| |
| |||||||
Log-Analyse und Auswertung: TR/PSW.Zbot.133169.Y alle 11 Minuten Antivir und temp DateienWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
29.06.2010, 08:26
| #76 |
 |  TR/PSW.Zbot.133169.Y alle 11 Minuten Antivir und temp Dateien Habe jetzt noch mal nur den Ordner C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail gescannt - nach indexierung und Komprierung von Thunderbird. Protokoll: -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Tuesday, June 29, 2010 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Tuesday, June 29, 2010 01:30:19 Records in database: 4270347 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - Folder: C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail Scan statistics: Objects scanned: 172 Threats found: 5 Infected objects found: 8 Suspicious objects found: 2 Scan duration: 00:20:05 File name / Threat / Threats count C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.hebux.de\Inbox Infected: Worm.Win32.AutoRun.svl 3 C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.hebux.de\Inbox Suspicious: Trojan-Spy.HTML.Fraud.gen 2 C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato-1.de\Inbox Infected: Backdoor.Win32.Bredolab.bmc 1 C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato-1.de\Inbox Infected: Backdoor.Win32.Bredolab.bmq 1 C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato-1.de\Inbox Infected: Packed.Win32.Krap.x 3 Selected area has been scanned. |
|
29.06.2010, 11:00
| #77 |
| | TR/PSW.Zbot.133169.Y alle 11 Minuten Antivir und temp Dateien Hab mir Thunderbird nochmal angesehen und nun ist es sauber. Hier das Scan Protokoll des Mailordners:
__________________-------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Tuesday, June 29, 2010 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Tuesday, June 29, 2010 01:30:19 Records in database: 4270347 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - Folder: C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail Scan statistics: Objects scanned: 172 Threats found: 0 Infected objects found: 0 Suspicious objects found: 0 Scan duration: 00:17:11 No threats found. Scanned area is clean. Selected area has been scanned. |
|
29.06.2010, 11:51
| #78 |
| | TR/PSW.Zbot.133169.Y alle 11 Minuten Antivir und temp Dateien Hallo Daniel,
__________________soll ich noch was durchlaufen lassen, oder sieht es soweit alles wieder gut aus? |
|
29.06.2010, 12:18
| #79 |
| /// Selecta Jahrusso   | TR/PSW.Zbot.133169.Y alle 11 Minuten Antivir und temp Dateien Hy,das mit der GraKa ist bei mir auch und machte mir früher auch mal sorgen  Ist aber normal. Entfernen wir noch schnell ein paar kleinigkeiten
Code:
ATTFilter :OTL
[2010.06.27 19:33:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\rundll16.exe
[2010.06.27 19:33:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\logo1_.exe
[2010.06.27 19:29:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\VDLL.DLL
[2010.06.27 19:29:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\runouce.exe
[2010.06.27 19:29:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\RUNDL132.EXE
[2010.06.27 19:29:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\logo_1.exe
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O3 - HKLM\..\Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.
O2 - BHO: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.
:services
:files
:reg
:Commands
[purity]
[emptytemp]
[reboot]
Schritt 2 Deinstalliere bitte deine aktuelle Version von Adobe Reader Start--> Systemsteuerung--> Software--> Adobe Reader und lade dir die neue Version von Hier herunter Als alternative würde ich dir den schlankeren Foxit Reader empfehlen Schritt 3 Zum letzen mal  Starte bitte OTL.exe. Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
29.06.2010, 12:35
| #80 |
| | TR/PSW.Zbot.133169.Y alle 11 Minuten Antivir und temp Dateien Hier schon einmal das erste OTL: All processes killed ========== OTL ========== C:\WINDOWS\rundll16.exe folder moved successfully. C:\WINDOWS\logo1_.exe folder moved successfully. C:\WINDOWS\VDLL.DLL folder moved successfully. C:\WINDOWS\System32\runouce.exe folder moved successfully. C:\WINDOWS\RUNDL132.EXE folder moved successfully. C:\WINDOWS\logo_1.exe folder moved successfully. Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0124123D-61B4-456f-AF86-78C53A0790C5} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0124123D-61B4-456f-AF86-78C53A0790C5}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0124123D-61B4-456f-AF86-78C53A0790C5}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0124123D-61B4-456f-AF86-78C53A0790C5}\ not found. ========== SERVICES/DRIVERS ========== ========== FILES ========== ========== REGISTRY ========== ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes ->Flash cache emptied: 596 bytes User: Norman ->Temp folder emptied: 109272515 bytes ->Temporary Internet Files folder emptied: 147456 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 36796010 bytes ->Flash cache emptied: 612 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 356 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 140,00 mb OTL by OldTimer - Version 3.2.7.0 log created on 06292010_132611 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
|
29.06.2010, 12:46
| #81 |
| | TR/PSW.Zbot.133169.Y alle 11 Minuten Antivir und temp Dateien Beim Versuch den Acrobat Reader 9 zu entfernen erhalte ich folgende Meldung: "Beim Versuch, die Datei C:\Windows\Installer\AcroRead.msi zu lesen, ist ein Netzwerkfehler aufgetreten" Soll ich es mal im abgesicherten Modus probieren? |
|
29.06.2010, 12:54
| #82 |
| /// Selecta Jahrusso | TR/PSW.Zbot.133169.Y alle 11 Minuten Antivir und temp Dateien Starte einmal Adobe Reader --> Help --> Check for updates
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
29.06.2010, 13:56
| #83 |
| | TR/PSW.Zbot.133169.Y alle 11 Minuten Antivir und temp Dateien Das hat so einfach nicht funktioniert. Habe dann 9.3 aufgespielt. 9.0 deinstalliert, ging dann. 9.3 deinstalliert. CCleaner gereinigt Neustart Manuell Ordner gelöscht bis auf die Dateien Identity-H und -V, die konnte ich nicht löschen. 9.3 neu installiert. Neustart |
|
29.06.2010, 13:57
| #84 |
| | TR/PSW.Zbot.133169.Y alle 11 Minuten Antivir und temp Dateien Protokoll OTL: OTL: OTL logfile created on: 29.06.2010 14:49:50 - Run 8 OTL by OldTimer - Version 3.2.7.0 Folder = C:\Dokumente und Einstellungen\Norman\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 76,00% Memory free 4,00 Gb Paging File | 4,00 Gb Available in Paging File | 86,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 70,17 Gb Total Space | 30,52 Gb Free Space | 43,49% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 111,79 Gb Total Space | 65,62 Gb Free Space | 58,70% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: TEST Current User Name: Norman Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010.06.27 18:38:48 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Norman\Desktop\OTL.exe PRC - [2010.04.03 16:44:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- E:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe PRC - [2010.02.18 11:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2010.01.18 15:41:50 | 000,063,928 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe PRC - [2009.12.21 18:49:44 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe PRC - [2009.11.24 13:51:18 | 000,176,056 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe PRC - [2009.11.18 14:04:18 | 000,038,248 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\ibmpmsvc.exe PRC - [2009.10.01 16:14:30 | 000,144,752 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2009.06.12 10:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Programme\Lenovo\System Update\SUService.exe PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2009.04.16 13:41:28 | 000,053,248 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe PRC - [2009.04.14 19:51:38 | 000,015,136 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\tpfnf6r.exe PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2009.02.02 20:16:48 | 000,181,536 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TpShocks.exe PRC - [2009.01.29 03:10:00 | 000,185,688 | ---- | M] (Lenovo Group Limited) -- C:\Programme\ThinkVantage\PrdCtr\LPMGR.EXE PRC - [2009.01.29 03:10:00 | 000,124,248 | ---- | M] (Lenovo Group Limited) -- C:\Programme\ThinkVantage\PrdCtr\LPMLCHK.EXE PRC - [2009.01.28 17:59:12 | 000,039,976 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe PRC - [2008.10.27 11:03:52 | 000,090,112 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe PRC - [2008.10.27 11:03:32 | 000,135,168 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe PRC - [2008.10.27 11:02:30 | 000,217,088 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe PRC - [2008.10.27 10:56:38 | 000,143,360 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe PRC - [2008.07.04 00:17:00 | 000,118,784 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe PRC - [2008.06.05 02:36:00 | 000,242,976 | ---- | M] (Lenovo Group Ltd.) -- C:\Programme\ThinkPad\Utilities\EZEJMNAP.EXE PRC - [2008.04.14 04:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008.03.26 03:06:00 | 000,059,680 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\NPDIRECT\tpfnf7sp.exe PRC - [2008.03.04 10:34:20 | 000,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe PRC - [2008.03.04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe PRC - [2007.11.26 16:58:10 | 000,576,104 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe PRC - [2007.11.26 16:58:08 | 000,264,800 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe PRC - [2007.09.26 18:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe PRC - [2007.09.06 13:28:18 | 000,110,592 | ---- | M] (Apple, Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2007.02.02 03:00:02 | 000,419,376 | ---- | M] (LENOVO) -- C:\Programme\ThinkVantage\AMSG\Amsg.exe PRC - [2006.08.16 19:07:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE