50:31.0937 7060	lenovo.smi      (9aac267a225f3caebb9e633f7eb16e4b) C:\WINDOWS\system32\DRIVERS\smiif32.sys
21:50:31.0953 7060	lenovo.smi - ok
21:50:32.0015 7060	LiveUpdate      (6105b28f5d03c4affa7197b228768849) C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
21:50:32.0171 7060	LiveUpdate - ok
21:50:32.0218 7060	LmHosts         (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
21:50:32.0312 7060	LmHosts - ok
21:50:32.0359 7060	LMS             (97f9eaac985a663394cd8f54dcd3e73a) C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
21:50:32.0390 7060	LMS - ok
21:50:32.0421 7060	Lotus Notes Single Logon (ffe3026a0f10495252787f1a9e3543d9) C:\Notes\nslsvice.exe
21:50:32.0453 7060	Lotus Notes Single Logon - ok
21:50:32.0484 7060	Mbm4bus         (ff43f7be79b9039bd115702a3d9a9731) C:\WINDOWS\system32\DRIVERS\Mbm4bus.sys
21:50:32.0500 7060	Mbm4bus - ok
21:50:32.0515 7060	Mbm4mdfl        (ae7226900cd8a4cd7a20c904652e5d3c) C:\WINDOWS\system32\DRIVERS\Mbm4mdfl.sys
21:50:32.0531 7060	Mbm4mdfl - ok
21:50:32.0578 7060	Mbm4mdm         (a1c0e4fd7fa43954b914e3737390a494) C:\WINDOWS\system32\DRIVERS\Mbm4mdm.sys
21:50:32.0593 7060	Mbm4mdm - ok
21:50:32.0625 7060	Mbm4mgmt        (c66ddeede078244fd9d885d6f7bb419a) C:\WINDOWS\system32\DRIVERS\Mbm4mgmt.sys
21:50:32.0640 7060	Mbm4mgmt - ok
21:50:32.0656 7060	Mbm4NNd5        (725b9eb865aeba0cdbb3f3c0077ee645) C:\WINDOWS\system32\DRIVERS\Mbm4NNd5.sys
21:50:32.0656 7060	Mbm4NNd5 - ok
21:50:32.0687 7060	Mbm4NUn         (99cc98a0902ffcf99764d14a1fba02d8) C:\WINDOWS\system32\DRIVERS\Mbm4NUn.sys
21:50:32.0734 7060	Mbm4NUn - ok
21:50:32.0781 7060	MEI             (d86ac00883b9c98b570e7643aaf8e554) C:\WINDOWS\system32\DRIVERS\HECI.sys
21:50:32.0828 7060	MEI - ok
21:50:32.0843 7060	Messenger       (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
21:50:33.0000 7060	Messenger - ok
21:50:33.0046 7060	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:50:33.0187 7060	mnmdd - ok
21:50:33.0203 7060	mnmsrvc         (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
21:50:33.0359 7060	mnmsrvc - ok
21:50:33.0390 7060	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
21:50:33.0468 7060	Modem - ok
21:50:33.0484 7060	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:50:33.0546 7060	Mouclass - ok
21:50:33.0562 7060	mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:50:33.0625 7060	mouhid - ok
21:50:33.0640 7060	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:50:33.0687 7060	MountMgr - ok
21:50:33.0703 7060	mraid35x - ok
21:50:33.0703 7060	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:50:33.0781 7060	MRxDAV - ok
21:50:33.0812 7060	MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:50:33.0843 7060	MRxSmb - ok
21:50:33.0859 7060	MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
21:50:33.0921 7060	MSDTC - ok
21:50:33.0937 7060	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:50:34.0031 7060	Msfs - ok
21:50:34.0031 7060	MSIServer - ok
21:50:34.0062 7060	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:50:34.0125 7060	MSKSSRV - ok
21:50:34.0156 7060	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:50:34.0234 7060	MSPCLOCK - ok
21:50:34.0250 7060	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:50:34.0359 7060	MSPQM - ok
21:50:34.0375 7060	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:50:34.0484 7060	mssmbios - ok
21:50:34.0515 7060	MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
21:50:34.0625 7060	MSTEE - ok
21:50:34.0640 7060	Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:50:34.0671 7060	Mup - ok
21:50:34.0687 7060	NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:50:34.0828 7060	NABTSFEC - ok
21:50:34.0875 7060	NALNTSERVICE    (314b1149a560fae07a0c697f9d3d7c97) C:\Programme\Novell\ZENworks\nalntsrv.exe
21:50:34.0906 7060	NALNTSERVICE ( UnsignedFile.Multi.Generic ) - warning
21:50:34.0906 7060	NALNTSERVICE - detected UnsignedFile.Multi.Generic (1)
21:50:34.0921 7060	napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
21:50:35.0062 7060	napagent - ok
21:50:35.0156 7060	NAVENG          (862f55824ac81295837b0ab63f91071f) C:\PROGRA~2\GEMEIN~1\SYMANT~1\VIRUSD~1\20120326.002\NAVENG.SYS
21:50:35.0187 7060	NAVENG - ok
21:50:35.0234 7060	NAVEX15         (529d571b551cb9da44237389b936f1ae) C:\PROGRA~2\GEMEIN~1\SYMANT~1\VIRUSD~1\20120326.002\NAVEX15.SYS
21:50:35.0343 7060	NAVEX15 - ok
21:50:35.0390 7060	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:50:35.0546 7060	NDIS - ok
21:50:35.0578 7060	NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:50:35.0750 7060	NdisIP - ok
21:50:35.0781 7060	NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:50:35.0812 7060	NdisTapi - ok
21:50:35.0828 7060	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:50:35.0921 7060	Ndisuio - ok
21:50:35.0937 7060	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:50:36.0000 7060	NdisWan - ok
21:50:36.0046 7060	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:50:36.0078 7060	NDProxy - ok
21:50:36.0078 7060	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:50:36.0140 7060	NetBIOS - ok
21:50:36.0156 7060	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:50:36.0218 7060	NetBT - ok
21:50:36.0250 7060	NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
21:50:36.0328 7060	NetDDE - ok
21:50:36.0328 7060	NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
21:50:36.0406 7060	NetDDEdsdm - ok
21:50:36.0421 7060	Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
21:50:36.0468 7060	Netlogon - ok
21:50:36.0484 7060	Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
21:50:36.0578 7060	Netman - ok
21:50:36.0640 7060	NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:50:36.0656 7060	NetTcpPortSharing - ok
21:50:36.0703 7060	NetwareWorkstation (a48f743759ea1c7917eb21cadf75f566) C:\WINDOWS\system32\NetWare\nwfs.sys
21:50:36.0734 7060	NetwareWorkstation ( UnsignedFile.Multi.Generic ) - warning
21:50:36.0734 7060	NetwareWorkstation - detected UnsignedFile.Multi.Generic (1)
21:50:36.0906 7060	NETwNx32        (32e6902485c5add8e4c6cd21545d5133) C:\WINDOWS\system32\DRIVERS\NETwNx32.sys
21:50:37.0203 7060	NETwNx32 - ok
21:50:37.0250 7060	NICICCS         (93c697a3e20026f1778776e853208e6f) C:\WINDOWS\system32\drivers\NICICCS.sys
21:50:37.0281 7060	NICICCS ( UnsignedFile.Multi.Generic ) - warning
21:50:37.0281 7060	NICICCS - detected UnsignedFile.Multi.Generic (1)
21:50:37.0296 7060	NICM            (d686538f37dff96042047930650ac88d) C:\WINDOWS\system32\drivers\nicm.sys
21:50:37.0312 7060	NICM ( UnsignedFile.Multi.Generic ) - warning
21:50:37.0312 7060	NICM - detected UnsignedFile.Multi.Generic (1)
21:50:37.0375 7060	Nla             (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
21:50:37.0406 7060	Nla - ok
21:50:37.0453 7060	NMIndexingService (cb992ae1506985d9167e85883b4c3240) C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
21:50:37.0515 7060	NMIndexingService - ok
21:50:37.0562 7060	Novell Identity Store (0fbaacfa6fc27a100d56c22aa655edf7) C:\Programme\Novell\CASA\bin\micasad.exe
21:50:37.0578 7060	Novell Identity Store ( UnsignedFile.Multi.Generic ) - warning
21:50:37.0578 7060	Novell Identity Store - detected UnsignedFile.Multi.Generic (1)
21:50:37.0625 7060	Novell ZENworks Agent Service (f64dbf67e80c112d7f35d78979e01cf5) C:\Programme\Novell\ZENworks\bin\ZenworksWindowsService.exe
21:50:37.0625 7060	Novell ZENworks Agent Service ( UnsignedFile.Multi.Generic ) - warning
21:50:37.0625 7060	Novell ZENworks Agent Service - detected UnsignedFile.Multi.Generic (1)
21:50:37.0656 7060	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:50:37.0703 7060	Npfs - ok
21:50:37.0718 7060	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:50:37.0781 7060	Ntfs - ok
21:50:37.0812 7060	NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
21:50:37.0859 7060	NtLmSsp - ok
21:50:37.0890 7060	NtmsSvc         (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
21:50:37.0953 7060	NtmsSvc - ok
21:50:37.0968 7060	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:50:38.0015 7060	Null - ok
21:50:38.0250 7060	nv              (92ffc99aadfba0e1441556b33557b006) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:50:38.0593 7060	nv - ok
21:50:38.0640 7060	NVHDA           (1fda0adfd0dd666ecb1cbf8436f81805) C:\WINDOWS\system32\drivers\nvhda32.sys
21:50:38.0656 7060	NVHDA - ok
21:50:38.0671 7060	nvsvc           (3f7dfa811cddc9f9369a354dbedfadda) C:\WINDOWS\system32\nvsvc32.exe
21:50:38.0703 7060	nvsvc - ok
21:50:38.0718 7060	NWDHCP          (a4b071419e0ea596ffb3da89c1f04e61) C:\WINDOWS\system32\NetWare\nwdhcp.sys
21:50:38.0734 7060	NWDHCP ( UnsignedFile.Multi.Generic ) - warning
21:50:38.0734 7060	NWDHCP - detected UnsignedFile.Multi.Generic (1)
21:50:38.0750 7060	NWDNS           (b6f69f4d4fae462574f3440070ac22ec) C:\WINDOWS\system32\NetWare\nwdns.sys
21:50:38.0765 7060	NWDNS ( UnsignedFile.Multi.Generic ) - warning
21:50:38.0765 7060	NWDNS - detected UnsignedFile.Multi.Generic (1)
21:50:38.0781 7060	NWFILTER        (3d8f24cbed28067e4c5a960ee67cdb19) C:\WINDOWS\system32\NetWare\nwfilter.sys
21:50:38.0781 7060	NWFILTER ( UnsignedFile.Multi.Generic ) - warning
21:50:38.0781 7060	NWFILTER - detected UnsignedFile.Multi.Generic (1)
21:50:38.0796 7060	NWHOST          (baa75acf404bebce7065663664a7c3e4) C:\WINDOWS\system32\NetWare\NWHOST.sys
21:50:38.0812 7060	NWHOST ( UnsignedFile.Multi.Generic ) - warning
