| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: RUBotted meldet Befall - Schutzprogramme finden bei Scan nichtsWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.10.2010, 07:11
| #1 |
 |  RUBotted meldet Befall - Schutzprogramme finden bei Scan nichts guten morgen, ich bin neu hier. hoffe, es kann mir jemand helfen. oder mir sagen, dass ich mir keine sorgen zu machen brauche. sobald mein system hochfährt und online ist, meldet mir RUBotted in einem kleinen fenster, dass mein system von "malicious software" befallen sei. und fordert mich auf, einen scan mit housecall durchzuführen. dieser scan findet dann aber nichts. auch avast nicht, auch microsoft essentials nicht. habe auch Malwarebytes und HijackThis scannen lassen, die logfiles hängen unten an. mein system zeigt bei der arbeit keine auffälligkeiten. kann es sein, dass die warn- ein falschmeldung ist? wäre fein, wenn da mal jemand drüberschauen würde.... hier sind die files, hijackthis zuerst. danke!! HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 07:57:37, on 19.10.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17091) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe c:\Programme\Microsoft Security Essentials\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe C:\Programme\Intel\Wireless\Bin\S24EvMon.exe C:\Programme\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\Intel\Wireless\Bin\EvtEng.exe C:\WINDOWS\system32\rundll32.exe C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe C:\WINDOWS\system32\TpShocks.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\Programme\Analog Devices\Core\smax4pnp.exe C:\Programme\Pure Digital Technologies\FlipShare\FlipShareService.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Programme\ThinkVantage\AMSG\Amsg.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe C:\Programme\Trend Micro\RUBotted\TMRUBottedTray.exe C:\Programme\Everything\Everything.exe C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe C:\Programme\Lenovo\HOTKEY\TPONSCR.exe C:\Programme\Lenovo\Zoom\TpScrex.exe C:\Prey\cron.exe C:\Programme\Microsoft Security Essentials\msseces.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\RocketDock\RocketDock.exe C:\Programme\Hotspot Shield\bin\openvpnas.exe C:\Programme\Spyware Terminator\SpywareTerminatorUpdate.exe C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe C:\Programme\Hotspot Shield\bin\hsswd.exe C:\Programme\Iconix eMailID\OutlookClient\IconixOutlookUpdaterService.exe C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Intel\Wireless\Bin\RegSrvc.exe C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Renaissance Wireless Server\Renaissance Wireless Server.exe C:\Programme\Trend Micro\RUBotted\TMRUBotted.exe C:\Programme\DeskNotes 2.2.1\DeskNotes.exe C:\Dokumente und Einstellungen\HansDampf\Anwendungsdaten\Dropbox\bin\Dropbox.exe C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Programme\Chromatic Dragon\Toodledo Sync Application\SyncApp.exe C:\Programme\DeskTask\DeskTask.exe C:\WINDOWS\system32\svchost.exe c:\programme\lenovo\system update\suservice.exe C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe C:\WINDOWS\System32\TPHDEXLG.exe C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe C:\Programme\Hotspot Shield\bin\openvpntray.exe C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Malwarebytes' Anti-Malware\mbam.exe C:\Programme\Windows NT\Zubehör\wordpad.exe C:\Programme\Mozilla Firefox\plugin-container.exe C:\Programme\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.live.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hxxp://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = about:blank O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Programme\Hotspot Shield\HssIE\HssIE.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog O4 - HKLM\..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [AMSG] C:\Programme\ThinkVantage\AMSG\Amsg.exe /startup O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Programme\Trend Micro\RUBotted\TMRUBottedTray.exe" O4 - HKLM\..\Run: [Everything] "C:\Programme\Everything\Everything.exe" -startup O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKLM\..\Run: [Prey Laptop Tracker] c:\Prey\cron.exe --log O4 - HKLM\..\Run: [MSSE] "c:\Programme\Microsoft Security Essentials\msseces.exe" -hide -runkey O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [RocketDock] "C:\Programme\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Programme\Spyware Terminator\SpywareTerminatorUpdate.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: DeskNotes.lnk = ? O4 - Startup: Dropbox.lnk = C:\Dokumente und Einstellungen\HansDampf\Anwendungsdaten\Dropbox\bin\Dropbox.exe O4 - Startup: Stardock ObjectDock.lnk = C:\Programme\Stardock\ObjectDock\ObjectDock.exe O4 - Startup: Toodledo Sync Tool.lnk = ? O4 - Startup: Verknüpfung mit DeskTask.lnk = C:\Programme\DeskTask\DeskTask.exe O4 - Global Startup: McAfee Security Scan Plus.lnk = ? O4 - Global Startup: Renaissance Wireless Server.lnk = ? O8 - Extra context menu item: &Windows Live Search - res://C:\Programme\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Evernote - res://C:\Programme\Evernote\Evernote3\enbar.dll/2000 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Programme\Evernote\Evernote3\enbar.dll O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Programme\Evernote\Evernote3\enbar.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} (Java Plug-in 1.6.0_13) - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing) O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Programme\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Programme\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Programme\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FlipShare Service - Unknown owner - C:\Programme\Pure Digital Technologies\FlipShare\FlipShareService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Programme\Hotspot Shield\bin\openvpnas.exe O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Programme\Hotspot Shield\bin\HssTrayService.EXE O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Programme\Hotspot Shield\bin\hsswd.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: Iconix Outlook Addin Updater Service (IconixOutlookUpdaterService) - Iconix Inc. - C:\Programme\Iconix eMailID\OutlookClient\IconixOutlookUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Programme\Trend Micro\RUBotted\TMRUBotted.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP4\RpcAgentSrv.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\programme\lenovo\system update\suservice.exe O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Programme\Lenovo\Rescue and Recovery\UpdateMonitor.exe -- End of file - 15525 bytes und das hier ist malwarebyte: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4052 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.11 19.10.2010 07:37:13 mbam-log-2010-10-19 (07-37-13).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 141521 Laufzeit: 8 Minute(n), 50 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
19.10.2010, 11:34
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | RUBotted meldet Befall - Schutzprogramme finden bei Scan nichtsZitat:
Gibt es noch weitere Logs von Malwarebytes? Wäre sehr sinnfrei, wenn Du das ohne Funde gepostet hättest!
__________________ |
|
19.10.2010, 12:43
| #3 |
| | RUBotted meldet Befall - Schutzprogramme finden bei Scan nichts oops - und danke für den hinweis! bin davon ausgegangen, dass sich das prog automatisch aktualisiert. war auch so eingestellt, hat es aber nicht gemacht.
__________________hab jetzt die aktuellste version. und einen vollscan gemacht. das hier ist der log dazu: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4879 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.11 19.10.2010 13:37:50 mbam-log-2010-10-19 (13-37-50).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 313512 Laufzeit: 57 Minute(n), 35 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) mehr steht da nicht. müsste das nicht viel länger sein? (die alten sind ähnlich spärlich...) |
|
19.10.2010, 15:31
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | RUBotted meldet Befall - Schutzprogramme finden bei Scan nichts Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
19.10.2010, 15:51
| #5 |
| | RUBotted meldet Befall - Schutzprogramme finden bei Scan nichts again: danke. hab gescannt. kann ich die persönlich benannten dateien aus "eigene dateien" rausnehmen aus der logfile? sind ziemlich viele, umbenennen wäre sehr aufwändig. |
|
19.10.2010, 17:52
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | RUBotted meldet Befall - Schutzprogramme finden bei Scan nichts Ja kannste rausnehmen. Welche Namen Deine Bildchen, Filmchen und Dokumente tragen interessiert mich nicht 
__________________ --> RUBotted meldet Befall - Schutzprogramme finden bei Scan nichts |
|
19.10.2010, 19:57
| #7 |
| | RUBotted meldet Befall - Schutzprogramme finden bei Scan nichts so, hier kommt alles. nochmals danke für deine zeit und mühe! (erstaunlich, was auf meinem system so alles drauf ist. wenn du es überfliegst, weißt du, was ich meine...)OTL Logfile: Code:
ATTFilter OTL logfile created on: 19.10.2010 18:59:27 - Run 2 OTL by OldTimer - Version 3.2.15.2 Folder = C:\Dokumente und Einstellungen\xx\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 74,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 55,64 Gb Total Space | 5,76 Gb Free Space | 10,35% Space Free | Partition Type: NTFS Computer Name: LENOVO-83F55030 | User Name: Roadkicker | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software) PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Hotspot Shield\bin\openvpnas.exe () PRC - C:\Programme\Hotspot Shield\bin\openvpntray.exe () PRC - C:\Programme\DeskNotes 2.2.1\DeskNotes.exe (MB) PRC - C:\Programme\Hotspot Shield\bin\hsswd.exe () PRC - C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.) PRC - c:\Programme\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) PRC - c:\Programme\Microsoft Security Essentials\MpCmdRun.exe (Microsoft Corporation) PRC - C:\Dokumente und Einstellungen\Roadkicker\Anwendungsdaten\Dropbox\bin\Dropbox.exe () PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) PRC - C:\Prey\cron.exe () PRC - C:\Programme\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com) PRC - C:\Programme\Iconix eMailID\OutlookClient\IconixOutlookUpdaterService.exe (Iconix Inc.) PRC - C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - C:\Programme\Everything\Everything.exe () PRC - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Renaissance Wireless Server\Renaissance Wireless Server.exe () PRC - C:\Programme\Pure Digital Technologies\FlipShare\FlipShareService.exe () PRC - C:\Programme\Trend Micro\RUBotted\TMRUBottedTray.exe (Trend Micro Inc.) PRC - C:\Programme\Trend Micro\RUBotted\TMRUBotted.exe (Trend Micro Inc.) PRC - C:\Programme\Chromatic Dragon\Toodledo Sync Application\SyncApp.exe (Chromatic Dragon) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo ) PRC - C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo ) PRC - C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo ) PRC - C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited) PRC - C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) PRC - C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited) PRC - c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe () PRC - C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited) PRC - C:\WINDOWS\system32\TpShocks.exe (Lenovo.) PRC - C:\Programme\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) PRC - C:\WINDOWS\system32\ibmpmsvc.exe (Lenovo) PRC - C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.) PRC - C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) PRC - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) PRC - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) PRC - C:\WINDOWS\system32\TPHDEXLG.exe (Lenovo.) PRC - C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe () PRC - C:\Programme\RocketDock\RocketDock.exe () PRC - C:\Programme\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.) PRC - C:\Programme\ThinkVantage\AMSG\Amsg.exe (LENOVO) PRC - C:\Programme\DeskTask\DeskTask.exe (Carthago Software) PRC - C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) PRC - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (Rocket Division Software) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\xx\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) MOD - C:\Programme\RocketDock\RocketDock.dll () ========== Win32 Services (SafeList) ========== SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found SRV - (avast! Web Scanner) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV - (avast! Mail Scanner) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV - (avast! Antivirus) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV - (nosGetPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.) SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (HotspotShieldService) -- C:\Programme\Hotspot Shield\bin\openvpnas.exe () SRV - (HssTrayService) -- C:\Programme\Hotspot Shield\bin\HssTrayService.exe () SRV - (HssWd) -- C:\Programme\Hotspot Shield\bin\hsswd.exe () SRV - (HssSrv) -- C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.) SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (getPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) SRV - (SandraAgentSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP4\RpcAgentSrv.exe (SiSoftware) SRV - (IconixOutlookUpdaterService) -- C:\Programme\Iconix eMailID\OutlookClient\IconixOutlookUpdaterService.exe (Iconix Inc.) SRV - (Fabs) -- C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (FlipShare Service) -- C:\Programme\Pure Digital Technologies\FlipShare\FlipShareService.exe () SRV - (Macromedia Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe () SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (RUBotted) -- C:\Programme\Trend Micro\RUBotted\TMRUBotted.exe (Trend Micro Inc.) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (AcPrfMgrSvc) -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo ) SRV - (AcSvc) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo ) SRV - (TVT Scheduler) -- c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited) SRV - (TVT Backup Service) -- C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited) SRV - (TVT Backup Protection Service) -- C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe () SRV - (TVT_UpdateMonitor) -- C:\Programme\Lenovo\Rescue and Recovery\UpdateMonitor.exe (Lenovo Group Limited) SRV - (ThinkVantage Registry Monitor Service) -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited) SRV - (IBMPMSVC) -- C:\WINDOWS\system32\ibmpmsvc.exe (Lenovo) SRV - (btwdins) -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.) SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) SRV - (S24EventMonitor) Intel(R) -- C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) SRV - (RegSrvc) Intel(R) -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) SRV - (TPHDEXLGSVC) -- C:\WINDOWS\system32\TPHDEXLG.exe (Lenovo.) SRV - (AdobeActiveFileMonitor6.0) -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe () SRV - (SUService) -- c:\Programme\Lenovo\System Update\SUService.exe (Lenovo Group Limited) SRV - (IviRegMgr) -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (WMConnectCDS) -- C:\Programme\Windows Media Connect 2\wmccds.exe (Microsoft Corporation) SRV - (StarWindService) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (Rocket Division Software) ========== Driver Services (SafeList) ========== DRV - (NSNDIS5) -- C:\WINDOWS\System32\NSNDIS5.SYS File not found DRV - (massfilter) -- C:\WINDOWS\System32\drivers\massfilter.sys File not found DRV - (tbhsd) -- C:\WINDOWS\system32\drivers\tbhsd.sys (RapidSolution Software AG) DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software) DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software) DRV - (HssDrv) -- C:\WINDOWS\system32\drivers\hssdrv.sys (AnchorFree Inc.) DRV - (taphss) -- C:\WINDOWS\system32\drivers\taphss.sys (AnchorFree Inc) DRV - (sp_rsdrv2) -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys () DRV - (SANDRA) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP4\WNt500x86\sandra.sys (SiSoftware) DRV - (AsUsbDrvXp) -- C:\WINDOWS\system32\drivers\AsUsbDrvXP.sys () DRV - (acedrv11) -- C:\WINDOWS\system32\drivers\acedrv11.sys (Protect Software GmbH) DRV - (timounter) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis) DRV - (snapman) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis) DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis) DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys () DRV - (tvtfilter) -- C:\WINDOWS\system32\drivers\tvtfilter.sys (Lenovo) DRV - (pmem) -- C:\WINDOWS\system32\drivers\pmemnt.sys (Microsoft Corporation) DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation) DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (TMPassthruMP) -- C:\WINDOWS\system32\drivers\TMPassthru.sys (Trend Micro Inc.) DRV - (TMPassthru) -- C:\WINDOWS\system32\drivers\TMPassthru.sys (Trend Micro Inc.) DRV - (tapvpn) -- C:\WINDOWS\system32\drivers\tapvpn.sys (The OpenVPN Project) DRV - (IBMTPCHK) -- C:\WINDOWS\system32\drivers\IBMBLDID.sys () DRV - (ANC) -- C:\WINDOWS\system32\drivers\ANC.sys (IBM Corp.) DRV - (TPPWRIF) -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS () DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.) DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.) DRV - (ADIHdAudAddService) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.) DRV - (5U875UVC) -- C:\WINDOWS\system32\drivers\5U875x86.sys (Ricoh co.,Ltd.) DRV - (tvtumon) -- C:\WINDOWS\system32\drivers\tvtumon.sys (Lenovo) DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (TPHKDRV) -- C:\WINDOWS\system32\drivers\TPHKDRV.sys (Lenovo Group Limited) DRV - (IBMPMDRV) -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys (Lenovo.) DRV - (NETw4x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw4x32.sys (Intel Corporation) DRV - (Shockprf) -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys (Lenovo.) DRV - (TPDIGIMN) -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys (Lenovo.) DRV - (e1express) Intel(R) -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation) DRV - (iaStor) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation) DRV - (smihlp) SMI Helper Driver (smihlp) -- C:\Programme\Gemeinsame Dateien\ThinkVantage Fingerprint Software\Drivers\smihlp.sys (UPEK Inc.) DRV - (TcUsb) -- C:\WINDOWS\system32\drivers\tcusb.sys (UPEK Inc.) DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation) DRV - (TVTI2C) -- C:\WINDOWS\system32\drivers\tvti2c.sys (Lenovo (United States) Inc.) DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.) DRV - (SWNC8U01) Sierra Wireless MUX NDIS Driver (UMTS01) -- C:\WINDOWS\system32\drivers\SWNC8U01.sys (Sierra Wireless Inc.) DRV - (SWUMX01) Sierra Wireless USB MUX Driver (UMTS01) -- C:\WINDOWS\system32\drivers\swumx01.sys (Sierra Wireless Inc.) DRV - (SynasUSB) -- C:\WINDOWS\system32\drivers\synasUSB.sys (SIA Syncrosoft) DRV - (atmeltpm) -- C:\WINDOWS\system32\drivers\atmeltpm.sys (Atmel, Inc.) DRV - (BrScnUsb) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys (Brother Industries Ltd.) DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation) DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (Iviaspi) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.) DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (G400) -- C:\WINDOWS\system32\drivers\G400m.sys (Matrox Graphics Inc.) DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (ac97intc) Intel(r) 82801 Audiotreiber-Installationsdienst (WDM) -- C:\WINDOWS\system32\drivers\ac97intc.sys (Intel Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.live.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = about:blank ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/home.php?" FF - prefs.js..extensions.enabledItems: support@pdfcreator-toolbar.org:1.0 FF - prefs.js..extensions.enabledItems: {E0B8C461-F8FB-49b4-8373-FE32E9252800}:4.0.0.87683 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.2 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.10.19 12:14:04 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.19 12:14:03 | 000,000,000 | ---D | M] [2010.03.09 13:23:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Extensions [2009.02.19 20:56:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roadkicker\Anwendungsdaten\Mozilla\Extensions\uploadr@flickr.com [2010.03.02 18:32:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roadkicker\Anwendungsdaten\Mozilla\Firefox\Profiles\gtbfe7gi.default\extensions [2009.11.19 20:18:04 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Roadkicker\Anwendungsdaten\Mozilla\Firefox\Profiles\gtbfe7gi.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d} [2009.10.15 19:58:11 | 000,000,000 | ---D | M] (PDF Download) -- C:\Dokumente und Einstellungen\Roadkicker\Anwendungsdaten\Mozilla\Firefox\Profiles\gtbfe7gi.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250} [2010.02.15 10:13:07 | 000,000,000 | ---D | M] (oldbar) -- C:\Dokumente und Einstellungen\Roadkicker\Anwendungsdaten\Mozilla\Firefox\Profiles\gtbfe7gi.default\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb} [2010.02.04 09:16:06 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Dokumente und Einstellungen\Roadkicker\Anwendungsdaten\Mozilla\Firefox\Profiles\gtbfe7gi.default\extensions\{64161300-e22b-11db-8314-0800200c9a66} [2008.11.21 10:40:42 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Roadkicker\Anwendungsdaten\Mozilla\Firefox\Profiles\gtbfe7gi.default\extensions\{6c872ba3-f6b2-4012-8156-88e07efe06fa} [2009.12.11 09:05:00 | 000,000,000 | ---D | M] (Fire.fm) -- C:\Dokumente und Einstellungen\Roadkicker\Anwendungsdaten\Mozilla\Firefox\Profiles\gtbfe7gi.default\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3} [2010.01.27 12:56:35 | 000,000,000 | ---D | M] (Softonic Deutsch Toolbar) -- C:\Dokumente und Einstellungen\Roadkicker\Anwendungsdaten\Mozilla\Firefox\Profiles\gtbfe7gi.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} [2009.11.09 18:44:18 | 000,000,000 | ---D | M] (WOT) -- C:\Dokumente und Einstellungen\Roadkicker\Anwendungsdaten\Mozilla\Firefox\Profiles\gtbfe7gi.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2010.01.27 12:56:34 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Roadkicker\Anwendungsdaten\Mozilla\Firefox\Profiles\gtbfe7gi.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.02.11 14:56:04 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Dokumente und Einstellungen\Roadkicker\Anwendungsdaten\Mozilla\Firefox\Profiles\gtbfe7gi.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2009.09.21 14:50:06 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Dokumente und Einstellungen\Roadkicker\Anwendungsdaten\Mozilla\Firefox\Profiles\gtbfe7gi.