PRC - [2006.08.16 19:07:00 | 000,069,632 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\AwayTask\AwaySch.EXE PRC - [2006.07.14 18:13:14 | 002,341,632 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Client Security Solution\cssauth.exe PRC - [2006.07.14 18:01:00 | 001,974,272 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe PRC - [2006.07.14 17:42:22 | 000,723,712 | ---- | M] (IBM) -- C:\Programme\Lenovo\Client Security Solution\tvttcsd.exe PRC - [2006.07.14 17:36:00 | 000,022,016 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Lenovo\Logger\logmon.exe PRC - [2006.07.14 15:52:48 | 000,045,056 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe PRC - [2006.05.23 21:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe PRC - [2006.05.18 16:24:06 | 000,196,696 | ---- | M] (Diskeeper Corporation) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe PRC - [2006.03.16 01:07:06 | 000,421,888 | ---- | M] (Google Inc.) -- C:\Programme\Picasa2\PicasaMediaDetector.exe PRC - [2006.03.13 16:38:56 | 000,041,472 | R--- | M] (Utimaco Safeware AG) -- C:\Programme\Lenovo\SafeGuard PrivateDisk\pdservice.exe PRC - [2006.02.02 05:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE PRC - [2005.06.06 21:26:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe PRC - [2005.05.20 02:11:06 | 000,925,696 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\Core\smax4pnp.exe PRC - [2004.07.27 16:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Programme\Gemeinsame Dateien\Installshield\UpdateService\issch.exe PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe PRC - [2003.04.06 01:06:58 | 000,028,672 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe PRC - [2003.04.06 00:55:04 | 000,311,296 | ---- | M] (Hewlett-Packard Co.) -- C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe PRC - [2003.04.06 00:45:10 | 000,286,720 | ---- | M] (Hewlett-Packard Co.) -- C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe PRC - [2003.04.06 00:37:38 | 000,147,456 | ---- | M] (Hewlett-Packard Co.) -- C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposol08.exe ========== Modules (SafeList) ========== MOD - [2010.06.27 18:38:48 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Norman\Desktop\OTL.exe MOD - [2008.04.14 04:21:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx MOD - [2007.11.26 16:55:46 | 000,073,728 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll MOD - [2006.08.16 19:07:00 | 000,086,016 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\PROCHLP.DLL ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (XAMPP) SRV - [2010.01.18 15:41:50 | 000,063,928 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC) SRV - [2009.11.18 14:04:18 | 000,038,248 | ---- | M] (Lenovo.) [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC) SRV - [2009.11.17 18:06:02 | 000,044,984 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE) SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.06.12 10:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Programme\Lenovo\System Update\SUService.exe -- (SUService) SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.04.16 13:41:28 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service) SRV - [2009.01.28 17:59:12 | 000,039,976 | ---- | M] (Lenovo.) [Auto | Running] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC) SRV - [2009.01.02 20:51:22 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008.11.11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008.11.04 11:48:10 | 000,288,112 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4) SRV - [2008.10.27 11:03:52 | 000,090,112 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc) SRV - [2008.10.27 11:02:30 | 000,217,088 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc) SRV - [2008.04.14 04:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC) SRV - [2008.04.14 04:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP) SRV - [2008.04.14 04:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN) SRV - [2008.03.04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler) SRV - [2007.11.26 16:58:08 | 000,264,800 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins) SRV - [2007.09.26 18:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service) SRV - [2007.09.07 19:07:22 | 000,023,552 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psasrv.exe -- (PsaSrv) SRV - [2007.09.06 13:28:18 | 000,110,592 | ---- | M] (Apple, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2006.08.16 19:07:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC) SRV - [2006.07.14 18:01:00 | 001,974,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service) SRV - [2006.07.14 17:42:22 | 000,723,712 | ---- | M] (IBM) [Auto | Running] -- C:\Programme\Lenovo\Client Security Solution\tvttcsd.exe -- (TSSCoreService) SRV - [2006.07.14 15:52:48 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk) SRV - [2006.05.23 21:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper) SRV - [2005.10.06 18:13:10 | 000,856,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS) SRV - [2005.06.06 21:26:22 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC) SRV - [2004.10.22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM) SRV - [2003.03.09 22:31:02 | 000,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) ========== Driver Services (SafeList) ========== DRV - [2010.06.28 17:30:18 | 000,040,448 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm) DRV - [2010.06.27 00:00:00 | 000,005,427 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\EGATHDRV.SYS -- (EGATHDRV) DRV - [2010.06.09 11:26:50 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2010.04.27 04:25:20 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscemdm.sys -- (sscemdm) DRV - [2010.04.27 04:25:20 | 000,100,352 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssceserd.sys -- (ssceserd) SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM) DRV - [2010.04.27 04:25:20 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscebus.sys -- (sscebus) SAMSUNG USB Composite Device V2 driver (WDM) DRV - [2010.04.27 04:25:20 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscemdfl.sys -- (sscemdfl) DRV - [2009.12.11 10:17:48 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.11.18 14:03:36 | 000,026,608 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV) DRV - [2009.07.12 09:40:48 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd) DRV - [2009.06.18 01:59:58 | 000,234,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R) DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009.02.11 17:11:50 | 000,329,752 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor) DRV - [2009.01.28 17:58:46 | 000,117,800 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf) DRV - [2009.01.28 17:57:12 | 000,020,520 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN) DRV - [2009.01.03 12:12:57 | 000,073,312 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\adfs.sys -- (adfs) DRV - [2009.01.02 15:31:46 | 000,043,672 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K) DRV - [2008.12.09 00:53:58 | 000,050,832 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb) DRV - [2008.11.11 01:52:08 | 003,301,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2008.10.24 14:33:00 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC) DRV - [2008.10.24 14:33:00 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK) DRV - [2008.07.03 23:53:00 | 000,225,664 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP) DRV - [2008.05.12 22:14:14 | 000,017,844 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPHKDRV.sys -- (TPHKDRV) DRV - [2008.05.12 18:04:02 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\smiif32.sys -- (lenovo.smi) DRV - [2008.04.13 20:54:36 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA) DRV - [2008.04.13 20:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp) DRV - [2008.04.13 20:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp) DRV - [2008.04.13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2008.03.26 03:06:00 | 000,004,608 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP) DRV - [2007.11.27 16:40:00 | 000,539,512 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio) DRV - [2007.11.27 16:40:00 | 000,074,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2007.11.21 11:51:00 | 000,879,624 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2007.11.01 16:26:36 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV) DRV - [2007.11.01 16:25:32 | 000,211,456 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL) DRV - [2007.11.01 16:25:22 | 000,731,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2007.09.07 19:06:32 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pmemnt.sys -- (pmem) DRV - [2007.06.29 12:38:00 | 000,156,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS) DRV - [2007.06.21 04:43:26 | 002,208,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R) DRV - [2007.03.23 10:50:00 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver) DRV - [2006.11.28 23:46:24 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PDNMp50.sys -- (PDNMp50) DRV - [2006.11.28 23:46:22 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PDNSp50.sys -- (PDNSp50) DRV - [2006.10.02 01:55:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint) DRV - [2006.10.02 01:55:00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI) DRV - [2006.09.27 02:36:24 | 001,709,696 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw3x32.sys -- (NETw3x32) Intel(R) DRV - [2006.08.16 19:07:00 | 000,005,120 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD) DRV - [2006.07.14 17:27:22 | 000,012,544 | ---- | M] (Lenovo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tvtfilter.sys -- (tvtfilter) DRV - [2006.07.14 17:03:04 | 000,017,664 | ---- | M] (Lenovo Group Limited) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvtpktfilter.sys -- (TVTPktFilter) DRV - [2006.07.14 15:55:12 | 000,003,968 | ---- | M] (IBM Corp.) [Kernel | Auto | Running] -- C:\Programme\SMI2\smi2.sys -- (smi2) DRV - [2006.03.13 16:05:54 | 000,058,368 | R--- | M] (Utimaco Safeware AG) [Kernel | Auto | Running] -- C:\Programme\Lenovo\SafeGuard PrivateDisk\privatediskm.sys -- (PrivateDisk) DRV - [2006.03.01 03:30:00 | 000,089,472 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB) DRV - [2006.02.02 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM) DRV - [2006.02.02 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M) DRV - [2006.02.02 05:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M) DRV - [2006.02.02 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM) DRV - [2006.02.02 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM) DRV - [2006.02.02 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM) DRV - [2006.02.02 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN) DRV - [2006.01.31 04:19:34 | 000,176,128 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService) DRV - [2005.12.06 04:20:48 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hsxhwazl.sys -- (HSXHWAZL) DRV - [2005.11.18 12:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM) DRV - [2005.11.18 12:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N) DRV - [2005.11.18 05:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM) DRV - [2005.05.17 10:20:08 | 000,015,872 | ---- | M] (Atmel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atmeltpm.sys -- (atmeltpm) DRV - [2004.11.30 16:38:24 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF) DRV - [2004.08.03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2003.09.10 23:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi) DRV - [2001.08.18 14:22:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde) DRV - [2001.08.18 05:33:12 | 000,322,432 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\G400m.sys -- (G400) DRV - [2001.08.18 00:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow) DRV - [2001.08.18 00:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3) DRV - [2001.08.18 00:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi) DRV - [2001.08.18 00:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx) DRV - [2001.08.18 00:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810) DRV - [2001.08.17 23:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra) DRV - [2001.08.17 23:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160) DRV - [2001.08.17 23:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080) DRV - [2001.08.17 23:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280) DRV - [2001.08.17 23:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k) DRV - [2001.08.17 23:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x) DRV - [2001.08.17 23:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc) DRV - [2001.08.17 23:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550) DRV - [2001.08.17 23:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde) DRV - [2001.08.17 14:48:14 | 000,011,520 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TwoTrack.sys -- (TwoTrack) DRV - [2001.08.17 13:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audiotreiber-Installationsdienst (WDM) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.1 FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:4.0.0 FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..network.proxy.http: "http://1.1.1.1/http.de.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de  fficial"FF - prefs.js..network.proxy.type: 4 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.06.27 09:12:21 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.06.29 14:42:36 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.04.04 10:21:49 | 000,000,000 | ---D | M] [2010.04.02 11:12:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Extensions [2010.04.02 11:12:52 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.06.28 15:24:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions [2010.06.13 23:28:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.04.24 17:02:40 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\{34ea1c70-42cc-42c5-aa29-ec58b95a343e} [2010.02.05 22:34:39 | 000,000,000 | ---D | M] (IE View) -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d} [2010.04.11 23:11:29 | 000,000,000 | ---D | M] (LeechBlock) -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387} [2009.07.01 21:20:27 | 000,000,000 | ---D | M] (Web Developer) -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} [2009.04.24 17:02:41 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca} [2010.02.15 08:32:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\de-DE@dictionaries.addons.mozilla.org [2008.07.31 20:49:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\de-DE-comb@dictionaries.addons.mozilla.org [2009.10.08 09:29:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\en-US@dictionaries.addons.mozilla.org [2009.04.24 17:01:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\SQLiteManager@mrinalkant.blogspot(2).com [2010.04.09 10:15:28 | 000,002,433 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\searchplugins\ixquickde-https.xml [2010.06.28 15:24:47 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.06.27 10:34:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.06.27 10:34:18 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.06.26 10:03:55 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.06.26 10:03:55 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.06.26 10:03:55 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.06.26 10:03:55 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.06.26 10:03:55 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml |
|
29.06.2010, 13:58
| #85 |
| | TR/PSW.Zbot.133169.Y alle 11 Minuten Antivir und temp Dateien Protokoll OTL Teil 2: O1 HOSTS File: ([2010.06.29 08:31:18 | 000,407,846 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 14129 more lines... O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - E:\Programme\Adobe\/Adobe Contribute CS4/contributeieplugin.dll () O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - E:\Programme\Adobe\/Adobe Contribute CS4/contributeieplugin.dll () O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O4 - HKLM..\Run: [Acrobat Assistant 8.0] E:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo ) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] E:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AMSG] C:\Programme\ThinkVantage\AMSG\Amsg.exe (LENOVO) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited) O4 - HKLM..\Run: [BLOG] C:\Programme\ThinkPad\Utilities\BATLOGEX.DLL () O4 - HKLM..\Run: [cssauth] C:\Programme\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited) O4 - HKLM..\Run: [DiskeeperSystray] C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation) O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions) O4 - HKLM..\Run: [EZEJMNAP] C:\Programme\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.) O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\Installshield\UpdateService\ISUSPM.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [LENOVO.TPFNF6R] C:\Programme\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited) O4 - HKLM..\Run: [LPMailChecker] C:\Programme\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited) O4 - HKLM..\Run: [LPManager] C:\Programme\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited) O4 - HKLM..\Run: [PDService.exe] C:\Programme\Lenovo\SafeGuard PrivateDisk\pdservice.exe (Utimaco Safeware AG) O4 - HKLM..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.) O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited) O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited) O4 - HKLM..\Run: [TPFNF7] C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited) O4 - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) O4 - HKLM..\Run: [TPKMAPHELPER] C:\Programme\ThinkPad\Utilities\TpKmapAp.exe (Lenovo) O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo.) O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\hpoddt01.exe.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\officejet 6100.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposol08.exe (Hewlett-Packard Co.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: &Windows Live Search - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230902201937 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O18 - Protocol\Handler\haufereader {39198710-62F7-42CD-9458-069843FA5D32} - C:\Programme\Haufe\HaufeReader\HRInstmon.dll (Haufe Mediengruppe) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\ACNotify: DllName - Reg Error: Value error. - Reg Error: Value error. File not found O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\AwayNotify: DllName - C:\Programme\Lenovo\AwayTask\AwayNotify.dll - C:\Programme\Lenovo\AwayTask\AwayNotify.dll (Lenovo Group Limited) O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found O20 - Winlogon\Notify\psfus: DllName - Reg Error: Value error. - Reg Error: Value error. File not found O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\1400_1050 Think EMEA Map.