21:50:38.0812 7060	NWHOST - detected UnsignedFile.Multi.Generic (1)
21:50:38.0828 7060	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:50:38.0875 7060	NwlnkFlt - ok
21:50:38.0890 7060	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:50:38.0953 7060	NwlnkFwd - ok
21:50:38.0968 7060	NWSAP           (2726a6792bbb080ff345ed9a8111360f) C:\WINDOWS\system32\NetWare\NWSAP.sys
21:50:38.0984 7060	NWSAP ( UnsignedFile.Multi.Generic ) - warning
21:50:38.0984 7060	NWSAP - detected UnsignedFile.Multi.Generic (1)
21:50:39.0031 7060	NWSAPAutoWorkstationUpdateSvc (e6786593e1a3a2cce974a130dc6fc28f) C:\Programme\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe
21:50:39.0046 7060	NWSAPAutoWorkstationUpdateSvc ( UnsignedFile.Multi.Generic ) - warning
21:50:39.0046 7060	NWSAPAutoWorkstationUpdateSvc - detected UnsignedFile.Multi.Generic (1)
21:50:39.0078 7060	NWSIPX32        (e00b0349cc3921225ad60728230d78be) C:\WINDOWS\system32\NetWare\nwsipx32.sys
21:50:39.0078 7060	NWSIPX32 ( UnsignedFile.Multi.Generic ) - warning
21:50:39.0078 7060	NWSIPX32 - detected UnsignedFile.Multi.Generic (1)
21:50:39.0109 7060	NWSLP           (10e02fc7585e495dd963031520ad2f0a) C:\WINDOWS\system32\NetWare\nwslp.sys
21:50:39.0109 7060	NWSLP ( UnsignedFile.Multi.Generic ) - warning
21:50:39.0109 7060	NWSLP - detected UnsignedFile.Multi.Generic (1)
21:50:39.0125 7060	NWSNS           (172308996609da67e99c87fa784df8bc) C:\WINDOWS\system32\NetWare\NWSNS.sys
21:50:39.0125 7060	NWSNS ( UnsignedFile.Multi.Generic ) - warning
21:50:39.0125 7060	NWSNS - detected UnsignedFile.Multi.Generic (1)
21:50:39.0156 7060	ose             (7a56cf3e3f12e8af599963b16f50fb6a) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
21:50:39.0171 7060	ose - ok
21:50:39.0218 7060	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
21:50:39.0265 7060	Parport - ok
21:50:39.0296 7060	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:50:39.0343 7060	PartMgr - ok
21:50:39.0375 7060	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
21:50:39.0437 7060	ParVdm - ok
21:50:39.0515 7060	PatchLink Update (83c7705e5850ce8f9a527cc5af048b2c) C:\Programme\PatchLink\Update Agent\GravitixService.exe
21:50:39.0515 7060	PatchLink Update ( UnsignedFile.Multi.Generic ) - warning
21:50:39.0515 7060	PatchLink Update - detected UnsignedFile.Multi.Generic (1)
21:50:39.0531 7060	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
21:50:39.0578 7060	PCI - ok
21:50:39.0578 7060	PCIDump - ok
21:50:39.0593 7060	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:50:39.0625 7060	PCIIde - ok
21:50:39.0656 7060	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:50:39.0703 7060	Pcmcia - ok
21:50:39.0703 7060	PDCOMP - ok
21:50:39.0718 7060	PDFRAME - ok
21:50:39.0718 7060	PDRELI - ok
21:50:39.0734 7060	PDRFRAME - ok
21:50:39.0734 7060	perc2 - ok
21:50:39.0750 7060	perc2hib - ok
21:50:39.0781 7060	PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
21:50:39.0796 7060	PlugPlay - ok
21:50:39.0812 7060	PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
21:50:39.0859 7060	PolicyAgent - ok
21:50:39.0906 7060	Power Manager DBC Service (1275eba5a13135f65665a155f61789f2) C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe
21:50:39.0906 7060	Power Manager DBC Service ( UnsignedFile.Multi.Generic ) - warning
21:50:39.0906 7060	Power Manager DBC Service - detected UnsignedFile.Multi.Generic (1)
21:50:39.0937 7060	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:50:40.0000 7060	PptpMiniport - ok
21:50:40.0078 7060	prepdrvr        (2a4514a9233d35a355f569ff8b8f6240) C:\WINDOWS\system32\CCM\prepdrv.sys
21:50:40.0093 7060	prepdrvr - ok
21:50:40.0093 7060	ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
21:50:40.0156 7060	ProtectedStorage - ok
21:50:40.0171 7060	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:50:40.0343 7060	PSched - ok
21:50:40.0343 7060	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:50:40.0500 7060	Ptilink - ok
21:50:40.0546 7060	PwmEWSvc        (bb232ee2820093d13af78f3c6a67f49f) C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe
21:50:40.0578 7060	PwmEWSvc - ok
21:50:40.0578 7060	ql1080 - ok
21:50:40.0593 7060	Ql10wnt - ok
21:50:40.0593 7060	ql12160 - ok
21:50:40.0609 7060	ql1240 - ok
21:50:40.0609 7060	ql1280 - ok
21:50:40.0625 7060	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:50:40.0671 7060	RasAcd - ok
21:50:40.0703 7060	RasAuto         (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
21:50:40.0750 7060	RasAuto - ok
21:50:40.0765 7060	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:50:40.0796 7060	Rasl2tp - ok
21:50:40.0828 7060	RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
21:50:40.0890 7060	RasMan - ok
21:50:40.0890 7060	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:50:40.0953 7060	RasPppoe - ok
21:50:40.0953 7060	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:50:41.0000 7060	Raspti - ok
21:50:41.0031 7060	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:50:41.0078 7060	Rdbss - ok
21:50:41.0093 7060	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:50:41.0234 7060	RDPCDD - ok
21:50:41.0250 7060	rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:50:41.0296 7060	rdpdr - ok
21:50:41.0328 7060	RDPWD           (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
21:50:41.0343 7060	RDPWD - ok
21:50:41.0375 7060	RDSessMgr       (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
21:50:41.0421 7060	RDSessMgr - ok
21:50:41.0437 7060	redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:50:41.0484 7060	redbook - ok
21:50:41.0531 7060	RegSrvc         (af9d9c8a2f6e4841673f59dc47b0d943) C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe
21:50:41.0546 7060	RegSrvc - ok
21:50:41.0625 7060	Remote Management Agent (cd1f0f292423e3b14aca57c7a45a1892) C:\Programme\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
21:50:41.0640 7060	Remote Management Agent ( UnsignedFile.Multi.Generic ) - warning
21:50:41.0640 7060	Remote Management Agent - detected UnsignedFile.Multi.Generic (1)
21:50:41.0671 7060	RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
21:50:41.0718 7060	RemoteAccess - ok
21:50:41.0750 7060	RemoteRegistry  (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
21:50:41.0796 7060	RemoteRegistry - ok
21:50:41.0828 7060	RESMGR          (382ec29aa5bbd5ea7e959167f9cdada2) C:\WINDOWS\system32\NetWare\resmgr.sys
21:50:41.0828 7060	RESMGR ( UnsignedFile.Multi.Generic ) - warning
21:50:41.0828 7060	RESMGR - detected UnsignedFile.Multi.Generic (1)
21:50:41.0875 7060	risdxc          (9ebc0f4b55ec20e91fe40ac83825836c) C:\WINDOWS\system32\DRIVERS\risdxc86.sys
21:50:41.0890 7060	risdxc - ok
21:50:41.0906 7060	RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
21:50:41.0984 7060	RpcLocator - ok
21:50:42.0062 7060	RpcSs           (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
21:50:42.0078 7060	RpcSs - ok
21:50:42.0125 7060	RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
21:50:42.0218 7060	RSVP - ok
21:50:42.0265 7060	S24EventMonitor (0acf9b6bbd8b0f45f1b9a1f6c48c8e9f) C:\Programme\Intel\WiFi\bin\S24EvMon.exe
21:50:42.0328 7060	S24EventMonitor - ok
21:50:42.0390 7060	s24trans        (27fc71da659305e260acbda15a318399) C:\WINDOWS\system32\DRIVERS\s24trans.sys
21:50:42.0390 7060	s24trans ( UnsignedFile.Multi.Generic ) - warning
21:50:42.0390 7060	s24trans - detected UnsignedFile.Multi.Generic (1)
21:50:42.0421 7060	SamSs           (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
21:50:42.0515 7060	SamSs - ok
21:50:42.0531 7060	SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
21:50:42.0578 7060	SCardSvr - ok
21:50:42.0625 7060	Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
21:50:42.0687 7060	Schedule - ok
21:50:42.0703 7060	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:50:42.0734 7060	Secdrv - ok
21:50:42.0750 7060	seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
21:50:42.0812 7060	seclogon - ok
21:50:42.0843 7060	SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
21:50:42.0968 7060	SENS - ok
21:50:43.0000 7060	serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:50:43.0078 7060	serenum - ok
21:50:43.0093 7060	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
21:50:43.0250 7060	Serial - ok
21:50:43.0265 7060	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:50:43.0421 7060	Sfloppy - ok
21:50:43.0437 7060	SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
21:50:43.0546 7060	SharedAccess - ok
21:50:43.0578 7060	ShellHWDetection (40602ebfbe06aa075c8e4560743f6883) C:\WINDOWS\System32\shsvcs.dll
21:50:43.0671 7060	ShellHWDetection - ok
21:50:43.0703 7060	Shockprf        (df6a84dd19d3c0858d707b5e64938d60) C:\WINDOWS\system32\DRIVERS\Apsx86.sys
21:50:43.0703 7060	Shockprf - ok
21:50:43.0734 7060	Simbad - ok
21:50:43.0750 7060	SkypeUpdate     (17eab7852ff9f15fbaab4e95efc0b812) C:\Programme\Skype\Updater\Updater.exe
21:50:43.0875 7060	SkypeUpdate - ok
21:50:43.0906 7060	SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:50:44.0046 7060	SLIP - ok
21:50:44.0156 7060	SMART Mirror Driver Monitor Service (a79877a2c614503b93c9a3e87b25f8da) C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\TANDBERG\See&Share\monitorservice.exe
21:50:44.0281 7060	SMART Mirror Driver Monitor Service ( UnsignedFile.Multi.Generic ) - warning
21:50:44.0281 7060	SMART Mirror Driver Monitor Service - detected UnsignedFile.Multi.Generic (1)