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2009.07.31 10:29:19 | 000,000,000 | ---D | M] (Wired-Marker) -- C:\Dokumente und Einstellungen\Roadkicker\Anwendungsdaten\Mozilla\Firefox\Profiles\gtbfe7gi.default\extensions\{e36db930-f18d-4449-b45f-e286cfb9e03a} [2009.02.17 21:56:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roadkicker\Anwendungsdaten\Mozilla\Firefox\Profiles\gtbfe7gi.default\extensions\bookmarkpreviews@mozdev.org [2009.10.03 20:44:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roadkicker\Anwendungsdaten\Mozilla\Firefox\Profiles\gtbfe7gi.default\extensions\FindInTabs@mishac.com [2010.02.16 17:55:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roadkicker\Anwendungsdaten\Mozilla\Firefox\Profiles\gtbfe7gi.default\extensions\firefox@ghostery.com [2010.01.30 14:57:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roadkicker\Anwendungsdaten\Mozilla\Firefox\Profiles\gtbfe7gi.default\extensions\foxmarks@kei.com [2010.01.27 12:56:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roadkicker\Anwendungsdaten\Mozilla\Firefox\Profiles\gtbfe7gi.default\extensions\lazarus@interclue.com [2010.01.27 12:56:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roadkicker\Anwendungsdaten\Mozilla\Firefox\Profiles\gtbfe7gi.default\extensions\piclens@cooliris.com [2009.03.19 20:00:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roadkicker\Anwendungsdaten\Mozilla\Firefox\Profiles\gtbfe7gi.default\extensions\statusbar@toodledo.com [2009.06.04 16:48:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roadkicker\Anwendungsdaten\Mozilla\Firefox\Profiles\gtbfe7gi.default\extensions\support@wolfram.com [2010.02.19 17:11:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roadkicker\Anwendungsdaten\Mozilla\Firefox\Profiles\gtbfe7gi.default\extensions\tabscope@xuldev.org [2010.10.19 09:55:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roadkicker\Anwendungsdaten\Mozilla\Firefox\Profiles\hminwzw0.default\extensions [2010.06.24 14:14:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Roadkicker\Anwendungsdaten\Mozilla\Firefox\Profiles\hminwzw0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.06.24 14:14:42 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Dokumente und Einstellungen\Roadkicker\Anwendungsdaten\Mozilla\Firefox\Profiles\hminwzw0.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2010.10.06 08:35:25 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Dokumente und Einstellungen\Roadkicker\Anwendungsdaten\Mozilla\Firefox\Profiles\hminwzw0.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010.04.10 15:52:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roadkicker\Anwendungsdaten\Mozilla\Firefox\Profiles\hminwzw0.default\extensions\firefox@tvunetworks.com [2010.10.01 17:17:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Roadkicker\Anwendungsdaten\Mozilla\Firefox\Profiles\hminwzw0.default\extensions\foxmarks@kei.com [2010.03.17 11:36:59 | 000,002,593 | ---- | M] () -- C:\Dokumente und Einstellungen\Roadkicker\Anwendungsdaten\Mozilla\Firefox\Profiles\hminwzw0.default\searchplugins\amazon-germany-search-suggestions.xml [2010.03.09 17:59:53 | 000,001,820 | ---- | M] () -- C:\Dokumente und Einstellungen\Roadkicker\Anwendungsdaten\Mozilla\Firefox\Profiles\hminwzw0.default\searchplugins\bing.xml [2010.10.19 09:55:52 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.07.10 13:50:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.02 14:44:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2009.08.03 15:07:42 | 000,373,104 | ---- | M] (Microsoft Corporation) -- C:\Programme\Mozilla Firefox\plugins\npOGAPlugin.dll [2010.07.20 17:21:40 | 000,106,192 | ---- | M] ( ) -- C:\Programme\Mozilla Firefox\plugins\npstrlnk.dll [2010.01.14 00:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll [2007.03.10 01:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Programme\Mozilla Firefox\plugins\npyaxmpb.dll [2010.09.18 18:13:18 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.09.18 18:13:18 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.09.18 18:13:18 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.09.18 18:13:18 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.09.18 18:13:18 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.08.21 22:06:34 | 000,284,301 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.123haustiereundmehr.com O1 - Hosts: 127.0.0.1 123haustiereundmehr.com O1 - Hosts: 127.0.0.1 123simsen.com O1 - Hosts: 127.0.0.1 www.123simsen.com O1 - Hosts: 127.0.0.1 www.123topsearch.com O1 - Hosts: 127.0.0.1 123topsearch.com O1 - Hosts: 127.0.0.1 125sms.co.uk O1 - Hosts: 9821 more lines... O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll () O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Programme\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.) O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll () O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O4 - HKLM..\Run: [AMSG] C:\Programme\ThinkVantage\AMSG\Amsg.exe (LENOVO) O4 - HKLM..\Run: [avast5] C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software) O4 - HKLM..\Run: [BLOG] C:\Programme\ThinkPad\Utilities\BATLOGEX.DLL () O4 - HKLM..\Run: [Everything] C:\Programme\Everything\Everything.exe () O4 - HKLM..\Run: [EZEJMNAP] C:\Programme\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.) O4 - HKLM..\Run: [MSSE] c:\Programme\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [Prey Laptop Tracker] c:\Prey\cron.exe () O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited) O4 - HKLM..\Run: [SoundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [TMRUBottedTray] C:\Programme\Trend Micro\RUBotted\TMRUBottedTray.exe (Trend Micro Inc.) O4 - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo.) O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited) O4 - HKCU..\Run: [RocketDock] C:\Programme\RocketDock\RocketDock.exe () O4 - HKCU..\Run: [SpywareTerminatorUpdate] C:\Programme\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk = C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Renaissance Wireless Server.lnk = C:\WINDOWS\Installer\{CF14C10E-2380-47F4-99CB-BEB1A86A9494}\_C167998F9359606FC11225.exe () O4 - Startup: C:\Dokumente und Einstellungen\Roadkicker\Startmenü\Programme\Autostart\DeskNotes.lnk = C:\Dokumente und Einstellungen\Roadkicker\Anwendungsdaten\Microsoft\Installer\{2A4A057A-4460-4B53-A718-5D83507DFFFD}\_B454330C7AFE569ABD2195.exe () O4 - Startup: C:\Dokumente und Einstellungen\Roadkicker\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\Roadkicker\Anwendungsdaten\Dropbox\bin\Dropbox.exe () O4 - Startup: C:\Dokumente und Einstellungen\Roadkicker\Startmenü\Programme\Autostart\Stardock ObjectDock.lnk = C:\Programme\Stardock\ObjectDock\ObjectDock.exe File not found O4 - Startup: C:\Dokumente und Einstellungen\Roadkicker\Startmenü\Programme\Autostart\Toodledo Sync Tool.lnk = C:\Dokumente und Einstellungen\Roadkicker\Anwendungsdaten\Microsoft\Installer\{76D3276F-1A6C-43F6-AEE6-AF37340F3726}\_504B32A365C21EE8D4BC8C.exe () O4 - Startup: C:\Dokumente und Einstellungen\Roadkicker\Startmenü\Programme\Autostart\Verknüpfung mit DeskTask.lnk = C:\Programme\DeskTask\DeskTask.exe (Carthago Software) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &Windows Live Search - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O8 - Extra context menu item: Add to Evernote - C:\Programme\Evernote\Evernote3\enbar.dll (Evernote Corporation) O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Programme\Evernote\Evernote3\enbar.dll (Evernote Corporation) O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Programme\Evernote\Evernote3\enbar.dll (Evernote Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: internet ([]about in Internet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_14-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\WINDOWS\System32\vrlogon.dll (UPEK Inc.) O20 - Winlogon\Notify\ACNotify: DllName - ACNotify.dll - C:\Programme\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo ) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\psfus: DllName - C:\WINDOWS\system32\psqlpwd.dll - C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.) O20 - Winlogon\Notify\tpfnf2: DllName - C:\Programme\Lenovo\HOTKEY\notifyf2.dll - C:\Programme\Lenovo\HOTKEY\notifyf2.dll () O20 - Winlogon\Notify\tphotkey: DllName - C:\Programme\Lenovo\HOTKEY\tphklock.dll - C:\Programme\Lenovo\HOTKEY\tphklock.dll (Lenovo Group Limited) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Roadkicker\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Roadkicker\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.01.27 04:18:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{168561a3-e005-11dd-8045-00a0d5ffff85}\Shell\AutoRun\command - "" = D:\Setup_FlipShare.exe -- File not found O33 - MountPoints2\{168561a3-e005-11dd-8045-00a0d5ffff85}\Shell\Setup FlipShare\command - "" = D:\Setup_FlipShare.exe -- File not found O33 - MountPoints2\{67b43176-b18c-11de-81c6-00a0d5ffff85}\Shell\AutoRun\command - "" = I:\Toshiba\more4you.exe -- File not found O33 - MountPoints2\{8d579f8a-e558-11de-8261-00215c523b23}\Shell\AutoRun\command - "" = D:\Get_Started_for_Win.exe -- File not found O33 - MountPoints2\I\Shell - "" = AutoRun O33 - MountPoints2\I\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk /r \??\C:) - File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 360 Days ========== [2010.10.19 16:37:22 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Roadkicker\Desktop\OTL.exe [2010.10.19 12:17:00 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2010.10.19 12:16:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010.10.19 12:10:04 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour [2010.10.19 12:10:00 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.10.15 07:59:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Roadkicker\Calibre Bibliothek [2010.10.15 07:59:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Roadkicker\Anwendungsdaten\calibre [2010.10.15 07:57:43 | 000,000,000 | ---D | C] -- C:\Programme\Calibre2 [2010.10.15 07:34:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Roadkicker\Anwendungsdaten\app.jbbres.com [2010.10.14 21:59:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Roadkicker\Anwendungsdaten\Mobipocket Reader [2010.10.14 21:58:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Roadkicker\Eigene Dateien\My Publications [2010.10.14 21:53:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Roadkicker\Eigene Dateien\eBooks [2010.10.14 21:51:35 | 000,000,000 | ---D | C] -- C:\Programme\Mobipocket.com [2010.10.14 21:51:35 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Mobipocket Shared [2010.10.14 06:08:32 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll [2010.10.14 06:08:31 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll [2010.10.14 06:08:31 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll [2010.10.14 06:08:23 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll [2010.10.09 17:26:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\McAfee [2010.10.08 09:38:16 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Roadkicker\Recent [2010.10.06 18:17:50 | 003,430,224 | ---- | C] (Piriform Ltd) -- C:\Programme\ccsetup236.exe [2010.10.06 08:36:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\McAfee Security Scan [2010.10.06 