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.01.27 04:18:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010.06.11 18:07:58 | 000,000,000 | ---D | M] - E:\Automobilia -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.06.29 14:27:45 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Norman\Recent [2010.06.29 13:26:11 | 000,000,000 | ---D | C] -- C:\_OTL [2010.06.29 12:07:30 | 000,000,000 | ---D | C] -- C:\_SMA [2010.06.29 07:01:37 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010.06.28 19:41:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2010.06.28 17:48:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Norman\Desktop\Trajaner [2010.06.28 16:28:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Norman\DoctorWeb [2010.06.28 15:34:50 | 000,000,000 | RHSD | C] -- C:\cmdcons [2010.06.27 19:28:02 | 000,632,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr80.dll [2010.06.27 19:28:01 | 000,554,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp80.dll [2010.06.27 19:27:59 | 000,034,048 | ---- | C] (MicroWorld Technologies Inc.) -- C:\WINDOWS\System32\eEmpty.exe [2010.06.27 19:27:54 | 000,153,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\R.COM [2010.06.27 19:27:54 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\T.COM [2010.06.27 19:27:53 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\MicroWorld [2010.06.27 19:27:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MicroWorld [2010.06.27 19:23:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Download Manager [2010.06.27 18:39:02 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Norman\Desktop\OTL.exe [2010.06.27 18:32:53 | 166,440,096 | ---- | C] (G Data Software AG) -- C:\Dokumente und Einstellungen\Norman\Eigene Dateien\GER_R_ESD_IS.exe [2010.06.27 17:47:41 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010.06.27 17:47:41 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010.06.27 17:47:41 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010.06.27 17:47:41 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010.06.27 17:47:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010.06.27 17:44:13 | 000,000,000 | ---D | C] -- C:\Qoobox [2010.06.27 17:40:29 | 000,000,000 | ---D | C] -- C:\rsit [2010.06.27 13:37:30 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2010.06.27 10:34:49 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010.06.27 10:34:49 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010.06.27 10:34:49 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010.06.27 10:34:49 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010.06.27 10:22:00 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.06.27 09:52:44 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro [2010.06.26 15:33:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Malwarebytes [2010.06.26 15:33:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.06.26 15:33:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.06.26 15:33:05 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.06.26 15:33:05 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.06.26 14:08:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe [2010.06.26 11:25:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun [2010.06.26 11:24:48 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2010.06.26 11:01:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia [2010.06.26 10:33:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe [2010.06.18 08:36:31 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft ActiveSync [2010.06.17 17:04:08 | 000,100,352 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssceserd.sys [2010.06.17 17:04:07 | 000,123,648 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscemdm.sys [2010.06.17 17:04:07 | 000,098,560 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscebus.sys [2010.06.17 17:04:07 | 000,014,848 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscemdfl.sys [2010.06.17 17:04:07 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscecmnt.sys [2010.06.17 17:04:07 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscecm.sys [2010.06.17 17:04:07 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscewhnt.sys [2010.06.17 17:04:07 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscewh.sys [2010.06.17 16:32:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Norman\Eigene Dateien\SelfMV [2010.06.17 12:23:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Norman\Lokale Einstellungen\Anwendungsdaten\PCHealth [2010.06.14 14:34:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Norman\Eigene Dateien\Galileo Press [2010.06.10 08:30:17 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll [2010.06.09 10:53:28 | 000,000,000 | ---D | C] -- C:\Programme\MyFree Codec [2010.06.04 10:06:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\KB905474 ========== Files - Modified Within 30 Days ========== [2010.06.29 14:48:34 | 000,010,027 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI [2010.06.29 14:46:37 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job [2010.06.29 14:46:05 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job [2010.06.29 14:45:52 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.06.29 14:45:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.06.29 14:45:34 | 000,045,668 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap [2010.06.29 14:45:29 | 3219,574,784 | -HS- | M] () -- C:\hiberfil.sys [2010.06.29 14:44:53 | 015,466,496 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\ntuser.dat [2010.06.29 14:44:31 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Norman\ntuser.ini [2010.06.29 14:44:03 | 007,527,734 | -H-- | M] () -- C:\Dokumente und Einstellungen\Norman\Lokale Einstellungen\Anwendungsdaten\IconCache.db [2010.06.29 14:42:36 | 000,001,716 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk [2010.06.29 13:45:00 | 000,000,248 | ---- | M] () -- C:\WINDOWS\tasks\Auf Updates für Windows Live Toolbar prüfen.job [2010.06.29 13:26:25 | 000,520,986 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.06.29 13:26:25 | 000,491,752 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.06.29 13:26:25 | 000,104,836 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.06.29 13:26:25 | 000,089,548 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.06.29 13:26:24 | 001,223,776 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.06.29 11:10:19 | 000,000,494 | ---- | M] () -- C:\hpfr5550.xml [2010.06.29 08:31:18 | 000,407,846 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010.06.29 07:00:42 | 000,039,675 | ---- | M] () -- C:\Kaspersky.html [2010.06.28 19:44:23 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010.06.28 19:43:51 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100629-083118.backup [2010.06.28 18:29:50 | 003,722,957 | R--- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\ComboFix.exe [2010.06.28 17:30:18 | 000,040,448 | ---- | M] () -- C:\WINDOWS\System32\drivers\intelppm.sys [2010.06.28 16:01:00 | 000,000,396 | ---- | M] () -- C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1190378331.job [2010.06.28 15:34:58 | 000,000,281 | RHS- | M] () -- C:\boot.ini [2010.06.27 23:18:53 | 000,001,516 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Eigene Dateien\pinfect.zip [2010.06.27 19:30:55 | 000,000,053 | ---- | M] () -- C:\WINDOWS\Lic.xxx [2010.06.27 19:28:01 | 000,632,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr80.dll [2010.06.27 19:28:00 | 000,554,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp80.dll [2010.06.27 19:27:58 | 000,034,048 | ---- | M] (MicroWorld Technologies Inc.) -- C:\WINDOWS\System32\eEmpty.exe [2010.06.27 18:38:48 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Norman\Desktop\OTL.exe [2010.06.27 18:35:09 | 166,440,096 | ---- | M] (G Data Software AG) -- C:\Dokumente und Einstellungen\Norman\Eigene Dateien\GER_R_ESD_IS.exe [2010.06.27 10:34:17 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010.06.27 10:34:17 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010.06.27 10:34:17 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010.06.27 10:34:17 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010.06.27 10:34:16 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2010.06.27 09:12:23 | 000,001,573 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2010.06.27 09:06:02 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.06.27 00:00:00 | 000,005,427 | ---- | M] (IBM Corporation) -- C:\WINDOWS\System32\EGATHDRV.SYS [2010.06.26 19:57:59 | 000,000,512 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job [2010.06.26 19:57:58 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job [2010.06.26 10:29:39 | 000,409,923 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100626-131548.backup [2010.06.26 10:10:13 | 000,000,246 | ---- | M] () -- C:\WINDOWS\WININIT.INI [2010.06.24 20:36:35 | 010,560,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Eigene Dateien\Börge-Hendrik Spröde.QBW [2010.06.24 20:28:21 | 000,018,240 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Rechnung-HEBUX-338.pdf [2010.06.23 20:09:56 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2010.06.23 19:07:21 | 000,027,136 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Ute Lepin-HEK.doc [2010.06.23 18:56:34 | 000,026,624 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Ute Lepin23.doc [2010.06.23 15:09:25 | 000,018,341 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Rechnung-HEBUX-337.pdf [2010.06.23 08:59:50 | 000,002,006 | ---- | M] () -- C:\aqua_bitmap.cpp [2010.06.22 21:19:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010.06.22 14:31:53 | 000,072,314 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Navi-z205.jpg [2010.06.18 09:26:33 | 007,844,864 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\setup.msi [2010.06.17 15:51:36 | 000,018,287 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Rechnung-HEBUX-336.pdf [2010.06.17 10:19:45 | 000,247,792 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Telefonbuch001.SPB [2010.06.16 20:46:57 | 000,018,502 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Rechnung-HEBUX-335.pdf [2010.06.12 00:28:06 | 000,070,995 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\1000-teile.jpg [2010.06.10 19:34:49 | 004,376,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.06.09 11:27:44 | 000,015,872 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\abrechnung.xlr [2010.06.09 11:26:50 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\System32\FsUsbExService.Exe [2010.06.09 11:26:50 | 000,036,608 | ---- | M] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys ========== Files Created - No Company Name ========== [2010.06.29 14:42:36 | 000,001,716 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk [2010.06.29 07:00:42 | 000,039,675 | ---- | C] () -- C:\Kaspersky.html [2010.06.28 18:29:48 | 003,722,957 | R--- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\ComboFix.exe [2010.06.28 17:30:24 | 3219,574,784 | -HS- | C] () -- C:\hiberfil.sys [2010.06.28 15:34:57 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2010.06.28 15:34:53 | 000,262,448 | ---- | C] () -- C:\cmldr [2010.06.27 23:18:53 | 000,001,516 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Eigene Dateien\pinfect.zip [2010.06.27 19:28:25 | 000,000,053 | ---- | C] () -- C:\WINDOWS\Lic.xxx [2010.06.27 19:27:59 | 000,000,522 | ---- | C] () -- C:\WINDOWS\System32\Microsoft.VC80.CRT.manifest [2010.06.27 17:47:41 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010.06.27 17:47:41 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010.06.27 17:47:41 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010.06.27 17:47:41 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010.06.27 17:47:41 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010.06.26 19:57:59 | 000,000,512 | ---- | C] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job [2010.06.26 19:57:57 | 000,000,316 | ---- | C] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job [2010.06.24 20:28:21 | 000,018,240 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Rechnung-HEBUX-338.pdf [2010.06.23 19:01:08 | 000,027,136 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Ute Lepin-HEK.doc [2010.06.23 18:56:33 | 000,026,624 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Ute Lepin23.doc [2010.06.23 15:09:25 | 000,018,341 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Rechnung-HEBUX-337.pdf [2010.06.23 08:49:26 | 010,529,280 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2010.06.23 08:35:28 | 000,000,074 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\log.log [2010.06.22 14:31:52 | 000,072,314 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Navi-z205.jpg [2010.06.18 09:50:55 | 000,247,792 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Telefonbuch001.SPB [2010.06.18 09:26:33 | 007,844,864 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\setup.msi [2010.06.17 15:51:36 | 000,018,287 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Rechnung-HEBUX-336.pdf [2010.06.16 20:46:57 | 000,018,502 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Rechnung-HEBUX-335.pdf [2010.06.12 00:28:06 | 000,070,995 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\1000-teile.jpg [2010.06.04 10:06:30 | 000,000,260 | ---- | C] () -- C:\WINDOWS\tasks\WGASetup.job [2010.05.27 23:05:20 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll [2010.05.27 23:05:20 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys [2009.10.06 09:16:00 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009.01.03 17:58:29 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll [2009.01.03 17:58:29 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll [2009.01.03 17:58:29 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll [2009.01.03 17:58:29 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll [2009.01.03 17:58:29 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll [2009.01.03 17:58:29 | 000,000,021 | ---- | C] () -- C:\WINDOWS\SurCode.INI [2008.07.04 10:02:26 | 000,000,109 | ---- | C] () -- C:\WINDOWS\Backup.INI [2008.02.09 20:16:29 | 000,000,246 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2008.02.04 21:30:57 | 000,000,111 | ---- | C] () -- C:\WINDOWS\telephon.ini [2008.01.23 14:57:20 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll [2008.01.23 14:57:20 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll [2008.01.23 14:57:19 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll [2007.11.26 16:56:04 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll [2007.11.26 16:43:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll [2007.11.15 21:31:34 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\LXPrnUtil10.dll [2007.11.15 21:27:40 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\dnt27VC8.dll [2007.11.15 21:25:28 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27VC8.dll [2007.11.15 21:25:12 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dntvm27VC8.dll [2007.10.07 13:21:17 | 000,003,325 | ---- | C] () -- C:\WINDOWS\tm.ini [2007.09.30 09:47:10 | 000,024,222 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini [2007.09.30 09:47:10 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini [2007.09.30 09:46:41 | 000,061,950 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini [2007.09.30 09:46:41 | 000,016,173 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini [2007.09.30 09:46:40 | 000,017,590 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini [2007.09.08 00:42:44 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PXTToolVC7.dll [2007.09.08 00:33:00 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007.09.08 00:08:57 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll [2007.09.07 19:13:57 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2007.09.07 19:05:58 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys [2007.09.07 18:55:42 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2007.09.07 18:55:42 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2007.09.07 18:55:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2007.09.07 18:55:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2007.09.07 18:55:42 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2007.09.07 18:55:42 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2007.09.07 18:47:30 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll [2007.09.07 18:46:20 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2007.09.07 18:44:31 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll [2007.09.07 18:44:13 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS [2007.09.07 18:43:56 | 000,009,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS [2006.09.21 14:53:28 | 000,282,679 | ---- | C] () -- C:\WINDOWS\System32\dnt27.dll [2006.09.21 14:52:24 | 000,077,882 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27.dll [2006.09.21 14:52:14 | 000,077,881 | ---- | C] () -- C:\WINDOWS\System32\dntvm27.dll [2006.08.17 10:00:13 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI [2006.08.17 10:00:09 | 000,000,487 | ---- | C] () -- C:\WINDOWS\System32\IPSCtrl.INI [2006.08.03 03:27:52 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll [2006.06.14 18:26:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2006.06.12 12:27:00 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL [2006.01.27 19:18:01 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini [2006.01.27 19:05:14 | 000,002,963 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2005.11.09 12:13:48 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\dnt27VC7.dll [2005.11.09 12:11:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27VC7.dll [2005.11.09 12:11:30 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dntvm27VC7.dll [2005.05.04 14:00:06 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\MMedia10VC7.dll [2005.02.17 12:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest [2005.02.17 12:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest [2004.08.04 02:44:46 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\drivers\intelppm.sys [2003.03.09 22:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll [2001.12.12 12:41:36 | 000,041,472 | ---- | C] () -- C:\WINDOWS\System32\W32btstp.dll [2001.12.12 12:41:36 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\W32btxlt.dll [2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll [2000.12.04 20:27:06 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\W32MKRC.DLL [1999.05.14 15:05:22 | 000,015,627 | ---- | C] () -- C:\WINDOWS\System32\WBROLLRS.DLL [1996.12.14 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL [1996.12.14 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL ========== Alternate Data Streams ========== @Alternate Data Stream - 122 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A8ADE5D8 @Alternate Data Stream - 121 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP  FC5A2B2< End of report > |
|
29.06.2010, 13:58
| #86 |
| | TR/PSW.Zbot.133169.Y alle 11 Minuten Antivir und temp Dateien Protokoll Extras OTL: OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 29.06.2010 14:49:50 - Run 8
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Dokumente und Einstellungen\Norman\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 76,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 70,17 Gb Total Space | 30,52 Gb Free Space | 43,49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 111,79 Gb Total Space | 65,62 Gb Free Space | 58,70% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TEST
Current User Name: Norman
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
"DisableMonitoring" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS4 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS4 Server
"51000:TCP" = 51000:TCP:*:Enabled:Adobe Version Cue CS4 Server
"51001:TCP" = 51001:TCP:*:Enabled:Adobe Version Cue CS4 Server
"10280:UDP" = 10280:UDP:LocalSubNet:Disabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Disabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Disabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Disabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Disabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Disabled:Windows Media Connect
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\IBP 10\IBP.exe" = C:\Programme\IBP 10\IBP.exe:*:Enabled:Internet Business Promoter (IBP) -- (Axandra GmbH)
"C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" = C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:*:Enabled:Adobe Version Cue CS4 Server -- (Adobe Systems Incorporated)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"E:\Programme\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe" = E:\Programme\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe:*:Enabled:Adobe Dreamweaver CS4 -- (Adobe Systems, Inc.)