21:50:44.0343 7060	SmcService      (0dc94380be7d36ae241029c72807692e) C:\Programme\Symantec\Symantec Endpoint Protection\Smc.exe
21:50:44.0437 7060	SmcService - ok
21:50:44.0500 7060	smihlp          (0b9c01236d25bdcb37aa79dc59dfb7d3) C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys
21:50:44.0515 7060	smihlp - ok
21:50:44.0562 7060	smrtdrv         (947154112d318885026dedeaa13489ca) C:\WINDOWS\system32\DRIVERS\smrtdrv.sys
21:50:44.0562 7060	smrtdrv - ok
21:50:44.0593 7060	smsmdd          (4b4ab78e866bbecf93f6eabc3270178a) C:\WINDOWS\system32\DRIVERS\smsmdm.sys
21:50:44.0593 7060	smsmdd - ok
21:50:44.0640 7060	smstsmgr - ok
21:50:44.0671 7060	SNAC            (65e1ebf379856b677979802c8d5bcd87) C:\Programme\Symantec\Symantec Endpoint Protection\SNAC.EXE
21:50:44.0734 7060	SNAC - ok
21:50:44.0750 7060	Sony_EricssonWWSC (deaf30a1a325168bf823ecda2fb89f6e) C:\WINDOWS\system32\DRIVERS\lnvoscard.sys
21:50:44.0765 7060	Sony_EricssonWWSC - ok
21:50:44.0765 7060	Sparrow - ok
21:50:44.0828 7060	SPBBCDrv        (e87cf104f12c92401c4d33c50a3d5dc8) C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys
21:50:44.0859 7060	SPBBCDrv - ok
21:50:44.0890 7060	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:50:44.0984 7060	splitter - ok
21:50:45.0046 7060	Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
21:50:45.0078 7060	Spooler - ok
21:50:45.0109 7060	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
21:50:45.0156 7060	sr - ok
21:50:45.0187 7060	srservice       (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
21:50:45.0218 7060	srservice - ok
21:50:45.0234 7060	SRTSP           (5a293729e1f9fce3a2106d1f5dc5e98a) C:\WINDOWS\system32\Drivers\SRTSP.SYS
21:50:45.0250 7060	SRTSP - ok
21:50:45.0296 7060	SRTSPL          (0ddb7fba32be09d8057063c0cee24137) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
21:50:45.0328 7060	SRTSPL - ok
21:50:45.0343 7060	SRTSPX          (a99719dfb61b61aa5026341bbb733c0a) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
21:50:45.0359 7060	SRTSPX - ok
21:50:45.0375 7060	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:50:45.0390 7060	Srv - ok
21:50:45.0421 7060	SRVLOC          (9a44b2bacf48abba25cbd043770a7fcb) C:\WINDOWS\system32\NetWare\srvloc.sys
21:50:45.0437 7060	SRVLOC ( UnsignedFile.Multi.Generic ) - warning
21:50:45.0437 7060	SRVLOC - detected UnsignedFile.Multi.Generic (1)
21:50:45.0453 7060	SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
21:50:45.0515 7060	SSDPSRV - ok
21:50:45.0562 7060	stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
21:50:45.0625 7060	stisvc - ok
21:50:45.0656 7060	stmtpm          (8afa1b80366276f8345a6b61e0df2f3e) C:\WINDOWS\system32\DRIVERS\stm_tpm.sys
21:50:45.0656 7060	stmtpm - ok
21:50:45.0687 7060	streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:50:45.0734 7060	streamip - ok
21:50:45.0765 7060	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:50:45.0843 7060	swenum - ok
21:50:45.0859 7060	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:50:45.0906 7060	swmidi - ok
21:50:45.0906 7060	SwPrv - ok
21:50:45.0984 7060	Symantec AntiVirus (f3a4ead0b3946e439f0397f7a4d09952) C:\Programme\Symantec\Symantec Endpoint Protection\Rtvscan.exe
21:50:46.0093 7060	Symantec AntiVirus - ok
21:50:46.0109 7060	symc810 - ok
21:50:46.0109 7060	symc8xx - ok
21:50:46.0140 7060	SymEvent        (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
21:50:46.0156 7060	SymEvent - ok
21:50:46.0156 7060	sym_hi - ok
21:50:46.0171 7060	sym_u3 - ok
21:50:46.0203 7060	SynTP           (4db524dcd5cece0349d9f8c3738da0b2) C:\WINDOWS\system32\DRIVERS\SynTP.sys
21:50:46.0250 7060	SynTP - ok
21:50:46.0296 7060	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:50:46.0406 7060	sysaudio - ok
21:50:46.0437 7060	SysmonLog       (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
21:50:46.0546 7060	SysmonLog - ok
21:50:46.0562 7060	SysPlant        (5dcc2c7acc29dfba5ba82ed47d99c7e5) C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys
21:50:46.0578 7060	SysPlant - ok
21:50:46.0609 7060	TapiSrv         (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
21:50:46.0750 7060	TapiSrv - ok
21:50:46.0781 7060	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:50:46.0843 7060	Tcpip - ok
21:50:46.0875 7060	TcUsb           (58e3eb5a5c78740c5870eee6648ccc46) C:\WINDOWS\system32\Drivers\tcusb.sys
21:50:46.0906 7060	TcUsb - ok
21:50:46.0937 7060	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:50:47.0093 7060	TDPIPE - ok
21:50:47.0109 7060	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:50:47.0218 7060	TDTCP - ok
21:50:47.0234 7060	Teefer2         (1d3c046a9106de97ddc8276958700bf4) C:\WINDOWS\system32\DRIVERS\teefer2.sys
21:50:47.0250 7060	Teefer2 - ok
21:50:47.0265 7060	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:50:47.0312 7060	TermDD - ok
21:50:47.0328 7060	TermService     (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
21:50:47.0390 7060	TermService - ok
21:50:47.0406 7060	Themes          (40602ebfbe06aa075c8e4560743f6883) C:\WINDOWS\System32\shsvcs.dll
21:50:47.0468 7060	Themes - ok
21:50:47.0500 7060	TlntSvr         (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe
21:50:47.0531 7060	TlntSvr - ok
21:50:47.0531 7060	TosIde - ok
21:50:47.0562 7060	TPDIGIMN        (50b570e4209f6d401893720fc8ddce46) C:\WINDOWS\system32\DRIVERS\ApsHM86.sys
21:50:47.0562 7060	TPDIGIMN - ok
21:50:47.0593 7060	TPHDEXLGSVC     (1f98a2433555dd854cb4e2edc819deb4) C:\WINDOWS\system32\TPHDEXLG.exe
21:50:47.0609 7060	TPHDEXLGSVC - ok
21:50:47.0656 7060	TPHKDRV         (8aef2188630f5ecd79ad9abba630630b) C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys
21:50:47.0671 7060	TPHKDRV - ok
21:50:47.0734 7060	TPHKLOAD        (88d609bfdeb7e013e9e491434190ba43) C:\Programme\LENOVO\HOTKEY\TPHKLOAD.exe
21:50:47.0750 7060	TPHKLOAD ( UnsignedFile.Multi.Generic ) - warning
21:50:47.0750 7060	TPHKLOAD - detected UnsignedFile.Multi.Generic (1)
21:50:47.0765 7060	TPHKSVC         (9e6e4a9789f76593cc5a6a5af8fc5929) C:\Programme\LENOVO\HOTKEY\TPHKSVC.exe
21:50:47.0781 7060	TPHKSVC - ok
21:50:47.0812 7060	TPPWRIF         (c037817e2498d9db736e4ba355b1f4e7) C:\WINDOWS\system32\drivers\Tppwrif.sys
21:50:47.0828 7060	TPPWRIF - ok
21:50:47.0843 7060	TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
21:50:47.0921 7060	TrkWks - ok
21:50:47.0968 7060	TrojanKillerDriver (113384367c3999e084fe156b18c7625e) C:\WINDOWS\system32\DRIVERS\gtkdrv.sys
21:50:47.0968 7060	TrojanKillerDriver - ok
21:50:48.0000 7060	TSMAPIP         (f10f36e20448a5500a5f83f67ee4aad4) C:\WINDOWS\system32\drivers\TSMAPIP.SYS
21:50:48.0015 7060	TSMAPIP ( UnsignedFile.Multi.Generic ) - warning
21:50:48.0015 7060	TSMAPIP - detected UnsignedFile.Multi.Generic (1)
21:50:48.0062 7060	uagqecsvc       (e212cd75c7558450c0890710f892084c) C:\Programme\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
21:50:48.0078 7060	uagqecsvc - ok
21:50:48.0125 7060	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:50:48.0203 7060	Udfs - ok
21:50:48.0218 7060	ultra - ok
21:50:48.0328 7060	UNS             (a69cd6bdb82872999d2e46f9324ada83) C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
21:50:48.0453 7060	UNS - ok
21:50:48.0515 7060	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:50:48.0609 7060	Update - ok
21:50:48.0656 7060	UPHClean        (3f9a3232e5f942874488981f3242c989) C:\Programme\UPHClean\uphclean.exe
21:50:48.0671 7060	UPHClean ( UnsignedFile.Multi.Generic ) - warning
21:50:48.0671 7060	UPHClean - detected UnsignedFile.Multi.Generic (1)
21:50:48.0718 7060	upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
21:50:48.0765 7060	upnphost - ok
21:50:48.0781 7060	UPS             (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
21:50:48.0843 7060	UPS - ok
21:50:48.0875 7060	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:50:48.0921 7060	usbccgp - ok
21:50:48.0937 7060	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:50:48.0984 7060	usbehci - ok
21:50:49.0000 7060	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:50:49.0093 7060	usbhub - ok
21:50:49.0125 7060	usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:50:49.0234 7060	usbprint - ok
21:50:49.0250 7060	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:50:49.0296 7060	USBSTOR - ok
21:50:49.0296 7060	usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:50:49.0343 7060	usbuhci - ok
21:50:49.0359 7060	usbvideo        (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
21:50:49.0421 7060	usbvideo - ok
21:50:49.0437 7060	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:50:49.0531 7060	VgaSave - ok
21:50:49.0546 7060	ViaIde - ok
21:50:49.0562 7060	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
21:50:49.0687 7060	VolSnap - ok
21:50:49.0718 7060	VSS             (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
21:50:49.0781 7060	VSS - ok
21:50:49.0796 7060	W32Time         (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
21:50:49.0843 7060	W32Time - ok
21:50:49.0859 7060	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:50:49.0906 7060	Wanarp - ok
21:50:49.0937 7060	Wdf01000        (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
21:50:49.0968 7060	Wdf01000 - ok
21:50:49.0968 7060	WDICA - ok
21:50:50.0015 7060	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:50:50.0062 7060	wdmaud - ok
21:50:50.0093 7060	WebClient       (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