08:36:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\McAfee [2010.10.06 08:35:59 | 000,000,000 | ---D | C] -- C:\Programme\McAfee Security Scan [2010.09.22 19:48:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Roadkicker\Anwendungsdaten\PriceGong [2010.09.18 12:22:58 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42u.dll [2010.09.17 13:33:14 | 006,934,200 | ---- | C] (WindSolutions) -- C:\Dokumente und Einstellungen\Roadkicker\Desktop\CopyTransManager.exe [2010.09.16 22:08:49 | 000,000,000 | ---D | C] -- C:\Programme\CopyTransManagerDEv0.920 [2010.09.16 21:08:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Roadkicker\Anwendungsdaten\WindSolutions [2010.09.16 21:07:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WindSolutions [2010.09.14 13:25:29 | 000,000,000 | ---D | C] -- C:\Programme\PixiePack Codec Pack [2010.09.14 13:24:04 | 000,000,000 | ---D | C] -- C:\Programme\RapidSolution [2010.09.14 13:24:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RapidSolution [2010.09.14 13:21:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Roadkicker\Lokale Einstellungen\Anwendungsdaten\RapidSolution [2010.09.14 13:19:56 | 043,917,376 | ---- | C] (RapidSolution Software AG) -- C:\Programme\tunebite72.exe [2010.09.14 10:07:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Roadkicker\Anwendungsdaten\Roxio [2010.09.14 09:59:24 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Roxio Shared [2010.09.14 09:59:22 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Napster Shared [2010.09.14 09:58:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Napster [2010.09.14 09:58:00 | 000,000,000 | ---D | C] -- C:\Programme\Napster [2010.09.14 09:56:47 | 013,431,752 | ---- | C] (Macrovision Corporation) -- C:\Programme\NapsterSetup-DE-NCOM-4.6.4.0.exe [2010.09.13 19:05:47 | 003,427,248 | ---- | C] (Piriform Ltd) -- C:\Programme\ccsetup235.exe [2010.09.13 19:05:01 | 000,379,392 | ---- | C] (The Web Atom) -- C:\Programme\CCEnhancer.exe [2010.09.08 11:42:36 | 000,037,920 | ---- | C] (RapidSolution Software AG) -- C:\WINDOWS\System32\drivers\tbhsd.sys [2010.09.08 11:17:46 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx [2010.09.08 11:17:46 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts [2010.08.27 07:57:36 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srvsvc.dll [2010.08.20 20:32:22 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Programme\HijackThis.exe [2010.08.18 09:42:22 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Programme\mbam-setup.exe [2010.08.17 15:17:06 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spoolsv.exe [2010.08.12 02:06:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Roadkicker\Anwendungsdaten\MB [2010.08.12 02:06:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Roadkicker\Lokale Einstellungen\Anwendungsdaten\MB [2010.08.12 02:06:07 | 000,000,000 | ---D | C] -- C:\Programme\DeskNotes 2.2.1 [2010.08.10 12:42:10 | 000,389,488 | ---- | C] (Microsoft Corporation) -- C:\Programme\OGAPluginInstall.exe [2010.08.09 19:25:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW [2010.08.09 19:25:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK [2010.08.09 19:25:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR [2010.08.09 19:25:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE [2010.08.09 19:25:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR [2010.08.09 19:25:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL [2010.08.09 19:25:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO [2010.08.09 19:25:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR [2010.08.09 19:25:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT [2010.08.09 19:25:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL [2010.08.09 19:25:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR [2010.08.09 19:25:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI [2010.08.09 19:25:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES [2010.08.09 19:25:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR [2010.08.09 19:25:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK [2010.08.09 19:25:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA [2010.08.06 23:26:53 | 003,420,304 | ---- | C] (Piriform Ltd) -- C:\Programme\ccsetup234.exe [2010.08.02 14:44:56 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010.08.02 14:44:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010.08.02 14:44:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010.07.29 12:39:12 | 001,913,160 | ---- | C] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Roadkicker\Eigene Dateien\HousecallLauncher.exe [2010.07.27 18:44:10 | 000,197,920 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dnssdX.dll [2010.07.27 18:44:10 | 000,107,808 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dns-sd.exe [2010.07.27 18:44:10 | 000,091,424 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dnssd.dll [2010.07.20 18:07:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Roadkicker\Eigene Dateien\My Liquid Story Binder XE [2010.07.20 18:07:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Roadkicker\Lokale Einstellungen\Anwendungsdaten\Liquid Story Binder XE [2010.07.20 18:06:38 | 000,000,000 | ---D | C] -- C:\Programme\Black Obelisk Software [2010.07.20 18:05:08 | 005,883,236 | ---- | C] (Black Obelisk Software ) -- C:\Dokumente und Einstellungen\Roadkicker\Eigene Dateien\LSBXEinstall.exe [2010.07.20 15:26:22 | 000,000,000 | ---D | C] -- C:\Programme\ResophNotes [2010.07.18 21:18:56 | 000,000,000 | ---D | C] -- C:\Programme\ipernity [2010.07.16 14:05:01 | 001,288,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ole32.dll [2010.07.10 13:50:30 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2010.07.10 13:11:20 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr [2010.06.23 07:46:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\PCHealth [2010.06.21 15:20:48 | 003,387,040 | ---- | C] (Piriform Ltd) -- C:\Programme\ccsetup232.exe [2010.06.18 19:44:50 | 000,293,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsrv.dll [2010.06.16 10:16:42 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll [2010.06.16 10:16:42 | 000,017,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui [2010.06.15 14:09:31 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe [2010.06.15 14:07:09 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Security Essentials [2010.06.15 14:05:27 | 011,910,800 | ---- | C] (Microsoft Corporation) -- C:\Programme\mssefullinstall-x86fre-de-de-xp.exe [2010.06.15 13:41:44 | 001,870,800 | ---- | C] (Trend Micro Inc.) -- C:\Programme\HousecallLauncher.exe [2010.06.09 09:51:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Roadkicker\Eigene Dateien\My FeedStation Podcasts [2010.06.07 16:43:09 | 002,568,656 | ---- | C] (Adobe Systems, Inc.) -- C:\Programme\flashplayer10_1_rc7_plugin_060210.exe [2010.06.01 12:28:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Roadkicker\Anwendungsdaten\SunODFPluginforMicrosoftOffice [2010.06.01 12:27:09 | 000,000,000 | ---D | C] -- C:\Programme\Sun [2010.05.25 17:39:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Roadkicker\Desktop\Diverse [2010.04.24 07:17:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Roadkicker\Lokale Einstellungen\Anwendungsdaten\MediaMonkey [2010.04.24 07:17:45 | 000,000,000 | ---D | C] -- C:\Programme\MediaMonkey [2010.04.24 06:53:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Roadkicker\Anwendungsdaten\SanDisk [2010.04.20 07:29:56 | 000,285,824 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll [2010.04.19 10:50:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Roadkicker\Eigene Dateien\bspro3 [2010.04.19 10:50:44 | 000,000,000 | ---D | C] -- C:\Programme\BIldschutz Pro 3 [2010.04.17 16:53:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Roadkicker\Lokale Einstellungen\Anwendungsdaten\Opera [2010.04.17 16:53:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Roadkicker\Anwendungsdaten\Opera [2010.04.17 16:53:36 | 000,000,000 | ---D | C] -- C:\Programme\Opera [2010.04.17 15:39:59 | 000,000,000 | ---D | C] -- C:\Programme\Veetle [2010.04.16 17:36:58 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usp10.dll [2010.04.10 15:52:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TVU Networks [2010.04.10 15:52:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Roadkicker\LocalLow [2010.04.10 15:52:14 | 000,000,000 | ---D | C] -- C:\Programme\TVUPlayer [2010.04.05 13:31:16 | 000,241,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mp4sds32.ax [2010.04.05 11:54:04 | 000,384,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mp4sdmod.dll [2010.04.01 20:50:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Roadkicker\Anwendungsdaten\AlphaSmart [2010.04.01 20:47:19 | 000,000,000 | ---D | C] -- C:\Programme\Renaissance Learning [2010.04.01 20:47:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Renaissance Wireless Server [2010.03.31 00:16:34 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PresentationHostProxy.dll [2010.03.31 00:10:40 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PresentationHost.exe [2010.03.30 00:52:26 | 000,262,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpg4ds32.ax [2010.03.25 16:21:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles [2010.03.14 18:38:42 | 000,000,000 | ---D | C] -- C:\Programme\Burrrn [2010.03.14 18:19:46 | 000,000,000 | ---D | C] -- C:\Programme\Winamp Detect [2010.03.12 12:35:38 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe [2010.03.11 07:57:36 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe [2010.03.09 13:16:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Roadkicker\Anwendungsdaten\Windows Desktop Search [2010.03.09 09:01:03 | 000,000,000 | ---D | C] -- C:\Programme\AnyBizSoft PDF to Word [2010.03.09 09:00:35 | 000,000,000 | ---D | C] -- C:\Programme\AnyBizSoft [2010.03.09 08:14:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Google [2010.03.09 00:29:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Roadkicker\Anwendungsdaten\Google [2010.03.09 00:27:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Roadkicker\Lokale Einstellungen\Anwendungsdaten\Temp [2010.03.09 00:27:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Google [2010.03.05 16:37:40 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asycfilt.dll [2010.02.28 05:57:58 | 000,014,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys [2010.02.28 05:55:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Renaissance Learning [2010.02.28 05:54:55 | 000,000,000 | ---D | C] -- C:\Programme\AlphaSmart [2010.02.21 00:07:47 | 000,000,000 | ---D | C] -- C:\Programme\uTorrent [2010.02.21 00:07:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Roadkicker\Anwendungsdaten\uTorrent [2010.02.19 17:18:18 | 000,000,000 | ---D | C] -- C:\Prey [2010.02.19 17:02:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Roadkicker\Anwendungsdaten\Malwarebytes [2010.02.19 17:02:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.02.19 17:02:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.02.19 17:02:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.02.19 17:02:39 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.02.15 02:09:16 | 000,000,000 | ---D | C] -- C:\Programme\XMind [2010.02.15 02:03:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun [2010.02.15 02:03:35 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010.02.15 