"C:\Programme\sipgate X-Lite\sipgateXLite.exe" = C:\Programme\sipgate X-Lite\sipgateXLite.exe:*:Enabled:sipgateXLite -- ()
"C:\Programme\Mozilla Thunderbird\thunderbird.exe" = C:\Programme\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird -- (Mozilla Messaging)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{062831CB-A028-FA27-482B-35B935569892}" = CCC Help Spanish
"{075473F5-846A-448B-BCB3-104AA1760205}" = RecordNow Data
"{07E78C07-ECEF-4AEF-9581-2C31A5BDA6C0}" = sipgate Faxdrucker
"{0921D0A0-5A37-4318-9EDD-6B6EC12E6380}" = Lexware QuickBooks 2008
"{0940BBAB-2C46-E877-69CE-1A1B8100C6F3}" = Catalyst Control Center Localization Japanese
"{09672BC4-148F-3FCC-E1A9-A019453D9A4A}" = CCC Help Chinese Standard
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0B561CF4-0C7D-4745-AF53-161E24E44F87}" = Adobe CS4 Italian Speech Analysis Models
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F03AD68-3716-DC9C-45E3-72B519D0B64E}" = CCC Help Dutch
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{10DDCDDD-9A59-4496-9371-C17F1668D433}" = Windows Live Toolbar
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad-Dienstprogramm 'EasyEject'
"{12BB7942-1E1F-43D9-B441-4668C1629425}" = hp officejet 6100 series
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1ED554BA-058A-9664-2BA8-F6F2A68DE15E}" = Catalyst Control Center Localization Swedish
"{1FD653A8-9CFA-4392-B89C-CCDB114DE442}" = Adobe CS4 Spanish Speech Analysis Models
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = Dienstprogramm 'ThinkPad-Tastaturanpassung'
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2E64DF28-426C-9E02-8295-485AB959225C}" = Catalyst Control Center Localization Spanish
"{2EE66895-2912-4980-82FD-0AF03FB884DC}" = Lexware QuickBooks 2008
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{319786B7-D72F-43B3-99C1-E93724ED17D3}" = Lexware online banking 4.90
"{32148D5D-909F-4A7B-93EE-5C16B71F4A8C}" = funScreenScraping Client Version
"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35431808-8D7E-345D-127B-BFC92CAA2352}" = CCC Help English
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{372853A4-796F-7042-4B26-AB2F8D780136}" = CCC Help Japanese
"{38EBEF35-18E3-4B74-A560-8F80685B9626}" = Lexware QuickBooks plus 2008
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3AEF318B-5987-09AF-949A-3D42837684D8}" = Catalyst Control Center Localization Italian
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EBD3749-304E-4A4C-9575-C00E5F015217}" = Apple Mobile Device Support
"{40D5BDFB-D6E9-459E-92A8-118DA5AFBF86}" = Lexware online banking 4.20
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{46CD7295-6B85-E6D1-9774-0C584F6497CB}" = Catalyst Control Center Graphics Full Existing
"{47C6F987-685A-41AE-B092-E75B277AEE39}" = Adobe Flash CS4 Extension - Flash Lite STI others
"{48227AEB-DC8E-4A90-A274-0B4A39D699B1}" = Client Security Solution
"{48E9A4FB-17C6-4B14-BC9D-D83AF2A4059A}" = Adobe CS4 Korean Speech Analysis Models
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4F213D2A-B942-4611-AEE5-49F9D42D0A2F}" = Adobe CS4 International English Speech Analysis Models
"{507C870C-C27E-4F53-A32A-23500AC62A46}" = Adobe GoLive CS (DEU)
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{537575D6-3B96-474C-BD8F-DFF667363DBD}" = Naviextras Toolbox Prerequesities
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{593B41FE-0F9E-42FB-83B9-F54183F0E71D}" = Lexware Abschreibungsrechner 2006
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Präsentationsdirektor
"{66463B76-A188-C603-BF2F-AF6088F18012}" = CCC Help Italian
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{679DEB4F-FCC2-F5D7-2F23-EDF82D2CB76A}" = Catalyst Control Center Localization Korean
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Foto- und Bildbearbeitung 2.0 All-in-One Treiber
"{6FBABF2B-2355-4839-91BF-C86D9DB16934}" = Lexware Abschreibungsrechner 2008
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72BB5DC4-1C72-4306-9005-6B44190DF430}" = Lexware QuickBooks 2008
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{7596AEAB-2884-E87D-FD0B-BB02763998FB}" = ccc-utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7726CF62-7B45-4E6D-9266-615346816BCA}" = Rescue and Recovery
"{795B7252-3FA5-20CA-D039-8E62DC590A10}" = Catalyst Control Center Graphics Light
"{796E076A-82F7-4D49-98C8-DEC0C3BC733A}" = Diskeeper Lite
"{7A62B557-7A4F-CDB1-F6E5-E7AB5625ED16}" = ccc-core-preinstall
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7D9A486B-DD9E-4526-9B3A-B26B83179EAE}" = Lexware online banking 4.90
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}" = InterVideo WinDVD Creator 3
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = ThinkPad-UltraNav-Assistent
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83E1D91E-6B79-8850-7CBB-3098BDD1D4C7}" = CCC Help Korean
"{83FEAEA2-0BAE-1E00-7264-C88A1BD55CE8}" = Catalyst Control Center Localization French
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{859744B2-A09C-4A8E-AF5A-1A1F333C7D53}" = Lexware Elster
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8A59CF7D-58AB-A28D-F02D-8473A4431A28}" = Skins
"{911B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Foto- und Bildbearbeitung 2.0 - All-in-One
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{9966A5DB-8BB0-4D89-A701-386ED84E79B8}" = Adobe Creative Suite 4 Master Collection
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A7C4EAC-6E38-42E3-85AA-408874A803DE}" = Adobe CS4 German Speech Analysis Models
"{9AACCD0F-2734-4E8C-8C24-2702D4506E93}" = Adobe CS4 French Speech Analysis Models
"{9EA84FDD-CCC0-47FD-A993-923165BEA47A}" = System Migration Assistant
"{9FCE66F0-EE03-43BD-916E-66EDF0DBC18C}" = Catalyst Control Center - Branding
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Energie-Manager
"{A2289997-10A3-48F2-AA03-99180D761661}" = ThinkVantage Fingerprint Software 5.6
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A398B998-D540-A3D0-A35B-84A5549E1C5B}" = CCC Help Swedish
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5E81ECB-C322-35EF-E9B9-2CFE17BB1A28}" = CCC Help German
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = RecordNow Audio
"{ABAD4282-5D79-93D6-5687-5657BC74DC51}" = Catalyst Control Center Localization German
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_932" = Adobe Acrobat 9.3.2 - CPSID_53951
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC849092-6F19-4395-8860-BC3B82CAFE51}" = funScreenScraping Microsoft Systemdateien
"{ADB68E57-C344-3C48-10B1-51B5959F4EA3}" = Catalyst Control Center Core Implementation
"{ADFAA190-E063-EB64-42A6-C5E8A1DA0A79}" = Catalyst Control Center Localization Dutch
"{AEA7DB99-E310-741E-D005-02BDF09E5AB3}" = CCC Help Portuguese
"{AEBDAEFE-DE1E-8622-C8DC-B7F8008E1925}" = CCC Help French
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B095B0A4-50A5-46D7-9988-D038FEB040C0}" = Adobe Encore CS4 Library
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = RecordNow Copy
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B35FDD04-48FD-4D3D-B0EB-088C5137CD42}" = Adobe CS4 Japanese Speech Analysis Models
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Speicher-Disc
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}" = ElsterFormular 2007/2008
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6FA7BE5-6C3F-42AF-B3C1-C1F4536920C5}" = Lexware Abschreibungsrechner