21:50:50.0125 7060	WebClient - ok
21:50:50.0156 7060	winmgmt         (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
21:50:50.0203 7060	winmgmt - ok
21:50:50.0234 7060	WMCoreService - ok
21:50:50.0281 7060	WmdmPmSN        (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
21:50:50.0281 7060	WmdmPmSN - ok
21:50:50.0312 7060	Wmi             (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
21:50:50.0343 7060	Wmi - ok
21:50:50.0390 7060	WmiAcpi         (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
21:50:50.0437 7060	WmiAcpi - ok
21:50:50.0453 7060	WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:50:50.0515 7060	WmiApSrv - ok
21:50:50.0562 7060	WMPNetworkSvc   (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe
21:50:50.0640 7060	WMPNetworkSvc - ok
21:50:50.0687 7060	WNTHW           (c214dd6d6905f01fe3e0a2c334e2244e) C:\WINDOWS\system32\DRIVERS\WNTHW.SYS
21:50:50.0703 7060	WNTHW ( UnsignedFile.Multi.Generic ) - warning
21:50:50.0703 7060	WNTHW - detected UnsignedFile.Multi.Generic (1)
21:50:50.0734 7060	WPS             (e8e745b8eee63c7cf7d34833d3b8ca7f) C:\WINDOWS\system32\drivers\wpsdrvnt.sys
21:50:50.0734 7060	WPS - ok
21:50:50.0765 7060	WpsHelper       (ff983a25ae6f7d3f87f26bf51f02a201) C:\WINDOWS\system32\drivers\WpsHelper.sys
21:50:50.0781 7060	WpsHelper - ok
21:50:50.0812 7060	wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
21:50:50.0906 7060	wscsvc - ok
21:50:50.0937 7060	WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:50:50.0968 7060	WSTCODEC - ok
21:50:51.0000 7060	wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
21:50:51.0046 7060	wuauserv - ok
21:50:51.0078 7060	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:50:51.0078 7060	WudfPf - ok
21:50:51.0093 7060	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:50:51.0109 7060	WudfRd - ok
21:50:51.0125 7060	WudfSvc         (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
21:50:51.0140 7060	WudfSvc - ok
21:50:51.0171 7060	WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
21:50:51.0281 7060	WZCSVC - ok
21:50:51.0312 7060	xmlprov         (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
21:50:51.0390 7060	xmlprov - ok
21:50:51.0453 7060	XTAgent         (0b6cd7f4ad6ae20f7585416f7cc3e09d) C:\WINDOWS\System32\Novell\XTAgent.exe
21:50:51.0500 7060	XTAgent ( UnsignedFile.Multi.Generic ) - warning
21:50:51.0500 7060	XTAgent - detected UnsignedFile.Multi.Generic (1)
21:50:51.0546 7060	ZENPreAgent     (144f2f6919403bfbb61e4e256bc9763f) C:\WINDOWS\novell\zenworks\bin\ZENPreAgent.exe
21:50:51.0562 7060	ZENPreAgent ( UnsignedFile.Multi.Generic ) - warning
21:50:51.0562 7060	ZENPreAgent - detected UnsignedFile.Multi.Generic (1)
21:50:51.0578 7060	ZFDWM           (0cecef6cf073aad201b5d671a3c0cd60) C:\Programme\Novell\ZENworks\wm.exe
21:50:51.0609 7060	ZFDWM ( UnsignedFile.Multi.Generic ) - warning
21:50:51.0609 7060	ZFDWM - detected UnsignedFile.Multi.Generic (1)
21:50:51.0625 7060	MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
21:50:51.0953 7060	\Device\Harddisk0\DR0 - ok
21:50:51.0953 7060	Boot (0x1200)   (3517c5b4fad91ffe6593ae16d5730873) \Device\Harddisk0\DR0\Partition0
21:50:51.0953 7060	\Device\Harddisk0\DR0\Partition0 - ok
21:50:51.0984 7060	Boot (0x1200)   (90099d54f6f832bec9f15797c1b37e3d) \Device\Harddisk0\DR0\Partition1
21:50:51.0984 7060	\Device\Harddisk0\DR0\Partition1 - ok
21:50:52.0031 7060	Boot (0x1200)   (c746c0b62a8272709e2bf62fc5daa784) \Device\Harddisk0\DR0\Partition2
21:50:52.0046 7060	\Device\Harddisk0\DR0\Partition2 - ok
21:50:52.0046 7060	============================================================
21:50:52.0046 7060	Scan finished
21:50:52.0046 7060	============================================================
21:50:52.0140 3840	Detected object count: 36
21:50:52.0140 3840	Actual detected object count: 36
21:51:44.0578 3840	ANC ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0593 3840	ANC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:51:44.0593 3840	BlankScr ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0593 3840	BlankScr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:51:44.0593 3840	BM ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0593 3840	BM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:51:44.0593 3840	BrYNSvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0593 3840	BrYNSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:51:44.0593 3840	cusrvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0593 3840	cusrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:51:44.0593 3840	Darpan ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0593 3840	Darpan ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:51:44.0593 3840	IBMTPCHK ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0593 3840	IBMTPCHK ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:51:44.0593 3840	NALNTSERVICE ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0593 3840	NALNTSERVICE ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:51:44.0593 3840	NetwareWorkstation ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0593 3840	NetwareWorkstation ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:51:44.0593 3840	NICICCS ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0593 3840	NICICCS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:51:44.0593 3840	NICM ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0609 3840	NICM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:51:44.0609 3840	Novell Identity Store ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0609 3840	Novell Identity Store ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:51:44.0609 3840	Novell ZENworks Agent Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0609 3840	Novell ZENworks Agent Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:51:44.0609 3840	NWDHCP ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0609 3840	NWDHCP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:51:44.0609 3840	NWDNS ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0609 3840	NWDNS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:51:44.0609 3840	NWFILTER ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0609 3840	NWFILTER ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:51:44.0609 3840	NWHOST ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0609 3840	NWHOST ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:51:44.0609 3840	NWSAP ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0609 3840	NWSAP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:51:44.0609 3840	NWSAPAutoWorkstationUpdateSvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0609 3840	NWSAPAutoWorkstationUpdateSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:51:44.0609 3840	NWSIPX32 ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0609 3840	NWSIPX32 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:51:44.0609 3840	NWSLP ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0609 3840	NWSLP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:51:44.0625 3840	NWSNS ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0625 3840	NWSNS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:51:44.0625 3840	PatchLink Update ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0625 3840	PatchLink Update ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:51:44.0625 3840	Power Manager DBC Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0625 3840	Power Manager DBC Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:51:44.0625 3840	Remote Management Agent ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0625 3840	Remote Management Agent ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:51:44.0625 3840	RESMGR ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0625 3840	RESMGR ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:51:44.0625 3840	s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0625 3840	s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:51:44.0625 3840	SMART Mirror Driver Monitor Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0625 3840	SMART Mirror Driver Monitor Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:51:44.0625 3840	SRVLOC ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0625 3840	SRVLOC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:51:44.0625 3840	TPHKLOAD ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0625 3840	TPHKLOAD ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:51:44.0625 3840	TSMAPIP ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0625 3840	TSMAPIP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:51:44.0625 3840	UPHClean ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0625 3840	UPHClean ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:51:44.0640 3840	WNTHW ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0640 3840	WNTHW ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:51:44.0640 3840	XTAgent ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0640 3840	XTAgent ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:51:44.0640 3840	ZENPreAgent ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0640 3840	ZENPreAgent ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:51:44.0640 3840	ZFDWM ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0640 3840	ZFDWM ( UnsignedFile.Multi.Generic ) - User select action: Skip