01:57:50 | 001,712,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\GdiPlus.dll [2010.02.15 01:57:31 | 000,000,000 | ---D | C] -- C:\Programme\XMIND 2008 [2010.02.14 11:38:25 | 000,000,000 | ---D | C] -- C:\Hotspot Shield [2010.02.14 11:13:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Roadkicker\Anwendungsdaten\IMBT [2010.02.14 11:13:30 | 000,000,000 | ---D | C] -- C:\Programme\IMBT [2010.02.14 10:41:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Roadkicker\Lokale Einstellungen\Anwendungsdaten\myPod_Apps [2010.02.13 14:50:27 | 000,000,000 | ---D | C] -- C:\Programme\iPhone Explorer [2010.02.13 13:37:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alwil Software [2010.02.12 06:33:08 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\6to4svc.dll [2010.02.10 21:05:46 | 000,032,768 | ---- | C] (AnchorFree Inc) -- C:\WINDOWS\System32\drivers\taphss.sys [2010.02.09 13:03:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Roadkicker\Lokale Einstellungen\Anwendungsdaten\Ilium_Software,_Inc [2010.02.03 15:59:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Roadkicker\Anwendungsdaten\WinRAR [2010.02.03 15:59:02 | 000,000,000 | ---D | C] -- C:\Programme\WinRAR [2010.02.01 14:55:25 | 000,010,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys [2010.01.13 16:00:09 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cabview.dll [2010.01.13 13:39:12 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll [2009.12.24 08:59:41 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wintrust.dll [2009.12.17 09:40:01 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspaint.exe [2009.12.14 09:08:20 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csrsrv.dll [2009.12.08 11:23:28 | 000,474,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shlwapi.dll [2009.11.27 19:11:57 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msyuv.dll [2009.11.27 18:08:01 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iyuv_32.dll [2009.11.27 18:08:01 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msvidc32.dll [2009.11.27 18:08:01 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrle32.dll [2009.11.21 11:00:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Application Data [2009.11.10 04:03:51 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Roadkicker\Desktop\TV [2009.11.10 03:58:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Roadkicker\Anwendungsdaten\foobar2000 [2009.11.10 03:58:40 | 000,000,000 | ---D | C] -- C:\Programme\foobar2000 [2009.11.07 01:07:08 | 000,049,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\netfxperf.dll [2009.10.30 19:07:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Roadkicker\Eigene Dateien\Eigene Töne [2009.10.29 22:25:16 | 000,000,000 | ---D | C] -- C:\Programme\MAGIX_Fotos_auf_CD_DVD_9_dlx_Download-Version [2009.10.29 22:22:29 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\MAGIX Services [2009.10.29 10:02:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Roadkicker\Lokale Einstellungen\Anwendungsdaten\Xara [2009.10.28 19:00:42 | 000,000,000 | ---D | C] -- C:\Programme\AirsliderBeta [2009.10.09 10:10:26 | 000,157,696 | ---- | C] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Programme\JavaRa.exe [2009.06.22 13:27:50 | 004,392,344 | ---- | C] (Ilium Software ) -- C:\Programme\eWallet-Win-Setup.exe [2009.06.07 19:01:28 | 009,915,072 | ---- | C] (Nullsoft, Inc.) -- C:\Programme\winamp5552_full_emusic-7plus_en-us.exe [2009.05.10 19:53:41 | 007,363,096 | ---- | C] (Mozilla) -- C:\Programme\Firefox Setup 3.0.10.exe [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 360 Days ========== [2010.10.19 18:44:00 | 000,001,096 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010.10.19 18:20:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Auf Updates für Windows Live Toolbar prüfen.job [2010.10.19 17:44:00 | 000,001,092 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010.10.19 17:30:54 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job [2010.10.19 16:37:46 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Roadkicker\Desktop\OTL.exe [2010.10.19 15:14:43 | 000,000,400 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2010.10.19 15:14:42 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.10.19 15:12:11 | 000,002,585 | ---- | M] () -- C:\Dokumente und Einstellungen\Roadkicker\Startmenü\Programme\Autostart\Toodledo Sync Tool.lnk [2010.10.19 15:11:53 | 000,002,389 | ---- | M] () -- C:\Dokumente und Einstellungen\Roadkicker\Startmenü\Programme\Autostart\DeskNotes.lnk [2010.10.19 15:11:33 | 000,002,761 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Renaissance Wireless Server.lnk [2010.10.19 15:09:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.10.19 15:09:14 | 2103,816,192 | -HS- | M] () -- C:\hiberfil.sys [2010.10.19 12:18:09 | 000,001,804 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2010.10.19 12:13:53 | 000,001,591 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk [2010.10.15 20:54:47 | 000,000,703 | ---- | M] () -- C:\Dokumente und Einstellungen\Roadkicker\Desktop\Verknüpfung mit firefox.exe.lnk [2010.10.15 07:57:03 | 031,166,976 | ---- | M] () -- C:\Programme\calibre-0.7.23.msi [2010.10.14 21:51:43 | 000,000,685 | ---- | M] () -- C:\Dokumente und Einstellungen\Roadkicker\Desktop\Mobipocket Creator.lnk [2010.10.14 21:50:44 | 010,606,592 | ---- | M] () -- C:\Programme\creator.msi [2010.10.14 14:25:36 | 000,363,320 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.10.14 06:49:51 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010.10.12 22:48:06 | 003,389,035 | ---- | M] () -- C:\Programme\eMule0.50a-Installer.exe [2010.10.09 17:26:10 | 000,001,575 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk [2010.10.08 03:04:47 | 000,487,578 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.10.08 03:04:47 | 000,444,450 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.10.08 03:04:47 | 000,095,564 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.10.08 03:04:47 | 000,072,326 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.10.07 17:27:50 | 000,008,372 | ---- | M] () -- C:\Dokumente und Einstellungen\Roadkicker\Eigene Dateien\DeskNotes.xml [2010.10.06 18:18:11 | 003,430,224 | ---- | M] (Piriform Ltd) -- C:\Programme\ccsetup236.exe [2010.10.06 08:34:33 | 000,499,731 | ---- | M] () -- C:\Programme\gp.xpi [2010.10.05 09:00:40 | 001,913,160 | ---- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Roadkicker\Eigene Dateien\HousecallLauncher.exe [2010.10.04 18:22:58 | 000,000,759 | ---- | M] () -- C:\Dokumente und Einstellungen\Roadkicker\Eigene Dateien\ticketkürzel.rtf [2010.10.04 14:42:12 | 000,001,894 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk [2010.10.04 12:02:10 | 000,002,367 | ---- | M] () -- C:\Dokumente und Einstellungen\Roadkicker\Desktop\SafeKeys.lnk [2010.10.01 19:00:16 | 000,232,448 | ---- | M] () -- C:\Dokumente und Einstellungen\Roadkicker\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.18 12:22:58 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc42u.dll [2010.09.18 12:22:58 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42u.dll [2010.09.18 08:52:56 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc42.dll [2010.09.18 08:52:56 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll [2010.09.18 08:52:56 | 000,954,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc40.dll [2010.09.18 08:52:56 | 000,954,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll [2010.09.18 08:52:56 | 000,953,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc40u.dll [2010.09.18 08:52:56 | 000,953,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll [2010.09.16 22:08:33 | 006,503,108 | ---- | M] () -- C:\Programme\CopyTransManagerDEv0.920.zip [2010.09.14 13:24:45 | 000,000,821 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Tunebite 7.lnk [2010.09.14 13:21:09 | 043,917,376 | ---- | M] (RapidSolution Software AG) -- C:\Programme\tunebite72.exe [2010.09.14 09:59:37 | 000,001,515 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Napster.lnk [2010.09.14 09:57:23 | 013,431,752 | ---- | M] (Macrovision Corporation) -- C:\Programme\NapsterSetup-DE-NCOM-4.6.4.0.exe [2010.09.13 19:06:04 | 003,427,248 | ---- | M] (Piriform Ltd) -- C:\Programme\ccsetup235.exe [2010.09.13 19:05:02 | 000,379,392 | ---- | M] (The Web Atom) -- C:\Programme\CCEnhancer.exe [2010.09.13 13:05:45 | 000,003,002 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2010.09.09 15:32:52 | 001,168,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll [2010.09.09 15:32:52 | 000,832,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll [2010.09.09 15:32:52 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll [2010.09.09 15:32:52 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll [2010.09.09 15:32:52 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\webcheck.dll [2010.09.09 15:32:52 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll [2010.09.09 15:32:52 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrating.dll [2010.09.09 15:32:52 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll [2010.09.09 15:32:52 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll [2010.09.09 15:32:52 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll [2010.09.09 15:32:52 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\pngfilt.dll [2010.09.09 15:32:52 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pngfilt.dll [2010.09.09 15:32:51 | 003,601,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll [2010.09.09 15:32:51 | 001,830,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl [2010.09.09 15:32:51 | 001,830,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl [2010.09.09 15:32:51 | 000,478,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll [2010.09.09 15:32:51 | 000,468,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll [2010.09.09 15:32:51 | 000,468,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll [2010.09.09 15:32:51 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll [2010.09.09 15:32:51 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll [2010.09.09 15:32:51 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll [2010.09.09 15:32:51 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll [2010.09.09 15:32:50 | 006,075,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll [2010.09.09 15:32:50 | 000,268,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll [2010.09.09 15:32:50 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll [2010.09.09 15:32:50 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll [2010.09.09 15:32:50 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iernonce.dll [2010.09.09 15:32:50 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iernonce.dll [2010.09.09 15:32:49 | 000,384,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll [2010.09.09 15:32:49 | 000,384,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll [2010.09.09 15:32:49 | 000,380,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieapfltr.dll [2010.09.09 15:32:49 | 000,380,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll [2010.09.09 15:32:49 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtmsft.dll [2010.09.09 15:32:49 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtmsft.dll [2010.09.09 15:32:49 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieaksie.dll [2010.09.09 15:32:49 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieaksie.dll [2010.09.09 