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B976F8E5-6A68-482C-8371-1DF9C70F7E2E}_is1" = sipgate X-Lite 1105c ger
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCEEDC10-441F-4E4E-8590-0955C4C6B3F6}" = Adobe Setup
"{BD3374D3-C2E6-42B7-A80B-E850B6886246}" = Adobe Flash CS4 STI-other
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C019A4C7-C791-450C-A5CF-FF95826CD276}" = Lexware QuickBooks 2008
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4BEEB8C-B9D2-4CD9-A2AA-1F3A1F57DF21}" = Works Suite-Betriebssystem-Pack
"{C5243A59-B2DD-EC07-23D2-D9CD9689B193}" = Catalyst Control Center Graphics Full New
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{C73D0E75-D147-CD6B-29F2-C5A1C8C6579C}" = ccc-core-static
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC322D0B-CC8E-4351-90F2-19275DFFC134}" = Lexware QuickBooks 2008
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D52140C4-3CBD-1ED0-1CAA-7C4EAF5F75E1}" = Catalyst Control Center Localization Chinese Standard
"{D728E945-256D-4477-B377-6BBA693714AC}" = Ergänzung zu Productivity Center für ThinkPad
"{D8482C8C-B0D9-EAF3-43DC-9770D3C7DB88}" = Catalyst Control Center Localization Chinese Traditional
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{DDFC5759-D6BC-FE35-D423-EE93B562B2CD}" = CCC Help Chinese Traditional
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{E89B484C-B913-49A0-959B-89E836001658}" = GEAR 32bit Driver Installer
"{EA664480-3844-11D5-8C25-444553540000}" = Funktion "TrackPoint-Eingabehilfen"
"{EDDDC607-91D9-4758-9F57-265FDCD8A772}" = Microsoft Works 7.0
"{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}" = Adobe Stock Photos 1.0
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F358E676-72D0-40C3-BED7-113DCFAE4F32}" = Lexware QuickBooks PLUS 2007
"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
"{F600CCF3-9C88-4A22-B0B4-DDA82E997118}" = Adobe After Effects CS4 Template Projects & Footage
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F7E345A5-F79B-44EE-BC4A-738899E756C0}" = Lexware online banking 4.90
"{F7F2DC0A-C22E-49AD-AD37-797309A54E7B}" = Microsoft AutoRoute 2002
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F8EF9F7F-5C73-4908-92F8-4A7F92968520}" = Lexware QuickBooks PLUS 2007
"{F91040C8-F3F6-BBA5-2762-EB720EA4B556}" = Catalyst Control Center Localization Portuguese
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FC081D4D-DF1B-4CF1-B530-027E4118D846}" = ThinkPad-Konfiguration
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer
"Adobe_7e74552a59eaf9fafd13f90894ac9bd" = Adobe Creative Suite 4 Master Collection
"Alice" = Alice-Installationsdateien entfernen
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AwayTask" = ThinkVantage Away Manager
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Content Manager 2" = Content Manager 2
"Digital Editions" = Adobe Digital Editions
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"eDocPrintPro" = eDocPrintPro
"ElsterFormular 11.2.0.4074" = ElsterFormular
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"GraphicsMagick 1.1.10 Q8_is1" = GraphicsMagick 1.1.10 Q8 (2007-09-19)
"GSiteCrawler" = GSiteCrawler
"HaufeReader" = HaufeReader
"HijackThis" = HijackThis 2.0.2
"HP OfficeJet 6100 Series" = HP Foto und Bildbearbeitung 2.0 - hp officejet 6100 series
"IBP10_is1" = IBP 10.2
"IBP11_is1" = IBP 11.7.4
"IBP9_is1" = IBP & ARELIS 9.7.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"LENOVO.SMIIF" = Lenovo System Interface Driver
"Link Popularity Check_is1" = Link Popularity Check 3.0.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MozBackup_is1" = MozBackup 1.4.7
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Office8.0" = Microsoft Office 97, Professional Edition
"OnScreenDisplay" = Anzeige am Bildschirm
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"PCMCIAPW" = ThinkPad PC Card Power Policy
"Picasa2" = Picasa 2
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel(R) PROSet/Wireless Software
"PROSet" = Intel(R) Network Connections Drivers
"QB_BKH" = QuickBooks Business-KnowHow
"Remove Multimedia Center" = Remove Multimedia Center
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"Works2003Setup" = Microsoft Works 2003-Setup-Start
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 29.06.2010 08:06:24 | Computer Name = TEST | Source = MsiInstaller | ID = 11311
Description = Produkt: Adobe Reader 9 - Deutsch -- Fehler 1311. Die Quelldatei (CAB-Datei)
wurde nicht gefunden: C:\Programme\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1031-7B44-A90000000001}\Data1.cab.
Überprüfen Sie, ob die Datei existiert und ob Sie darauf zugreifen können.
Error - 29.06.2010 08:06:27 | Computer Name = TEST | Source = MsiInstaller | ID = 11311
Description = Produkt: Adobe Reader 9 - Deutsch -- Fehler 1311. Die Quelldatei (CAB-Datei)
wurde nicht gefunden: C:\Programme\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1031-7B44-A90000000001}\Data1.cab.
Überprüfen Sie, ob die Datei existiert und ob Sie darauf zugreifen können.
Error - 29.06.2010 08:14:14 | Computer Name = TEST | Source = MsiInstaller | ID = 11316
Description = Produkt: Adobe Reader 9 - Deutsch -- Fehler 1316. Beim Versuch, die
Datei C:\WINDOWS\Installer\AcroRead.msi zu lesen, ist ein Netzwerkfehler aufgetreten.
Error - 29.06.2010 08:16:13 | Computer Name = TEST | Source = MsiInstaller | ID = 11316
Description = Produkt: Adobe Reader 9 - Deutsch -- Fehler 1316. Beim Versuch, die
Datei C:\WINDOWS\Installer\AcroRead.msi zu lesen, ist ein Netzwerkfehler aufgetreten.
Error - 29.06.2010 08:17:24 | Computer Name = TEST | Source = MsiInstaller | ID = 11316
Description = Produkt: Adobe Reader 9 - Deutsch -- Fehler 1316. Beim Versuch, die
Datei C:\WINDOWS\Installer\AcroRead.msi zu lesen, ist ein Netzwerkfehler aufgetreten.
Error - 29.06.2010 08:23:32 | Computer Name = TEST | Source = MsiInstaller | ID = 11316
Description = Produkt: Adobe Reader 9 - Deutsch -- Fehler 1316. Beim Versuch, die
Datei C:\WINDOWS\Installer\AcroRead.msi zu lesen, ist ein Netzwerkfehler aufgetreten.
Error - 29.06.2010 08:32:44 | Computer Name = TEST | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 29.06.2010 08:32:48 | Computer Name = TEST | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 29.06.2010 08:47:33 | Computer Name = TEST | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 29.06.2010 08:47:38 | Computer Name = TEST | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
[ System Events ]
Error - 29.06.2010 07:26:19 | Computer Name = TEST | Source = Service Control Manager | ID = 7034
Description = Dienst "tvtnetwk" wurde unerwartet beendet. Dies ist bereits 1 Mal
passiert.
Error - 29.06.2010 07:26:19 | Computer Name = TEST | Source = Service Control Manager | ID = 7034
Description = Dienst "Power Manager DBC Service" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
Error - 29.06.2010 07:26:20 | Computer Name = TEST | Source = Service Control Manager | ID = 7034
Description = Dienst "System Update" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 29.06.2010 07:26:20 | Computer Name = TEST | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Access Connections Main Service" wurde unerwartet beendet.
Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000
Millisekunden durchgeführt: Starten Sie den Dienst neu..