Ich warte auf eine Antwort.
Vielendank in Voraus!

cosinus · 27.03.2012, 10:12

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

sravy · 27.03.2012, 21:17

Der log sieht so aus nach der CombiFix ausführung.
Danke in Voraus. Auf eine Rückmeldung würde ich mich freuen.

[CODE]
Combofix Logfile:

Code:

ATTFilter

ComboFix 12-03-27.03 - Sravan Kumar Puppala 27.03.2012  22:01:28.1.4 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.3569.2561 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Sravan Kumar Puppala\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programme\TelevisionFanatic
c:\programme\TelevisionFanatic\bar\Cache\0007AA95
c:\programme\TelevisionFanatic\bar\Cache\0007BE8B.bmp
c:\programme\TelevisionFanatic\bar\Cache\0007BF27.bmp
c:\programme\TelevisionFanatic\bar\Cache\0007C0EC.bmp
c:\programme\TelevisionFanatic\bar\Cache\0007C2A2.bmp
c:\programme\TelevisionFanatic\bar\Cache\0007C2C1.bmp
c:\programme\TelevisionFanatic\bar\Cache\0009CAF5.bmp
c:\programme\TelevisionFanatic\bar\Cache\0009CECD.bmp
c:\programme\TelevisionFanatic\bar\Cache\0009CEEC.bmp
c:\programme\TelevisionFanatic\bar\Cache\0009CFC7.bmp
c:\programme\TelevisionFanatic\bar\Cache\0009D0A2.bmp
c:\programme\TelevisionFanatic\bar\Cache\0009D2D4.bmp
c:\programme\TelevisionFanatic\bar\Cache\0009D7B6.bmp
c:\programme\TelevisionFanatic\bar\Cache\000D0F52.jhtml
c:\programme\TelevisionFanatic\bar\Cache\files.ini
c:\programme\TelevisionFanatic\bar\gen1\COMMON.T8S
c:\programme\TelevisionFanatic\bar\History\search3
c:\programme\TelevisionFanatic\bar\IE9Mesg\COMMON.T8S
c:\programme\TelevisionFanatic\bar\Message\COMMON.T8S
c:\programme\TelevisionFanatic\bar\Message\COMMON\8_step1.gif
c:\programme\TelevisionFanatic\bar\Message\COMMON\anemone.js
c:\programme\TelevisionFanatic\bar\Message\COMMON\bd_grad.gif
c:\programme\TelevisionFanatic\bar\Message\COMMON\hpguard.js
c:\programme\TelevisionFanatic\bar\Message\COMMON\hpguard1.htm
c:\programme\TelevisionFanatic\bar\Message\COMMON\hpguard2.htm
c:\programme\TelevisionFanatic\bar\Message\COMMON\hpp_ok.png
c:\programme\TelevisionFanatic\bar\Message\COMMON\hpp_x.png
c:\programme\TelevisionFanatic\bar\Message\COMMON\hpp_x2.png
c:\programme\TelevisionFanatic\bar\Message\COMMON\index.htm
c:\programme\TelevisionFanatic\bar\Message\COMMON\mid_dots.gif
c:\programme\TelevisionFanatic\bar\Message\COMMON\mws_logo.gif
c:\programme\TelevisionFanatic\bar\Message\COMMON\protect.htm
c:\programme\TelevisionFanatic\bar\Message\COMMON\rebut4b.htm
c:\programme\TelevisionFanatic\bar\Message\COMMON\shield.png
c:\programme\TelevisionFanatic\bar\Message\COMMON\stop.gif
c:\programme\TelevisionFanatic\bar\Message\COMMON\systrayp.htm
c:\programme\TelevisionFanatic\bar\Message\COMMON\tp_grad.gif
c:\programme\TelevisionFanatic\bar\Settings\prevcfg2.htm
c:\programme\TelevisionFanatic\bar\Settings\s_pid.dat
c:\programme\TelevisionFanatic\bar\Settings\s_w1.dat
c:\programme\TelevisionFanatic\TelevisionFanatic\Cache\PopupProperties100016728.html
c:\programme\TelevisionFanatic\TelevisionFanatic\Cache\PopupProperties100016730.html
c:\programme\TelevisionFanatic\TelevisionFanatic\Cache\PopupProperties100065028.html
c:\programme\TelevisionFanatic\TelevisionFanatic\Cache\PopupProperties200821787.html
c:\programme\TelevisionFanatic\TelevisionFanatic\Cache\Radio.html
c:\programme\TelevisionFanatic\TelevisionFanatic\Cache\VideosAffinityBtn.html
c:\windows\EventSystem.log
c:\windows\system32\default_user_class.dat.LOG
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_TELEVISIONFANATICSERVICE
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-02-27 bis 2012-03-27  ))))))))))))))))))))))))))))))
.
.
2012-03-25 17:50 . 2012-03-25 17:50	--------	d-----w-	C:\_OTL
2012-03-25 16:48 . 2012-03-25 16:48	--------	d-----w-	c:\programme\ESET
2012-03-25 13:06 . 2012-03-25 13:06	--------	d-----w-	c:\dokumente und einstellungen\Sravan Kumar Puppala\Anwendungsdaten\Malwarebytes
2012-03-25 13:06 . 2012-03-25 13:06	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-03-25 13:06 . 2012-03-25 13:06	--------	d-----w-	c:\programme\Malwarebytes' Anti-Malware
2012-03-25 13:06 . 2011-12-10 13:24	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-03-24 14:04 . 2012-03-24 15:19	--------	d-----w-	c:\programme\GridinSoft Trojan Killer
2012-03-19 12:14 . 2012-03-19 12:14	--------	d-----w-	c:\dokumente und einstellungen\Sravan Kumar Puppala\Anwendungsdaten\webex
2012-03-01 14:01 . 2012-03-01 14:01	2432	----a-w-	c:\windows\system32\drivers\smrtdrv.sys
2012-03-01 14:01 . 2012-03-01 14:01	3584	----a-w-	c:\windows\system32\smrtexp.dll
2012-03-01 14:01 . 2012-03-01 14:01	11648	----a-w-	c:\windows\system32\smrtdrv.dll
2012-02-29 10:54 . 2012-02-29 10:54	--------	d-sh--w-	c:\dokumente und einstellungen\Sravan Kumar Puppala\IECompatCache
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-24 11:16 . 2012-01-03 18:14	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-26 07:13 . 2011-12-20 09:29	167936	----a-w-	c:\windows\system32\drivers\wpshelper.sys
2012-01-14 10:54 . 2012-01-14 10:54	57344	----a-r-	c:\dokumente und einstellungen\Sravan Kumar Puppala\Anwendungsdaten\Microsoft\Installer\{72E37E13-0FB8-4644-A8E8-F2900B9C7B67}\SeeAndShare.exe_72E37E130FB84644A8E8F2900B9C7B67.exe
2012-01-12 17:20 . 2009-08-14 15:10	1860096	----a-w-	c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-19 14:12	3072	------w-	c:\windows\system32\iacenc.dll
2012-01-04 14:28 . 2012-01-04 14:28	16128	----a-w-	c:\windows\system32\drivers\gtkdrv.sys
2010-10-11 01:29 . 2010-10-11 01:29	114688	----a-w-	c:\programme\ad_ff.dll
2009-07-12 05:24 . 2011-12-20 09:23	626688	----a-w-	c:\programme\Gemeinsame Dateien\sapconsaccess.dll
2009-07-12 05:24 . 2011-12-20 09:23	40960	----a-w-	c:\programme\Gemeinsame Dateien\DigitalSignature.ocx
2009-07-12 05:24 . 2011-12-20 09:23	3145728	----a-w-	c:\programme\Gemeinsame Dateien\sapxlhelper.dll
2009-07-12 05:24 . 2011-12-20 09:23	192512	----a-w-	c:\programme\Gemeinsame Dateien\sapconsr3.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\programme\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMART Mirror Driver Monitor Service"="c:\dokumente und einstellungen\Sravan Kumar Puppala\" [X]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2011-05-05 2262312]
"TpShocks"="TpShocks.exe" [2011-01-14 337256]
"IMSS"="c:\programme\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2011-01-17 112152]
"EZEJMNAP"="c:\progra~2\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-10-07 256576]
"LenovoAutoScrollUtility"="c:\programme\Lenovo\VIRTSCRL\virtscrl.exe" [2010-04-01 43960]
"AMSG"="c:\programme\ThinkVantage\AMSG\Amsg.exe" [2009-09-03 436800]
"PWRMGRTR"="c:\progra~2\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2011-05-10 759144]
"TPFNF7"="c:\programme\Lenovo\NPDIRECT\TPFNF7SP.exe" [2011-01-07 62312]
"LPManager"="c:\progra~2\THINKV~2\PrdCtr\LPMGR.exe" [2009-07-23 185688]
"LPMailChecker"="c:\progra~2\THINKV~2\PrdCtr\LPMLCHK.exe" [2009-07-23 124248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-04-17 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-04-17 13887080]
"NDPS"="c:\windows\system32\dpmw32.exe" [2004-05-17 32859]
"NWTRAY"="NWTRAY.EXE" [2002-03-12 28672]
"ZENRC Tray Icon"="c:\windows\system32\zentray.exe" [2005-05-18 40960]
"SAP_WUS_UNT"="c:\programme\SAP\SAPsetup\setup\Updater\NwSapSetupUserNotificationTool.exe" [2009-06-17 212992]
"ccApp"="c:\programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" [2010-01-25 115560]
"Application Explorer"="c:\programme\Novell\ZENworks\naldesk.exe" [2006-06-13 7168]
"NeroFilterCheck"="c:\programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
"ACTray"="c:\programme\ThinkPad\ConnectUtilities\ACTray.exe" [2011-04-14 431464]
"ACWLIcon"="c:\programme\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2011-04-14 189800]
"PDDM"="c:\programme\PatchLink\Update Agent\pddm.exe" [2009-07-28 401408]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"ControlCenter3"="c:\programme\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"BrStsMon00"="c:\programme\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Bluetooth.lnk - c:\programme\ThinkPad\Bluetooth Software\BTTray.exe [2010-12-9 636256]
Connected TaskBar Icon.LNK - c:\programme\Connected\CBSysTray.exe [2011-12-20 114688]
SnagIt 8.lnk - c:\programme\TechSmith\SnagIt 8\SnagIt32.exe [2006-5-10 5517312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{763370C4-268E-4308-A60C-D8DA0342BE32}"= "c:\programme\Novell\ZENworks\NalShell.dll" [2007-08-08 458752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LCredMgr]
2010-10-11 01:29	61440	----a-w-	c:\programme\Novell\CASA\bin\lcredmgr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NetIdentity Notification]
2007-01-10 11:52	24576	----a-w-	c:\windows\system32\novell\xtnotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2010-12-07 10:57	100176	----a-w-	c:\programme\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages	REG_MULTI_SZ   	msv1_0 nwv1_0
Notification Packages	REG_MULTI_SZ   	scecli c:\programme\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%WINDIR%\\system32\\dpmw32.exe"=
"%WINDIR%\\system32\\vpnstats.exe"=
"%WINDIR%\\system32\\ikeapp.exe"=
"c:\programme\Connected\AgentSrv.exe"= c:\programme\Connected\AgentSrv.exe:10.0.0.0/255.0.0.0,193.26.252.0/255.255.255.0:Enabled:Connected DataProtector
"c:\programme\Connected\COBackup.exe"= c:\programme\Connected\COBackup.exe:10.0.0.0/255.0.0.0,193.26.252.0/255.255.255.0:Enabled:Connected DataProtector
"c:\\WINDOWS\\system32\\dpmw32.exe"=
"c:\\WINDOWS\\system32\\ikeapp.exe"=
"c:\\WINDOWS\\system32\\vpnstats.exe"=
"c:\\Programme\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Programme\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Programme\\Gemeinsame Dateien\\Symantec Shared\\ccApp.exe"=
"c:\\Programme\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Programme\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3024:UDP"= 3024:UDP:Novell Bordermanager Proxy Services
"1761:TCP"= 1761:TCP:Novell ZENworks Services