15:32:49 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtrans.dll [2010.09.09 15:32:49 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtrans.dll [2010.09.09 15:32:49 | 000,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakeng.dll [2010.09.09 15:32:49 | 000,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakeng.dll [2010.09.09 15:32:49 | 000,133,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\extmgr.dll [2010.09.09 15:32:49 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll [2010.09.09 15:32:49 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll [2010.09.09 15:32:49 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll [2010.09.09 15:32:48 | 000,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advpack.dll [2010.09.09 15:32:48 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll [2010.09.09 15:32:48 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll [2010.09.08 17:57:57 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec [2010.09.08 17:57:10 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe [2010.09.08 17:57:10 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe [2010.09.08 17:57:10 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieudinit.exe [2010.09.08 17:57:10 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe [2010.09.08 11:42:36 | 000,037,920 | ---- | M] (RapidSolution Software AG) -- C:\WINDOWS\System32\drivers\tbhsd.sys [2010.09.08 11:17:46 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx [2010.09.08 11:17:46 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts [2010.09.07 17:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr [2010.09.07 17:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [2010.09.07 16:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2010.09.07 16:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2010.09.07 16:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2010.09.07 16:47:19 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2010.09.07 16:47:16 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2010.09.07 16:47:07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2010.09.07 16:46:51 | 000,028,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2010.09.07 11:14:48 | 006,934,200 | ---- | M] (WindSolutions) -- C:\Dokumente und Einstellungen\Roadkicker\Desktop\CopyTransManager.exe [2010.09.01 13:50:43 | 000,285,824 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll [2010.09.01 13:50:43 | 000,285,824 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll [2010.09.01 09:54:46 | 001,852,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys [2010.09.01 09:54:46 | 001,852,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys [2010.08.27 10:01:37 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\t2embed.dll [2010.08.27 10:01:37 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll [2010.08.27 07:57:36 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srvsvc.dll [2010.08.26 15:39:50 | 000,357,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys [2010.08.25 13:30:33 | 000,634,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iexplore.exe [2010.08.25 13:29:05 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakui.dll [2010.08.25 13:29:05 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakui.dll [2010.08.25 07:23:20 | 005,541,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmp.dll [2010.08.23 18:11:49 | 000,617,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll [2010.08.20 20:32:50 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Programme\HijackThis.exe [2010.08.20 20:13:09 | 001,870,800 | ---- | M] (Trend Micro Inc.) -- C:\Programme\HousecallLauncher.exe [2010.08.20 20:10:42 | 001,402,880 | ---- | M] () -- C:\Programme\HiJackThis.msi [2010.08.18 09:43:19 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Programme\mbam-setup.exe [2010.08.17 15:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spoolsv.exe [2010.08.16 10:44:05 | 000,590,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll [2010.08.12 02:06:32 | 000,003,738 | ---- | M] () -- C:\Dokumente und Einstellungen\Roadkicker\Eigene Dateien\DeskNotes_Archive.xml [2010.08.12 02:04:31 | 002,077,184 | ---- | M] () -- C:\Programme\DeskNotes_Setup_2.2.1_Final.msi [2010.08.11 13:02:13 | 000,005,075 | ---- | M] () -- C:\Programme\legitcheck.hta [2010.08.10 12:42:12 | 000,389,488 | ---- | M] (Microsoft Corporation) -- C:\Programme\OGAPluginInstall.exe [2010.08.06 23:27:01 | 003,420,304 | ---- | M] (Piriform Ltd) -- C:\Programme\ccsetup234.exe [2010.08.06 21:58:38 | 002,125,249 | ---- | M] () -- C:\Programme\burrrn_package.exe [2010.08.05 15:52:16 | 000,000,691 | ---- | M] () -- C:\Dokumente und Einstellungen\Roadkicker\Desktop\DNG Converter.exe.lnk [2010.08.05 15:32:12 | 051,241,544 | ---- | M] () -- C:\Programme\DNGConverter_6_1.exe [2010.07.27 18:44:10 | 000,197,920 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dnssdX.dll [2010.07.27 18:44:10 | 000,107,808 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dns-sd.exe [2010.07.27 18:44:10 | 000,091,424 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dnssd.dll [2010.07.27 08:29:42 | 008,503,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll [2010.07.20 18:07:03 | 000,000,918 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Liquid Story Binder XE.lnk [2010.07.20 18:05:53 | 005,883,236 | ---- | M] (Black Obelisk Software ) -- C:\Dokumente und Einstellungen\Roadkicker\Eigene Dateien\LSBXEinstall.exe [2010.07.20 15:26:24 | 000,000,723 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ResophNotes.lnk [2010.07.17 05:00:12 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010.07.17 05:00:12 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010.07.17 05:00:10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2010.07.17 02:42:29 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010.07.16 14:05:01 | 001,288,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ole32.dll [2010.07.05 22:36:58 | 001,040,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll.mui [2010.06.30 14:28:51 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\schannel.dll [2010.06.23 04:48:00 | 000,037,376 | ---- | M] (AnchorFree Inc.) -- C:\WINDOWS\System32\drivers\hssdrv.sys [2010.06.21 15:21:04 | 003,387,040 | ---- | M] (Piriform Ltd) -- C:\Programme\ccsetup232.exe [2010.06.18 19:44:50 | 000,293,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\winsrv.dll [2010.06.18 19:44:50 | 000,293,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsrv.dll [2010.06.18 15:36:12 | 003,558,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe [2010.06.17 16:03:00 | 000,080,384 | ---- | M] (Radius Inc.) -- C:\WINDOWS\System32\iccvid.dll [2010.06.17 13:31:08 | 000,000,621 | ---- | M] () -- C:\Dokumente und Einstellungen\Roadkicker\Desktop\RUFUMLEITUNGEN.rtf.lnk [2010.06.17 13:30:23 | 000,000,270 | ---- | M] () -- C:\Dokumente und Einstellungen\Roadkicker\Eigene Dateien\RUFUMLEITUNGEN.rtf [2010.06.15 18:16:28 | 000,143,422 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\l3codecx.ax [2010.06.15 14:06:28 | 011,910,800 | ---- | M] (Microsoft Corporation) -- C:\Programme\mssefullinstall-x86fre-de-de-xp.exe [2010.06.14 16:31:20 | 000,744,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe [2010.06.14 09:41:35 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll [2010.06.09 09:43:25 | 000,692,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll [2010.06.07 19:21:17 | 000,031,744 | ---- | M] () -- C:\Dokumente und Einstellungen\Roadkicker\Eigene Dateien\MATERIAL SCHATTENJAGD.doc [2010.06.07 16:43:09 | 002,568,656 | ---- | M] (Adobe Systems, Inc.) -- C:\Programme\flashplayer10_1_rc7_plugin_060210.exe [2010.06.07 11:27:41 | 000,045,056 | ---- | M] () -- C:\Dokumente und Einstellungen\Roadkicker\Eigene Dateien\TÜRKEI Condor.doc [2010.06.01 19:37:48 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe [2010.06.01 12:19:48 | 098,621,012 | ---- | M] () -- C:\Programme\odp-3.2-bin-windows-en-US.exe [2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.04.28 20:11:30 | 002,192,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe [2010.04.28 07:41:29 | 002,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe [2010.04.28 07:41:18 | 002,148,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe [2010.04.28 07:41:18 | 002,148,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe [2010.04.28 07:41:17 | 002,027,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe [2010.04.28 07:41:17 | 002,027,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntkrnlpa.exe [2010.04.16 17:36:58 | 000,406,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usp10.dll [2010.04.05 13:31:16 | 000,241,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mp4sds32.ax [2010.04.05 13:31:16 | 000,241,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mp4sds32.ax [2010.04.05 11:54:04 | 000,384,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mp4sdmod.dll [2010.04.05 11:54:04 | 000,384,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mp4sdmod.dll [2010.04.03 06:39:36 | 002,377,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WMVCore.dll [2010.04.03 06:39:36 | 002,377,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\WMVCore.dll [2010.03.31 00:16:34 | 000,099,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\PresentationHostProxy.dll [2010.03.31 00:10:40 | 000,295,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\PresentationHost.exe [2010.03.30 00:52:26 | 000,262,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mpg4ds32.ax [2010.03.30 00:52:26 | 000,262,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpg4ds32.ax [2010.03.23 10:05:20 | 000,581,120 | ---- | M] () -- C:\Dokumente und Einstellungen\Roadkicker\Eigene Dateien\lame.exe [2010.03.09 13:09:28 | 000,430,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\vbscript.dll [2010.03.09 13:09:28 | 000,430,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vbscript.dll [2010.03.09 00:40:16 | 000,000,036 | ---- | M] () -- C:\Dokumente und Einstellungen\Roadkicker\Lokale Einstellungen\Anwendungsdaten\housecall.guid.cache [2010.03.05 16:37:40 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asycfilt.dll [2010.03.05 16:37:40 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\asycfilt.dll [2010.02.24 15:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys [2010.02.12 12:03:03 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe [2010.02.12 06:33:08 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\6to4svc.dll [2010.02.11 14:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip6.sys [2010.02.11 14:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip6.sys [2010.02.10 21:05:46 | 000,032,768 | ---- | M] (AnchorFree Inc) -- C:\WINDOWS\System32\drivers\taphss.sys [2010.01.29 16:43:35 | 000,307,260 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\l3codeca.acm [2010.01.13 16:00:09 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cabview.dll [2009.12.24 08:59:41 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wintrust.dll [2009.12.23 13:07:48 | 000,077,544 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat [2009.12.22 13:29:28 | 000,001,085 | ---- | M] () -- C:\Dokumente und Einstellungen\Roadkicker\Desktop\Dessau.lnk [2009.12.17 09:40:01 | 000,346,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe [2009.12.17 09:40:01 | 000,346,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspaint.exe [2009.12.15 20:28:44 | 