Error - 29.06.2010 07:26:20 | Computer Name = TEST | Source = Service Control Manager | ID = 7034
Description = Dienst "Pml Driver HPZ12" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 29.06.2010 07:31:18 | Computer Name = TEST | Source = Service Control Manager | ID = 7000
Description = Der Dienst "XAMPP Service" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 29.06.2010 07:40:07 | Computer Name = TEST | Source = Service Control Manager | ID = 7000
Description = Der Dienst "XAMPP Service" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 29.06.2010 08:04:31 | Computer Name = TEST | Source = Service Control Manager | ID = 7000
Description = Der Dienst "XAMPP Service" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 29.06.2010 08:33:42 | Computer Name = TEST | Source = Service Control Manager | ID = 7000
Description = Der Dienst "XAMPP Service" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 29.06.2010 08:48:35 | Computer Name = TEST | Source = Service Control Manager | ID = 7000
Description = Der Dienst "XAMPP Service" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
< End of report >
|
|
29.06.2010, 14:08
| #87 |
| /// Selecta Jahrusso | TR/PSW.Zbot.133169.Y alle 11 Minuten Antivir und temp Dateien Windows + R Taste drücken. Kopiere nun folgendes in die Zeile sc delete XAMPP und drücke OK Logfile ist sauber  Hier noch die letzten paar Schritte zur Säuberung Deines Rechners. Schritt 1 Combofix deinstallieren Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren. Start => Ausführen (bei Vista (Windows-Taste + R) => dort reinschreiben ComboFix /uninstall => Enter drücken - damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch auch dieser die Schädlinge verschwinden. Nun die eben deaktivierten Programme wieder aktivieren. Schritt 2 Tool CleanUp Starte bitte die OTL.exe. Klicke nun auf den Bereinigung Button. Dies wird die meisten Tools und Logfiles entfernen. Sollte denoch etwas bestehen bleiben, bitte manuell entfernen sowie den Papierkorb leeren. Schritt 3 Automatische Updates Sehen wir nach ob die Updates für Windows sich automatisch downloaden. Das ist der beste Weg um all die Sicherheits- Patches und Fixes zu erhalten. Windows + R Taste drücken. Kopiere nun folgenden Text in die Kommandozeile RunDll32.exe shell32.dll,Control_RunDLL wscui.cpl und klicke auf OK. Stelle sicher das die automatischen Updates aktiviert sind. Schritt 4 Um Dich für die Zukunft vor weiteren Infizierungen zu schützen empfehle ich Dir noch ein paar Programme.
Schritt 5 Tipps für sicheres Surfen Das sind meine Vorschläge. Verwende einen alternativen Browser statt den IE. Ich empfehle Mozilla Firefox. Für Firefox gibt es verschiedenste AddOns um sicher durch das WWW zu kommen.
Don'ts
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen. Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
29.06.2010, 14:47
| #88 |
| | TR/PSW.Zbot.133169.Y alle 11 Minuten Antivir und temp Dateien An dieser Stelle erstmal vielen Dank  für: => die Unterstützung => den Service => die Tipps => die Zeit => und für Deine Geduld ! ! ! Einige kurze Fragen habe ich noch: 1) Gab es Anzeichen für einen gezielten Angriff auf meinen Rechner? 2) Was hälst Du von Komplettsoftware wie z.b. von den diversen Internet-Security Paketen? 3) Wie hoch sind denn so die Spenden, die Ihr bekommt, was wird dort so erwartet? Ich sage nochmals Danke und von mir aus kannst Du das hier nun schließen! |
|
29.06.2010, 14:56
| #89 |
| /// Selecta Jahrusso | TR/PSW.Zbot.133169.Y alle 11 Minuten Antivir und temp Dateien 1) Gab es Anzeichen für einen gezielten Angriff auf meinen Rechner? mir ist nichts aufgefallen, dir ? 2) Was hälst Du von Komplettsoftware wie z.b. von den diversen Internet-Security Paketen? Finger weg 3) Wie hoch sind denn so die Spenden, die Ihr bekommt, was wird dort so erwartet? Pro post 10 euro  Ne keine Ahnung, ich hab darauf keinen Zugriff. Was man sich halt leisten will
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
30.06.2010, 09:27
| #90 |
| | TR/PSW.Zbot.133169.Y alle 11 Minuten Antivir und temp Dateien Hallo larusso und co. ich habe leider das gleiche problem... ich habe auch schon filelister durchlaufen lassen der erstellt aber nur eine leere txt-datei hier noch die GMER log datei: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-06-30 00:19:35
Windows 6.1.7600
Running: u8e06d8m.exe; Driver: C:\Users\Klaus\AppData\Local\Temp\kglcqpog.sys
---- System - GMER 1.0.15 ----
SSDT 96EF0C34 ZwCreateThread
SSDT 96EF0C20 ZwOpenProcess
SSDT 96EF0C25 ZwOpenThread
SSDT 96EF0C2F ZwTerminateProcess
INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A32AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A32104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A323F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A1AFB4
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A321DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A32958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A326F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A32F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A331A8
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 84A771F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{DE32F4C4-D68A-4043-A306-59BB286FB2BA} 85EBC1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{8CD7E3AA-8308-4B05-8708-D52D0BB8F05F} 85EBC1F8
Device \Driver\volmgr \Device\VolMgrControl 84A721F8
Device \Driver\usbohci \Device\USBPDO-0 85FAD1F8
Device \Driver\usbehci \Device\USBPDO-1 85FAA1F8
Device \Driver\ACPI_HAL \Device\00000046 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\nvstor \Device\00000060 84A751F8
Device \Driver\volmgr \Device\HarddiskVolume1 84A721F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\volmgr \Device\HarddiskVolume2 84A721F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\cdrom \Device\CdRom0 85E0D1F8
Device \Driver\cdrom \Device\CdRom1 85E0D1F8
Device \Driver\atapi \Device\Ide\IdePort0 84A741F8
Device \Driver\atapi \Device\Ide\IdePort1 84A741F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 85EBC1F8
Device \Driver\PCI_PNP2046 \Device\0000004e spzh.sys
Device \Driver\nvstor \Device\RaidPort0 84A751F8
Device \Driver\nvstor \Device\RaidPort1 84A751F8
Device \Driver\nvstor \Device\RaidPort2 84A751F8
Device \Driver\usbohci \Device\USBFDO-0 85FAD1F8
Device \Driver\sptd \Device\2370553296 spzh.sys
Device \Driver\usbehci \Device\USBFDO-1 85FAA1F8
Device \Driver\ah26fap2 \Device\Scsi\ah26fap21 860D91F8
Device \Driver\ah26fap2 \Device\Scsi\ah26fap21Port5Path0Target0Lun0 860D91F8
Device \FileSystem\cdfs \Cdfs 85E381F8
Device -> \Driver\nvstor \Device\Harddisk0\DR0 85F1FEC5
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1C 0x9B 0xE4 0xA9 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE8 0x0E 0xF2 0x49 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7C 0x1D 0xEE 0xD1 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1C 0x9B 0xE4 0xA9 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE8 0x0E 0xF2 0x49 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7C 0x1D 0xEE 0xD1 ...
---- Files - GMER 1.0.15 ----
File C:\Windows\system32\drivers\nvstor.sys suspicious modification
---- EOF - GMER 1.0.15 ----
|
|
| Themen zu TR/PSW.Zbot.133169.Y alle 11 Minuten Antivir und temp Dateien |
| aktiv, antivir, befallen, dateien, diverse, gelöscht, java, meldung, minute, minuten, neue, neuen, neuste, ordner, programm, programme, sperrt, stelle, system, temp, temporäre dateien, thema, tr/psw.zbot., tr/psw.zbot.133169.y temporäre dateien windows trojaner 11 minuten, update, version, virus, ähnliches |
Textbox.
.
Linear-Darstellung