"1761:UDP"= 1761:UDP:Novell ZENworks Services
"2967:TCP"= 2967:TCP:Symantec Client Security 1
"2967:UDP"= 2967:UDP:Symantec Client Security 2
"38293:UDP"= 38293:UDP:Symantec Client Security 3
"7461:TCP"= 7461:TCP:Novell Asset Management
.
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [20.12.2011 13:23 25968]
R0 stmtpm;STM TPM Service;c:\windows\system32\drivers\stm_tpm.sys [09.11.2011 10:10 21504]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [13.01.2011 10:32 20592]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [09.11.2011 10:17 13680]
R2 BlankScr;HBDevice;c:\windows\system32\drivers\blankscr.sys [23.05.2005 15:47 6899]
R2 DozeSvc;Lenovo Doze Mode Service;c:\programme\ThinkPad\Utilities\DOZESVC.EXE [20.12.2011 13:23 292200]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\programme\Intel\Services\IPT\jhi_service.exe [07.02.2011 12:45 210896]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\programme\Lenovo\Communications Utility\CamMute.exe [20.12.2011 13:25 40808]
R2 Lenovo.micmute;Lenovo Microphone Mute;c:\programme\Lenovo\HOTKEY\micmute.exe [09.11.2011 10:17 45496]
R2 NICICCS;NICICCS;c:\windows\system32\drivers\niciccs.sys [20.12.2011 18:07 456080]
R2 Novell Identity Store;Novell Identity Store;c:\programme\Novell\CASA\bin\micasad.exe [11.10.2010 03:29 245760]
R2 Novell ZENworks Agent Service;Novell ZENworks Agent Service;c:\programme\Novell\ZENworks\bin\ZenworksWindowsService.exe [01.04.2011 18:03 28672]
R2 NWSAPAutoWorkstationUpdateSvc;SAPSetup Automatic Workstation Update Service;c:\programme\SAP\SapSetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe [20.12.2011 11:22 253952]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\programme\ThinkPad\Utilities\PWMDBSVC.exe [20.12.2011 13:23 69632]
R2 PwmEWSvc;Cisco EnergyWise Enabler;c:\programme\ThinkPad\Utilities\PWMEWSVC.exe [20.12.2011 13:23 148840]
R2 Remote Management Agent;Novell ZENworks-Fernverwaltungsagent;c:\programme\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe [09.05.2006 11:59 167936]
R2 risdxc;risdxc;c:\windows\system32\drivers\risdxc86.sys [09.11.2011 10:10 75264]
R2 smihlp;SMI Helper Driver (smihlp);c:\programme\ThinkVantage Fingerprint Software\smihlp.sys [13.03.2009 10:17 12560]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\programme\Lenovo\HOTKEY\tphkload.exe [09.11.2011 10:17 99328]
R2 TPHKSVC;On Screen Display;c:\programme\Lenovo\HOTKEY\TPHKSVC.exe [09.11.2011 10:17 64440]
R2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;c:\programme\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [10.01.2012 14:03 150928]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [20.12.2011 13:22 2656280]
R2 WMCoreService;Mobile Broadband Service;c:\programme\Mobile Broadband drivers\WMCore\WMCore.exe servicemode --> c:\programme\Mobile Broadband drivers\WMCore\WMCore.exe servicemode [?]
R2 WNTHW;WNTHW;c:\windows\system32\drivers\WNTHW.SYS [20.12.2011 11:18 9176]
R2 XTAgent;Novell XTier Agent Services;c:\windows\system32\novell\xtagent.exe [10.01.2007 13:52 61440]
R3 BM;Novell Virtual Private Network Miniport;c:\windows\system32\drivers\vptunnel.sys [20.12.2011 18:05 217164]
R3 BrYNSvc;BrYNSvc;c:\programme\Browny02\BrYNSvc.exe [15.01.2012 21:55 245760]
R3 Darpan;Darpan;c:\windows\system32\drivers\Darpan.sys [23.05.2005 15:11 2773]
R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\drivers\e1c5132.sys [09.11.2011 10:02 174248]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [04.02.2012 22:54 106104]
R3 l36wgps; Mobile Broadband GPS Port;c:\windows\system32\drivers\l36wgps.sys [20.12.2011 12:36 87592]
R3 Mbm4bus;F5521gw Mobile Broadband Device (WDM);c:\windows\system32\drivers\Mbm4bus.sys [20.12.2011 12:36 122824]
R3 Mbm4mdfl; Mobile Broadband Data Modem Filter;c:\windows\system32\drivers\Mbm4mdfl.sys [20.12.2011 12:36 14920]
R3 Mbm4mdm; Mobile Broadband Data Modem Driver;c:\windows\system32\drivers\Mbm4mdm.sys [20.12.2011 12:36 138952]
R3 Mbm4mgmt; Mobile Broadband Device Management Driver (WDM);c:\windows\system32\drivers\Mbm4mgmt.sys [20.12.2011 12:36 132808]
R3 Mbm4NNd5;F5521gw Mobile Broadband Network Adapter (NDIS);c:\windows\system32\drivers\Mbm4NNd5.sys [20.12.2011 12:36 24904]
R3 Mbm4NUn;F5521gw Mobile Broadband Network Adapter (WDM);c:\windows\system32\drivers\Mbm4NUn.sys [20.12.2011 12:36 149960]
R3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECI.sys [09.11.2011 10:10 41088]
R3 NETwNx32;___ Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows XP 32-Bit;c:\windows\system32\drivers\NETwNx32.sys [09.11.2011 10:02 7391104]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [09.11.2011 10:03 119528]
R3 smrtdrv;SMART Technologies Inc. Mirror Driver;c:\windows\system32\drivers\smrtdrv.sys [01.03.2012 16:01 2432]
R3 Sony_EricssonWWSC;Ericsson F3507g Mobile Broadband Minicard PC SC Port;c:\windows\system32\drivers\lnvoscard.sys [20.12.2011 12:36 24232]
S2 SkypeUpdate;Skype Updater;c:\programme\Skype\Updater\Updater.exe [31.01.2012 16:09 158856]
S2 SMART Mirror Driver Monitor Service;SMART Mirror Driver Monitor Service;c:\dokumente und einstellungen\Sravan Kumar Puppala\Anwendungsdaten\TANDBERG\See&Share\monitorservice.exe [01.03.2012 16:01 135680]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [02.12.2009 17:02 23888]
S3 DMService;Microsoft Forefront UAG Endpoint Component Manager;c:\windows\DOWNLO~1\DMService.exe [10.01.2012 14:02 487312]
S3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;c:\windows\system32\drivers\gtkdrv.sys [04.01.2012 16:28 16128]
S3 ZENPreAgent;Novell ZENworks Pre Agent;c:\windows\novell\zenworks\bin\ZENPreAgent.exe [20.12.2011 11:17 196608]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - uphcleanhlp
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-27 c:\windows\Tasks\PMTask.job
- c:\progra~2\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2011-12-20 00:39]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://www.steria-mummert.de/intern/
mStart Page = https://www.steria-mummert.de/intern/
IE: Send to &Bluetooth Device... - c:\programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\programme\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Trusted Zone: hotmail.de
Trusted Zone: live.com\login
Trusted Zone: srv7vie07
Trusted Zone: steria.com\chgpwd.hq
TCP: DhcpNameServer = 192.168.178.1
DPF: {7114683A-020D-4D16-80FD-6ACE384B66DF} - hxxp://vsrv1gasx01:9080/gasx/activex/FPSPR70.ocx
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Notify-ACNotify - ACNotify.dll
SafeBoot-Symantec Antvirus
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-03-27 22:10
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*]
"7040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(776)
c:\windows\system32\NETWIN32.DLL
c:\programme\Novell\ZENworks\ZENPOL32.DLL
c:\windows\system32\xmlparse.dll
c:\windows\system32\msi.dll
c:\windows\system32\ZenMup.dll
c:\programme\ThinkPad\ConnectUtilities\ACNotify.dll
c:\programme\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\programme\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\programme\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
c:\programme\ThinkPad\ConnectUtilities\ACHelper.dll
c:\programme\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\programme\ThinkVantage Fingerprint Software\homefus2.dll
c:\programme\ThinkVantage Fingerprint Software\infql2.dll
c:\programme\ThinkVantage Fingerprint Software\homepass.dll
c:\programme\ThinkVantage Fingerprint Software\bio.dll
c:\programme\ThinkVantage Fingerprint Software\qlbase.dll
.
- - - - - - - > 'lsass.exe'(832)
c:\programme\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\programme\ThinkVantage Fingerprint Software\homefus2.dll
c:\programme\ThinkVantage Fingerprint Software\infql2.dll
.
- - - - - - - > 'Explorer.exe'(7112)
c:\windows\system32\btmmhook.dll
c:\programme\Novell\ZENworks\NLS\deutsch\NalUIRes.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\nvsvc32.exe
c:\programme\Intel\WiFi\bin\S24EvMon.exe
c:\programme\Symantec\Symantec Endpoint Protection\Smc.exe
c:\programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
c:\windows\System32\SCardSvr.exe
c:\programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\programme\ThinkPad\ConnectUtilities\AcSvc.exe
c:\progra~2\Lenovo\HOTKEY\tpnumlk.exe
c:\programme\Connected\AgentSrv.EXE
c:\windows\system32\CCM\CcmExec.exe
c:\programme\Intel\WiFi\bin\EvtEng.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe
c:\windows\system32\wbem\unsecapp.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Novell\ZENworks\bin\TSUsage32.exe
c:\programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\notes\nslsvice.exe
c:\programme\Novell\ZENworks\nalntsrv.exe
c:\programme\PatchLink\Update Agent\GravitixService.exe
c:\programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe
c:\programme\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\programme\UPHClean\uphclean.exe
c:\programme\Mobile Broadband drivers\WMCore\WMCore.exe
c:\programme\Novell\ZENworks\wm.exe
c:\programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\programme\Novell\ZENworks\WMRUNDLL.EXE
c:\windows\system32\rundll32.exe
c:\progra~2\Lenovo\Zoom\TPSCREX.EXE
c:\progra~2\Lenovo\HOTKEY\TPONSCR.EXE
c:\progra~2\Lenovo\HOTKEY\tpnumlkd.exe
c:\programme\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\windows\system32\TpShocks.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\NWTRAY.EXE
c:\programme\Synaptics\SynTP\SynTPLpr.exe
c:\programme\Brother\ControlCenter3\brccMCtl.exe
c:\progra~2\ThinkPad\UTILIT~1\SCHTASK.exe
c:\progra~2\ThinkPad\BLUETO~1\BTSTAC~1.EXE
c:\programme\TechSmith\SnagIt 8\TSCHelp.exe
c:\programme\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
c:\programme\Novell\ZENworks\NalAgent.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-27  22:12:39 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-03-27 20:12
.
Vor Suchlauf: 10 Verzeichnis(se), 19.232.137.216 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 19.290.296.320 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 3DA874CFE4AB57653DA79FFF4B179FFB