000,033,280 | ---- | M] () -- C:\Dokumente und Einstellungen\Roadkicker\Eigene Dateien\VEREINIGUNG DEUTSCHER REISEJOURNALISTEN.doc [2009.12.15 20:18:04 | 000,026,624 | ---- | M] () -- C:\Dokumente und Einstellungen\Roadkicker\Eigene Dateien\Columbus EINWILLIGUNG.doc [2009.12.14 09:08:20 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csrsrv.dll [2009.12.14 09:08:20 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\csrsrv.dll [2009.12.08 11:23:28 | 000,474,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shlwapi.dll [2009.11.29 10:59:50 | 000,000,162 | -H-- | M] () -- C:\Dokumente und Einstellungen\Roadkicker\Eigene Dateien\~$ACAMA Rhein Neckar Neu SF.doc [2009.11.27 19:11:57 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msyuv.dll [2009.11.27 18:08:01 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avifil32.dll [2009.11.27 18:08:01 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\avifil32.dll [2009.11.27 18:08:01 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iyuv_32.dll [2009.11.27 18:08:01 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msvidc32.dll [2009.11.27 18:08:01 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrle32.dll [2009.11.27 18:08:01 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsbyuv.dll [2009.11.25 13:40:50 | 000,085,504 | ---- | M] () -- C:\WINDOWS\System32\ff_vfw.dll [2009.11.21 17:54:17 | 000,471,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll [2009.11.21 07:43:40 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat [2009.11.15 14:30:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\iPlayer.INI [2009.11.07 01:07:08 | 000,049,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netfxperf.dll [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.10.19 12:18:09 | 000,001,804 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2010.10.19 12:13:53 | 000,001,591 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk [2010.10.15 07:56:26 | 031,166,976 | ---- | C] () -- C:\Programme\calibre-0.7.23.msi [2010.10.14 21:51:43 | 000,000,685 | ---- | C] () -- C:\Dokumente und Einstellungen\Roadkicker\Desktop\Mobipocket Creator.lnk [2010.10.14 21:48:18 | 010,606,592 | ---- | C] () -- C:\Programme\creator.msi [2010.10.14 06:42:18 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2010.10.12 22:47:59 | 003,389,035 | ---- | C] () -- C:\Programme\eMule0.50a-Installer.exe [2010.10.06 08:36:01 | 000,001,575 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk [2010.10.06 08:34:29 | 000,499,731 | ---- | C] () -- C:\Programme\gp.xpi [2010.08.20 20:10:39 | 001,402,880 | ---- | C] () -- C:\Programme\HiJackThis.msi [2010.08.12 02:04:29 | 002,077,184 | ---- | C] () -- C:\Programme\DeskNotes_Setup_2.2.1_Final.msi [2010.08.11 13:02:12 | 000,005,075 | ---- | C] () -- C:\Programme\legitcheck.hta [2010.08.06 21:58:26 | 002,125,249 | ---- | C] () -- C:\Programme\burrrn_package.exe [2010.08.05 15:30:58 | 051,241,544 | ---- | C] () -- C:\Programme\DNGConverter_6_1.exe [2010.07.20 18:07:03 | 000,000,918 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Liquid Story Binder XE.lnk [2010.07.20 15:26:24 | 000,000,723 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ResophNotes.lnk [2010.07.10 13:23:16 | 000,000,400 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2010.06.01 12:17:45 | 098,621,012 | ---- | C] () -- C:\Programme\odp-3.2-bin-windows-en-US.exe [2010.03.09 00:27:13 | 000,001,096 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010.03.09 00:27:13 | 000,001,092 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010.03.08 12:40:03 | 000,048,128 | ---- | C] () -- C:\Dokumente und Einstellungen\Roadkicker\Eigene Dateien\HAWAII Travellers World.doc [2010.03.04 06:23:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cd.dat [2010.03.03 03:36:40 | 000,408,661 | ---- | C] () -- C:\Dokumente und Einstellungen\Roadkicker\Desktop\E-Zine 2010-02.pdf [2010.03.03 02:56:30 | 000,000,064 | ---- | C] () -- C:\Dokumente und Einstellungen\Roadkicker\Lokale Einstellungen\Anwendungsdaten\xobni_installer_updater.log [2010.02.15 02:12:31 | 000,000,665 | ---- | C] () -- C:\Dokumente und Einstellungen\Roadkicker\Desktop\PageFour.lnk [2010.02.15 02:09:45 | 000,000,679 | ---- | C] () -- C:\Dokumente und Einstellungen\Roadkicker\Desktop\XMind.lnk [2010.02.13 14:50:28 | 000,000,687 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iPhone Explorer.lnk [2009.12.23 13:07:48 | 000,077,544 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2009.12.22 13:29:28 | 000,001,085 | ---- | C] () -- C:\Dokumente und Einstellungen\Roadkicker\Desktop\Dessau.lnk [2009.11.25 13:40:50 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009.11.15 14:30:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI [2009.10.14 18:50:02 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll [2009.10.14 18:44:19 | 000,007,103 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini [2009.09.28 08:36:09 | 000,000,128 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sandra.ldb [2009.09.28 08:29:18 | 011,915,264 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sandra.mda [2009.09.21 20:28:42 | 000,142,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys [2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll [2009.06.25 09:32:56 | 000,000,211 | ---- | C] () -- C:\WINDOWS\{5DAE9BE7-CFA3-46AD-981A-E51FBA76DBAB}.ini [2009.06.25 09:32:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\{5DAE9BE7-CFA3-46AD-981A-E51FBA76DBAB}.ini [2009.06.07 14:12:21 | 006,418,628 | ---- | C] () -- C:\Programme\Enigma_by_Kaelri.zip [2009.06.05 09:25:53 | 000,863,643 | ---- | C] () -- C:\Programme\Lookout128.zip [2009.03.16 15:53:16 | 000,079,506 | ---- | C] () -- C:\Programme\outlookattachview.zip [2009.03.03 14:41:48 | 000,017,936 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsUsbDrvXP.sys [2009.01.31 18:53:02 | 000,056,918 | ---- | C] () -- C:\Programme\licensecrawler.zip [2009.01.16 15:56:46 | 001,015,808 | ---- | C] () -- C:\WINDOWS\System32\MPEG4Evfw.dll [2009.01.09 19:42:07 | 000,002,892 | ---- | C] () -- C:\WINDOWS\System32\audcon.sys [2008.11.27 21:51:48 | 000,000,023 | ---- | C] () -- C:\WINDOWS\PTSPEECH.INI [2008.11.27 21:51:26 | 000,000,014 | ---- | C] () -- C:\WINDOWS\LangIDlib.INI [2008.11.27 21:51:26 | 000,000,014 | ---- | C] () -- C:\WINDOWS\DICTEDIT.INI [2008.11.27 21:51:24 | 000,001,098 | ---- | C] () -- C:\WINDOWS\tm.ini [2008.11.27 21:51:22 | 000,000,720 | ---- | C] () -- C:\WINDOWS\PTP2002G.INI [2008.11.26 14:05:51 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\setupnt.dll [2008.11.25 12:49:44 | 003,312,472 | ---- | C] () -- C:\Programme\HSS-1.10-install-anchorfree-76-conduit.exe [2008.11.15 23:39:06 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2008.11.15 18:40:49 | 000,000,432 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2008.11.15 18:39:17 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI [2008.11.15 18:38:08 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll [2008.11.15 18:35:07 | 000,031,664 | ---- | C] () -- C:\WINDOWS\maxlink.ini [2008.11.12 11:35:48 | 000,000,046 | ---- | C] () -- C:\Dokumente und Einstellungen\Roadkicker\Lokale Einstellungen\Anwendungsdaten\DonationCoder_desktopcoral_InstallInfo.dat [2008.11.10 19:45:17 | 000,639,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2008.11.09 12:29:28 | 000,232,448 | ---- | C] () -- C:\Dokumente und Einstellungen\Roadkicker\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.11.09 00:13:51 | 088,070,069 | ---- | C] () -- C:\Programme\setup_vmc_9_3_3_10523.exe [2008.11.08 23:07:17 | 000,507,872 | ---- | C] () -- C:\Dokumente und Einstellungen\Roadkicker\Lokale Einstellungen\Anwendungsdaten\wanancsp.dat [2008.11.08 21:56:28 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008.11.08 21:55:21 | 000,000,143 | ---- | C] () -- C:\Dokumente und Einstellungen\Roadkicker\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2008.09.20 00:56:19 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2008.09.20 00:40:41 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys [2008.09.20 00:34:03 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2008.09.20 00:34:03 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2008.09.20 00:34:03 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2008.09.20 00:34:02 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2008.09.20 00:34:02 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2008.09.20 00:34:02 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2008.09.20 00:33:12 | 002,115,816 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll [2008.09.20 00:29:57 | 000,910,464 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll [2008.09.20 00:29:57 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4860.dll [2008.09.20 00:26:33 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS [2008.05.26 23:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2008.05.26 23:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2008.05.26 23:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2008.02.19 08:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll [2007.11.01 16:53:34 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll [2007.11.01 16:43:30 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll [2006.09.05 14:20:36 | 000,079,400 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL [2006.01.27 19:18:01 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini [2006.01.27 19:05:14 | 000,002,963 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2006.01.26 19:09:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 19.10.2010 18:59:27 - Run 2
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Dokumente und Einstellungen\Roadkicker\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 55,64 Gb Total Space | 5,76 Gb Free Space | 10,35% Space Free | Partition Type: NTFS
Computer Name: LENOVO-83F55030 | User Name: Roadkicker | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Programme\ACD Systems\ACDSee\7.0\ACDSee7.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Programme\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Programme\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Programme\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\SwiApiMux.exe" = C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\SwiApiMux.exe:*:Enabled:SwiApiMux -- File not found
"C:\Programme\PPMate\ppmate.exe" = C:\Programme\PPMate\ppmate.exe:*:Enabled:PPMate -- File not found
"C:\Programme\PPMate\ppmnet.exe" = C:\Programme\PPMate\ppmnet.exe:*:Enabled:PPMate -- File not found
"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP4\RpcAgentSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP4\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service -- (SiSoftware)
"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP4\WNt500x86\RpcSandraSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP4\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware)
"C:\Programme\Spyware Terminator\SpywareTerminatorUpdate.exe" = C:\Programme\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Disabled:Crawler Spyware Terminator -- (Crawler.com)
"C:\Programme\SopCast\adv\SopAdver.exe" = C:\Programme\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Programme\SopCast\SopCast.exe" = C:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Programme\Macromedia\Contribute 2\Contribute.exe" = C:\Programme\Macromedia\Contribute 2\Contribute.exe:*:Enabled:Contribute -- (Macromedia, Inc.)