--- --- ---

cosinus · 27.03.2012, 21:24

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

sravy · 27.03.2012, 22:28

OSAM Log
[CODE]
OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 23:34:32 on 27.03.2012

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"PMTask.job" - ? - C:\PROGRA~2\ThinkPad\UTILIT~1\PWMIDTSK.EXE  (File found, but it contains no detailed information)

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"btcpl.cpl" - "Broadcom Corporation." - C:\WINDOWS\system32\btcpl.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"GravitixControlPanel.cpl" - "Novell, Inc." - C:\WINDOWS\system32\GravitixControlPanel.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"nCredps.cpl" - "Novell, Inc." - C:\WINDOWS\system32\nCredps.cpl
"PWMCPl.cpl" - "Lenovo Group Limited" - C:\WINDOWS\system32\PWMCPl.cpl
"sapfcpl.cpl" - "SAP AG, Walldorf" - C:\WINDOWS\system32\sapfcpl.cpl
"Startup.cpl" - ? - C:\WINDOWS\system32\Startup.cpl  (File found, but it contains no detailed information)
"TpShCPL.cpl" - "Lenovo." - C:\WINDOWS\system32\TpShCPL.cpl
"TweakUI.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\TweakUI.cpl
"wuaucpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\wuaucpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Nero BurnRights" - "Nero AG" - C:\Programme\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl
"ProtectorSuiteInfoPanel" - "UPEK Inc." - C:\Programme\ThinkVantage Fingerprint Software\infopnl.cpl
"SMSCFGRC" - "Microsoft Corporation" - C:\WINDOWS\system32\CCM\SMSCFGRC.cpl
"SMSPDM" - "Microsoft Corporation" - C:\WINDOWS\system32\CCM\SMSPDM.cpl
"SMSRAP" - "Microsoft Corporation" - C:\WINDOWS\system32\CCM\SMSRAP.cpl
"SMSRCCPL" - "Microsoft Corporation" - C:\WINDOWS\system32\CCM\clicomp\RemCtrl\smsrc.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ANC" (ANC) - "IBM Corp." - C:\WINDOWS\System32\drivers\ANC.SYS
"APS Digitizer Activity Monitor" (TPDIGIMN) - "Lenovo." - C:\WINDOWS\System32\DRIVERS\ApsHM86.sys
"aswMBR" (aswMBR) - ? - D:\Temp\aswMBR.sys  (Hidden registry entry, rootkit activity | File not found)
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"Darpan" (Darpan) - "Novell, Inc." - C:\WINDOWS\System32\DRIVERS\Darpan.sys
"DNS-Namespace-Service-Anbieter von Novell" (NWDNS) - "Novell, Inc." - C:\WINDOWS\System32\NetWare\nwdns.sys
"DozeHDD" (DozeHDD) - "Lenovo." - C:\WINDOWS\System32\DRIVERS\DozeHDD.sys
"EraserUtilRebootDrv" (EraserUtilRebootDrv) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
"fwddrfog" (fwddrfog) - ? - D:\Temp\fwddrfog.sys  (Hidden registry entry, rootkit activity | File not found)
"HBDevice" (BlankScr) - "Novell Inc." - C:\WINDOWS\system32\drivers\BlankScr.sys
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"IBMTPCHK" (IBMTPCHK) - ? - C:\WINDOWS\system32\Drivers\IBMBLDID.sys  (File found, but it contains no detailed information)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"mbr" (mbr) - ? - D:\Temp\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"Namespace-Service-Anbieter der Hostdatei von Novell" (NWHOST) - "Novell, Inc." - C:\WINDOWS\System32\NetWare\NWHOST.sys
"NAVENG" (NAVENG) - "Symantec Corporation" - C:\PROGRA~2\GEMEIN~1\SYMANT~1\VIRUSD~1\20120326.019\NAVENG.SYS
"NAVEX15" (NAVEX15) - "Symantec Corporation" - C:\PROGRA~2\GEMEIN~1\SYMANT~1\VIRUSD~1\20120326.019\NAVEX15.SYS
"NICICCS" (NICICCS) - ? - C:\WINDOWS\system32\drivers\NICICCS.sys  (File found, but it contains no detailed information)
"Novell Client für Windows" (NetwareWorkstation) - "Novell, Inc." - C:\WINDOWS\System32\NetWare\nwfs.sys
"Novell DHCP-Informations-Client" (NWDHCP) - "Novell, Inc." - C:\WINDOWS\System32\NetWare\nwdhcp.sys
"Novell InterService-Kommunikationstreiber" (NICM) - "Novell, Inc." - C:\WINDOWS\System32\drivers\nicm.sys
"Novell NetWare-IPX/SPX-Transport-Schnittstelle" (NWSIPX32) - "Novell, Inc." - C:\WINDOWS\System32\NetWare\nwsipx32.sys
"Novell NetWare-Ressourcen-Manager" (RESMGR) - "Novell, Inc." - C:\WINDOWS\System32\NetWare\resmgr.sys
"Novell SAP-Namespace-Anbieter" (NWSAP) - ? - C:\WINDOWS\System32\NetWare\NWSAP.sys  (File found, but it contains no detailed information)
"Novell Servicestandort" (SRVLOC) - "Novell, Inc." - C:\WINDOWS\System32\NetWare\srvloc.sys
"Novell Simple Naming Services (NWSNS)" (NWSNS) - "Novell, Inc." - C:\WINDOWS\System32\NetWare\NWSNS.sys
"Novell Virtual Private Network Miniport" (BM) - "Novell, Inc." - C:\WINDOWS\System32\DRIVERS\vptunnel.sys
"Novell-UNC-Pfadfilter" (NWFILTER) - "Novell, Inc." - C:\WINDOWS\System32\NetWare\nwfilter.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"Shockprf" (Shockprf) - "Lenovo." - C:\WINDOWS\System32\DRIVERS\Apsx86.sys
"SLP-Namespace-Service-Anbieter von Novell" (NWSLP) - "Novell, Inc." - C:\WINDOWS\System32\NetWare\nwslp.sys
"SMS Process Event Driver" (prepdrvr) - "Microsoft Corporation" - C:\WINDOWS\system32\CCM\prepdrv.sys
"SPBBCDrv" (SPBBCDrv) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys
"SRTSP" (SRTSP) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\SRTSP.SYS
"SRTSPL" (SRTSPL) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\SRTSPL.SYS
"SRTSPX" (SRTSPX) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\SRTSPX.SYS
"Symantec Eraser Control driver" (eeCtrl) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys
"SymEvent" (SymEvent) - "Symantec Corporation" - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
"TPPWRIF" (TPPWRIF) - "Lenovo Group Limited" - C:\WINDOWS\System32\drivers\Tppwrif.sys
"TSMAPIP" (TSMAPIP) - ? - C:\WINDOWS\System32\drivers\TSMAPIP.SYS  (File found, but it contains no detailed information)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
"WLAN-Transport" (s24trans) - "Intel Corporation" - C:\WINDOWS\System32\DRIVERS\s24trans.sys
"WNTHW" (WNTHW) - ? - C:\WINDOWS\system32\DRIVERS\WNTHW.SYS  (File found, but it contains no detailed information)
"WPS" (WPS) - "Symantec Corporation" - C:\WINDOWS\system32\drivers\wpsdrvnt.sys
"WpsHelper" (WpsHelper) - "Symantec Corporation" - C:\WINDOWS\system32\drivers\WpsHelper.sys

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{0BC1E559-9D68-4E99-AFD9-98D27DAB971D} "ColHandler" - "JAM Software" - C:\PROGRA~2\JAMSOF~1\TREESI~1\FSizeCol.dll
{7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroDigitalExt.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~2\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\GEMEIN~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520} "QVPPlugProt Class" - "QlikTech AB" - C:\Programme\QlikView\QvProtocol\qvp.dll
{D1F8BD1E-7967-11D2-B43A-006094B9EADB} "SAP HTML Pluggable Protocol" - "SAP AG, Walldorf" - c:\programme\sap\frontend\sapgui\saphtmlp.dll
{D1F8BD1E-7967-11D2-B43A-006094B9EADB} "SAP HTML Pluggable Protocol" - "SAP AG, Walldorf" - c:\programme\sap\frontend\sapgui\saphtmlp.dll
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{763370C4-268E-4308-A60C-D8DA0342BE32} "{763370C4-268E-4308-A60C-D8DA0342BE32}" - "Novell, Inc" - C:\Programme\Novell\ZENworks\NalShell.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{5F327514-6C5E-4d60-8F16-D07FA08A78ED} "Auto Update Property Sheet Extension" - "Microsoft Corporation" - C:\WINDOWS\system32\wuaucpl.cpl
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -   (File not found | COM-object registry key not found)
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~2\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~2\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\WINDOWS\system32\btncopy.dll
{6af09ec9-b429-11d4-a1fb-0090960218cb} "My Bluetooth Places" - "Broadcom Corporation." - C:\WINDOWS\system32\BTNEIG~1.DLL
{04c23aa0-3d34-11d2-b788-008029605ac7} "NDPS Shell Extension" - "Novell, Inc." - C:\WINDOWS\system32\ndpsprop.dll
{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroDigitalExt.dll
{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroDigitalExt.dll
{AF8DE18D-9065-4102-BC40-EB294A95BB07} "Novell-Verbindungen" - ? - C:\WINDOWS\system32\nwshlxnt.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{C612F052-C85C-4156-B974-87947FAA7569} "SMS ARP Publisher" - "Microsoft Corporation" - C:\WINDOWS\system32\CCM\SMSARPPub.dll
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} "SnagIt" - "TechSmith Corporation" - C:\Programme\TechSmith\SnagIt 8\SnagItIEAddin.dll
{CF74B903-3389-469c-B3B6-0204D204FCBD} "SnagItShellExt Class" - "TechSmith Corporation" - C:\Programme\TechSmith\SnagIt 8\SnagItShellExt.dll
{8BEEE74D-455E-4616-A97A-F6E86C317F32} "VpshellEx Class" - "Symantec Corporation" - C:\Programme\Symantec\Symantec Endpoint Protection\vpshell2.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~2\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{983A9C21-8207-4B58-BBB8-0EBC3D7C5505} "Domino Web Access 8 Control" - "IBM Corporation" - C:\WINDOWS\DOWNLO~1\dwa8W.dll / https://domino.koeln.steria-mummert.de/dwa8W.cab
{7114683A-020D-4D16-80FD-6ACE384B66DF} "FarPoint Spread 7.0 (OLEDB)" - "FarPoint Technologies, Inc." - C:\WINDOWS\DOWNLO~1\FPSPR70.ocx / hxxp://vsrv1gasx01:9080/gasx/activex/FPSPR70.ocx
{8D9563A9-8D5F-459B-87F2-BA842255CB9A} "Forefront UAG client components" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\WhlMgr.dll / https://external.econgas.com/InternalSite/WhlCompMgr.cab
{E06E2E99-0AA1-11D4-ABA6-0060082AA75C} "GpcContainer Class" - "Cisco WebEx LLC" - C:\WINDOWS\Downloaded Program Files\ieatgpc.dll / https://qliktech.webex.com/client/T27LD/nbr/ieatgpc.cab
{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} "Java Plug-in 1.4.2_05" - "JavaSoft / Sun Microsystems, Inc." - C:\Programme\Java\j2re1.4.2_05\bin\npjpi142_05.dll / hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~2\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash11e.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@btrez.dll,-4015" - ? - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} "ClsidExtension" - ? -   (File not found | COM-object registry key not found)
{4B5F7606-8666-4D5A-9780-DB92A9D8812B} "Novell delivered applications" - "Novell, Inc" - C:\Programme\Novell\ZENworks\AxNalServer.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} "SnagIt" - "TechSmith Corporation" - C:\Programme\TechSmith\SnagIt 8\SnagItIEAddin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{00C6482D-C502-44C8-8409-FCE54AD9C208} "HelperObject Class" - "TechSmith Corporation" - C:\Programme\TechSmith\SnagIt 8\SnagItBHO.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -   (File not found | COM-object registry key not found)

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Authentication packages" - "Microsoft Corporation" - C:\WINDOWS\system32\msv1_0.dll
"Authentication packages" - "Novell, Inc." - C:\WINDOWS\system32\nwv1_0.dll
"Notification packages" - "UPEK Inc." - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll
"Security Packages" - "Microsoft Corporation" - C:\WINDOWS\system32\msv1_0.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"Connected TaskBar Icon.LNK" - "Connected Corporation" - C:\Programme\Connected\CBSysTray.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"SnagIt 8.lnk" - "TechSmith Corporation" - C:\Programme\TechSmith\SnagIt 8\SnagIt32.exe  (Shortcut exists | File exists)
"Bluetooth.lnk" - "Broadcom Corporation." - C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe  (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Skype" - "Skype Technologies S.A." - "C:\Programme\Skype\Phone\Skype.exe" /minimized /regrun
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"ACTray" - "Lenovo " - C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe
"ACWLIcon" - "Lenovo " - C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"AMSG" - "LENOVO" - C:\Programme\ThinkVantage\AMSG\Amsg.exe /startup
"Application Explorer" - "Novell, Inc." - C:\Programme\Novell\ZENworks\naldesk.exe /ns
"BrStsMon00" - "Brother Industries, Ltd." - C:\Programme\Browny02\Brother\BrStMonW.exe /AUTORUN
"ccApp" - "Symantec Corporation" - "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
"ControlCenter3" - "Brother Industries, Ltd." - C:\Programme\Brother\ControlCenter3\brctrcen.exe /autorun
"EZEJMNAP" - "Lenovo Group Ltd." - C:\PROGRA~2\ThinkPad\UTILIT~1\EzEjMnAp.Exe
"IMSS" - "Intel Corporation" - "C:\Programme\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
"LenovoAutoScrollUtility" - "Lenovo Group Limited" - C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe
"LPMailChecker" - "Lenovo Group Limited" - C:\PROGRA~2\THINKV~2\PrdCtr\LPMLCHK.exe
"LPManager" - "Lenovo Group Limited" - C:\PROGRA~2\THINKV~2\PrdCtr\LPMGR.exe
"NDPS" - "Novell, Inc." - C:\WINDOWS\system32\dpmw32.exe
"NeroFilterCheck" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe
"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"NvMediaCenter" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"NWTRAY" - "Novell, Inc." - NWTRAY.EXE
"PDDM" - "Novell, Inc." - C:\Programme\PatchLink\Update Agent\pddm.exe
"PWRMGRTR" - "Lenovo Group Limited" - rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
"SAP_WUS_UNT" - "SAP AG" - "C:\Programme\SAP\SAPsetup\setup\Updater\NwSapSetupUserNotificationTool.exe"
"SMART Mirror Driver Monitor Service" - ? - "C:\Dokumente und Einstellungen\Sravan Kumar Puppala\  (File not found)
"TPFNF7" - "Lenovo Group Limited" - C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe /r
"TpShocks" - "Lenovo." - TpShocks.exe
"ZENRC Tray Icon" - "Novell, Inc." - C:\WINDOWS\system32\zentray.exe

[Network Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----
"LoginCapture Credential Provider" - ? - C:\Programme\Novell\CASA\bin\lcredmgr.dll  (File found, but it contains no detailed information)
"Lotus Notes Single Logon" - "Lotus Development" - C:\Notes\npnotes.dll
"NetWare Services" - "Novell, Inc." - C:\WINDOWS\system32\NOVNPNT.DLL
"Novell NetIdentity Credential Provider" - "Novell, Inc." - C:\WINDOWS\system32\Novell\NCredMgr.dll
"Symantec SNAC Network Provider" - "Symantec Corporation" - C:\Programme\Symantec\Symantec Endpoint Protection\SnacNp.dll

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Bluetooth Printer Port" - "Broadcom Corporation." - C:\WINDOWS\system32\bthcrp.dll
"Umgeleiteter Anschluß" - ? - C:\WINDOWS\system32\redmonnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Ac Profile Manager Service" (AcPrfMgrSvc) - "Lenovo " - C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
"Access Connections Main Service" (AcSvc) - "Lenovo " - C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
"Arbeitsstations-Manager" (ZFDWM) - "Novell, Inc." - C:\Programme\Novell\ZENworks\wm.exe
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
"BrYNSvc" (BrYNSvc) - "Brother Industries, Ltd." - C:\Programme\Browny02\BrYNSvc.exe
"Cisco EnergyWise Enabler" (PwmEWSvc) - "Lenovo Group Limited" - C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe
"Client Update Service for Novell" (cusrvc) - "Novell, Inc." - C:\WINDOWS\system32\cusrvc.exe
"Connected Agent Service" (AgentSrv) - "Connected Corporation" - C:\Programme\Connected\AgentSrv.EXE
"Intel(R) Identity Protection Technology Host Interface Service" (jhi_service) - "Intel Corporation" - C:\Programme\Intel\Services\IPT\jhi_service.exe
"Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
"Intel(R) Management and Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
"Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Programme\Intel\WiFi\bin\EvtEng.exe
"Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe
"Intel(R) PROSet/Wireless WiFi Service" (S24EventMonitor) - "Intel(R) Corporation" - C:\Programme\Intel\WiFi\bin\S24EvMon.exe
"IviRegMgr" (IviRegMgr) - "InterVideo" - C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"Lenovo Camera Mute" (LENOVO.CAMMUTE) - "Lenovo Group Limited" - C:\Programme\Lenovo\Communications Utility\CAMMUTE.exe
"Lenovo Doze Mode Service" (DozeSvc) - "Lenovo." - C:\Programme\ThinkPad\Utilities\DOZESVC.EXE
"Lenovo Hotkey Client Loader" (TPHKLOAD) - "Lenovo Group Limited" - C:\Programme\LENOVO\HOTKEY\TPHKLOAD.exe
"Lenovo Microphone Mute" (Lenovo.micmute) - "Lenovo Group Limited" - C:\Programme\LENOVO\HOTKEY\MICMUTE.exe
"LiveUpdate" (LiveUpdate) - "Symantec Corporation" - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
"Lotus Notes - Gemeinsame Anmeldung" (Lotus Notes Single Logon) - "IBM Corp" - C:\Notes\nslsvice.exe
"Microsoft Forefront UAG Endpoint Component Manager" (DMService) - "Microsoft Corporation" - C:\WINDOWS\DOWNLO~1\DMService.exe
"Microsoft Forefront UAG Quarantine Enforcement Client" (uagqecsvc) - "Microsoft Corporation" - C:\Programme\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
"Mobile Broadband Service" (WMCoreService) - "Ericsson AB" - C:\Programme\Mobile Broadband drivers\WMCore\WMCore.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
"Novell Application Launcher" (NALNTSERVICE) - "Novell, Inc." - C:\Programme\Novell\ZENworks\nalntsrv.exe
"Novell Identity Store" (Novell Identity Store) - "Novell, Inc" - C:\Programme\Novell\CASA\bin\micasad.exe
"Novell XTier Agent Services" (XTAgent) - "Novell, Inc." - C:\WINDOWS\System32\Novell\XTAgent.exe
"Novell ZENworks Agent Service" (Novell ZENworks Agent Service) - "Novell, Inc." - C:\Programme\Novell\ZENworks\bin\ZenworksWindowsService.exe
"Novell ZENworks Pre Agent" (ZENPreAgent) - ? - C:\WINDOWS\novell\zenworks\bin\ZENPreAgent.exe  (File found, but it contains no detailed information)
"Novell ZENworks-Fernverwaltungsagent" (Remote Management Agent) - "Novell, Inc." - C:\Programme\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"On Screen Display" (TPHKSVC) - "Lenovo Group Limited" - C:\Programme\LENOVO\HOTKEY\TPHKSVC.exe
"Power Manager DBC Service" (Power Manager DBC Service) - ? - C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe
"SAPSetup Automatic Workstation Update Service" (NWSAPAutoWorkstationUpdateSvc) - "SAP AG" - C:\Programme\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Programme\Skype\Updater\Updater.exe
"SMART Mirror Driver Monitor Service" (SMART Mirror Driver Monitor Service) - "SMART Technologies" - C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\TANDBERG\See&Share\monitorservice.exe
"SMS-Agent-Host" (CcmExec) - "Microsoft Corporation" - C:\WINDOWS\system32\CCM\CcmExec.exe
"SMS-Tasksequenz-Agent" (smstsmgr) - "Microsoft Corporation" - C:\WINDOWS\system32\CCM\TSManager.exe
"Symantec Endpoint Protection" (Symantec AntiVirus) - "Symantec Corporation" - C:\Programme\Symantec\Symantec Endpoint Protection\Rtvscan.exe
"Symantec Event Manager" (ccEvtMgr) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
"Symantec Management Client" (SmcService) - "Symantec Corporation" - C:\Programme\Symantec\Symantec Endpoint Protection\Smc.exe
"Symantec Settings Manager" (ccSetMgr) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
"ThinkPad HDD APS Logging Service" (TPHDEXLGSVC) - "Lenovo." - C:\WINDOWS\System32\TPHDEXLG.exe
"User Profile Hive Cleanup" (UPHClean) - "Microsoft Corporation" - C:\Programme\UPHClean\uphclean.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
"ZENworks Patch Management Update" (PatchLink Update) - "Novell, Inc." - C:\Programme\PatchLink\Update Agent\GravitixService.exe

[Winlogon]
-----( HKCU\Control Panel\Desktop )-----
"SCRNSAVE.EXE" - "                                                                                                                                                                                                                                                              " - C:\WINDOWS\system32\SMC_SC~1.SCR
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----
"GinaDLL" - "Novell, Inc." - C:\WINDOWS\system32\NWGINA.DLL
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"LCredMgr" - ? - C:\Programme\Novell\CASA\bin\lcredmgr.dll  (File found, but it contains no detailed information)
"NetIdentity Notification" - "Novell, Inc." - C:\WINDOWS\system32\Novell\XtNotify.dll
"psfus" - "UPEK Inc." - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"Novell Directory Services Name Provider" - "Novell, Inc." - C:\WINDOWS\system32\netware\NWWS2NDS.DLL
"Novell IPX/SPX SAP Name Provider" - "Novell, Inc." - C:\WINDOWS\system32\netware\NWWS2SAP.DLL
"Novell SLP Provider" - "Novell, Inc." - C:\WINDOWS\system32\netware\NWWS2SLP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===

AswMBR log

Code:

ATTFilter

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-27 23:41:44
-----------------------------
23:41:44.000    OS Version: Windows 5.1.2600 Service Pack 3
23:41:44.000    Number of processors: 4 586 0x2A07
23:41:44.000    ComputerName: MC00019325  UserName: 
23:41:44.359    Initialize success
23:51:10.812    AVAST engine defs: 12032701
23:51:14.609    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:51:14.609    Disk 0 Vendor: ST950042 0003 Size: 476940MB BusType: 3
23:51:14.796    Disk 0 MBR read successfully
23:51:14.796    Disk 0 MBR scan
23:51:14.828    Disk 0 Windows XP default MBR code
23:51:14.859    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        40960 MB offset 2048
23:51:14.906    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       435465 MB offset 83888128
23:51:14.953    Disk 0 Partition 3 00     0C    FAT32 LBA MSDOS5.0      513 MB offset 975720448
23:51:14.984    Disk 0 scanning sectors +976771072
23:51:15.187    Disk 0 scanning C:\WINDOWS\system32\drivers
23:51:38.046    Service scanning
23:51:57.250    Service SysPlant C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys **LOCKED** 32
23:51:57.640    Service Teefer2 C:\WINDOWS\system32\DRIVERS\teefer2.sys **LOCKED** 32
23:52:00.000    Service WPS C:\WINDOWS\system32\drivers\wpsdrvnt.sys **LOCKED** 32
23:52:00.062    Service WpsHelper C:\WINDOWS\system32\drivers\WpsHelper.sys **LOCKED** 32
23:52:01.250    Modules scanning
23:52:25.453    Disk 0 trace - called modules:
23:52:25.500    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys 
23:52:25.500    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a829030]
23:52:25.500    3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\0000008c[0x8a845908]
23:52:25.500    5 ACPI.sys[b7f7e620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8a83e028]
23:52:26.031    AVAST engine scan C:\WINDOWS
23:52:48.640    AVAST engine scan C:\WINDOWS\system32
23:57:59.953    AVAST engine scan C:\WINDOWS\system32\drivers
23:58:26.250    AVAST engine scan C:\Dokumente und Einstellungen\Sravan Kumar Puppala
00:00:18.546    AVAST engine scan C:\Dokumente und Einstellungen\All Users
00:02:20.984    Scan finished successfully
00:02:32.562    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Desktop\MBR.dat"
00:02:32.562    The log file has been saved successfully to "C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Desktop\aswMBR.txt"

Alles funktioniert aber ich wollte nur sicher sein dass der Virus weg ist.
Eine Rückmeldung wäre gut.
Danke nochmal

cosinus · 28.03.2012, 10:42

Was ist mit GMER?

sravy · 28.03.2012, 20:59

GMER stürzt häufiger ab
ich habe mehrmals versucht aber es stürzt zwischendurch und ist nie eine ende.

cosinus · 29.03.2012, 12:14

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

28.03.2012, 10:42	#13
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows aus Sicherheitsgründen blockiert Was ist mit GMER? __________________ Logfiles bitte immer in CODE-Tags posten

29.03.2012, 12:14	#15
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows aus Sicherheitsgründen blockiert Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ Logfiles bitte immer in CODE-Tags posten

Windows aus Sicherheitsgründen blockiert

Log-Analyse und Auswertung: Windows aus Sicherheitsgründen blockiert