"C:\Programme\uTorrent\uTorrent.exe" = C:\Programme\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Renaissance Wireless Server\Renaissance Wireless Server.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Renaissance Wireless Server\Renaissance Wireless Server.exe:*:Disabled:Renaissance Wireless Server 1.7.5 -- ()
"C:\Dokumente und Einstellungen\Roadkicker\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\Roadkicker\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- ()
"C:\Programme\TVUPlayer\TVUPlayer.exe" = C:\Programme\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component -- (TVU networks)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{05ADEEC8-BD58-43D9-A9E3-1F53B0DA117A}" = Opera 10.51
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0CB53B08-451D-4674-810A-B2CAC1DD8912}" = SmartLoad VXA
"{0D025345-1033-4F35-A5CE-68CDCDE6CC03}" = Evernote
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{10DDCDDD-9A59-4496-9371-C17F1668D433}" = Windows Live Toolbar
"{12650598-D7B9-4FB5-91B2-2CAA641AC589}" = Trend Micro RUBotted
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad-Dienstprogramm 'EasyEject'
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"
"{1D1D8ADC-BF08-4E61-9393-5FA305B16864}" = Microsoft SQL Server Native Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 21
"{2A4A057A-4460-4B53-A718-5D83507DFFFD}" = DeskNotes 2.2.1
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{30FA0039-6CB1-46FF-B339-EA06F5F503B2}" = Neo's SafeKeys 2008
"{3248F0A8-6813-11D6-A77B-00B0D0150140}" = J2SE Runtime Environment 5.0 Update 14
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{356C896A-6BE6-487D-AA37-C999F945E6CF}" = Integrated Camera TWAIN
"{3C3A1CF5-A2A0-4D80-8808-609C87FB33FE}_is1" = Bildschutz Pro 3.01
"{415DB050-CAF2-4E66-91EE-5B4BFDFC3475}" = Macromedia Flash Paper
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{46E1B1F2-A279-4356-9B17-029F9CC72EAE}" = Brother MFL-Pro Suite
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{54971F17-9D16-4D43-95D6-3A86E3D20EDB}" = Office-Bibliothek 4.1
"{580EC579-E476-469F-9EBF-F82D696FC67A}" = iClone SE
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = Integrated Camera Driver Ver.1.1.500.0
"{5C759B74-34F4-43C6-A5D9-039CB754C5E9}" = Microsoft SQL Server VSS Writer
"{5DAE9BE7-CFA3-46AD-981A-E51FBA76DBAB}" = Iconix® eMail ID for Microsoft® Outlook
"{668ACF05-E455-4932-A2D2-5822A8206FEB}" = Camera Center
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{70C592EC-AE9B-4734-928B-676E824FB41E}" = MFC RunTime files
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76D3276F-1A6C-43F6-AEE6-AF37340F3726}" = Toodledo Sync Application
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7732DA71-2FB6-5C99-D0D9-58A2DB360895}" = FlipShare
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{7B4174E8-FE92-4269-808A-3B8D116D9538}" = Advanced Security for Outlook
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}" = InterVideo WinDVD Creator 3
"{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1" = iPhone Explorer 0.991
"{8307E187-8E4F-41F2-988A-B838BCCDA11C}" = Tunebite
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{84ED5482-CFB0-4DD9-BF18-489FFDACD18A}" = Microsoft Antimalware Service DE-DE Language Pack
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{872ADF4E-8F51-41B7-8553-ACD5771BCC90}_is1" = AnyBizSoft PDF to Word (Build 2.5.3)
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OUTLOOKR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ONENOTER_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_OUTLOOKR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ONENOTER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOKR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ONENOTER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOKR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ONENOTER_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_OUTLOOKR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ONENOTER_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_OUTLOOKR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ONENOTER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{909B62B0-8ACA-4061-A83B-09CAEF609619}" = MSXML 6.0 Parser
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{910BEE2C-3C2F-4DC0-9FF0-61DD5F5E8E47}" = Duden Korrektor PLUS
"{91120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-00A1-0000-0000-0000000FF1CE}" = Microsoft Office OneNote 2007
"{91120000-00A1-0000-0000-0000000FF1CE}_ONENOTER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-00A1-0000-0000-0000000FF1CE}_ONENOTER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95AA1C96-8FAD-4475-A706-C9899866D01A}" = ResophNotes
"{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 ATL (x86) WinSXS MSM
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ThinkPad UltraNav Driver
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Energie-Manager
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A2289997-10A3-48F2-AA03-99180D761661}" = ThinkVantage Fingerprint Software 5.6
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AB3C4AC6-C401-4132-A8B5-265899A9C0E8}" = Steinberg Cubase LE 4
"{AF37F9DE-0726-439E-BC10-43D9195394D0}" = Firebird SQL Server - MAGIX Edition
"{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}" = Mobipocket Creator 4.2
"{B21E2646-3AC8-47F6-B3B9-77CCDC499C45}" = ACDSee 7.0
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BD136CE7-6666-4273-A056-8D92F8625AAB}" = Sun ODF Plugin for Microsoft Office 3.2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0A88AB8-DB02-42C8-B55A-F29019AE829C}" = OutlookTools 2
"{C1D62274-F150-4A93-8A13-71E42B34EDFE}" = Macromedia Contribute 2
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2196}_is1" = SiSoftware Sandra Lite 2009.SP4
"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{CA567AD5-33A4-403D-86D1-EE2D38251951}_is1" = VDownloader 0.76
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CD2C8B6B-CBBF-48AF-8FC8-DF3B474AFD48}" = Mobile Broadband Connect
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF14C10E-2380-47F4-99CB-BEB1A86A9494}" = AlphaSmart Manager 2
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D2A6CB42-8327-4167-AB04-F4A15658F2BF}" = Sierra Wireless HSDPA MiniCard
"{D728E945-256D-4477-B377-6BBA693714AC}" = Ergänzung zu Productivity Center für ThinkPad
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F151F2B3-0C32-44D3-90E2-E639B8024622}" = Rescue and Recovery
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F5730A89-7A25-43FC-9A88-12BAF24121F8}" = calibre
"{F705E3E1-A471-426B-9A09-73429F3418EE}" = System Migration Assistant
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Ashampoo Burning Studio 2009_is1" = Ashampoo Burning Studio 2009
"Audacity_is1" = Audacity 1.2.6
"avast5" = avast! Free Antivirus
"CCleaner" = CCleaner
"Dexpot" = Dexpot 1.4
"Doc Scrubber_is1" = Doc Scrubber v1.1
"DVD Shrink_is1" = DVD Shrink 3.2
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Everything" = Everything 1.2.1.371
"Executor_is1" = Executor v0.98b
"FeedDemon_is1" = FeedDemon
"File Writer output plugin" = File Writer output plugin for WinAMP 2 v1.17(c) (remove only)
"Flickr Uploadr" = Flickr Uploadr 3.2.1
"foobar2000" = foobar2000 v1.0.3
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Reader" = Foxit Reader
"Free Video Converter" = Free Video Converter
"Handbrake" = Handbrake 0.9.2
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HotspotShield" = Hotspot Shield 1.49
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Ilium Software eWallet_is1" = eWallet 7.0
"InFlac" = InFlac 1.1.1
"InstallShield_{5DAE9BE7-CFA3-46AD-981A-E51FBA76DBAB}" = Iconix® eMail ID for Microsoft® Outlook
"InstallShield_{910BEE2C-3C2F-4DC0-9FF0-61DD5F5E8E47}" = Duden Korrektor PLUS
"InstallShield_{CF14C10E-2380-47F4-99CB-BEB1A86A9494}" = AlphaSmart Manager 2
"InterActual Player" = InterActual Player
"iperUpload" = iperUpload
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.06 Beta
"Lenovo Registration" = Lenovo Registration
"Liquid Story Binder XE_is1" = Liquid Story Binder XE 4.71
"MAGIX Fotos auf CD & DVD 9 deluxe Download-Version D" = MAGIX Fotos auf CD & DVD 9 deluxe Download-Version 9.0.0.19 (D)
"MAGIX Video deluxe 2008 PLUS D" = MAGIX Video deluxe 2008 PLUS 7.5.2.10 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"MediaMonkey_is1" = MediaMonkey 3.2
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"MPEG4E" = MPEG4E VFW - H.264/MPEG-4 AVC codec (remove only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ONENOTER" = Microsoft Office OneNote 2007
"OnScreenDisplay" = Anzeige am Bildschirm
"OUTLOOKR" = Microsoft Office Outlook 2007
"PageFour_is1" = PageFour 1.70
"PCMCIAPW" = ThinkPad PC Card Power Policy
"PDFCreator Toolbar" = PDFCreator Toolbar
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel(R) PROSet/Wireless Software
"PROSet" = Intel(R) PRO Network Connections Drivers
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PrtScr_is1" = PrtScr 1.5
"Q10" = Q10 Editor
"Rainmeter" = Rainmeter (remove only)
"Revo Uninstaller" = Revo Uninstaller 1.75
"RocketDock_is1" = RocketDock 1.3.5
"Serious Samurize" = Serious Samurize
"SopCast" = SopCast 3.2.4
"Speed Read" = Speed Read
"Spyware Terminator_is1" = Spyware Terminator
"Syncrosoft License Control" = Syncrosoft Lizenz Kontrolle
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"TrueImage" = Acronis*TrueImage
"TVUPlayer" = TVUPlayer 2.5.2.2
"Ultra DVD Ripper_is1" = Ultra DVD Ripper 2.3.0802
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.17
"VLC media player" = VLC media player 0.9.4
"VV_Outloud_En_US" = IBM ViaVoice Outloud Runtime - US English
"VV_Outloud_Gr_GR" = IBM ViaVoice Outloud Runtime - Deutsch
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Winamp" = Winamp
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMCSetup" = Windows Media Connect
"XMind" = XMind
"xplorer2l" = xplorer² lite
"Zattoo" = Zattoo 3.3.4 Beta
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Action(s)" = Action(s)
"Dropbox" = Dropbox
"QUICKMEDIACONVERTER" = Player
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 10 Event Log Errors ==========
[ Antivirus Events ]
Error - 25.12.2009 10:44:03 | Computer Name = LENOVO-83F55030 | Source = avast! | ID = 33554522
Description =
Error - 25.12.2009 10:44:03 | Computer Name = LENOVO-83F55030 | Source = avast! | ID = 33554522
Description =
Error - 25.12.2009 10:44:03 | Computer Name = LENOVO-83F55030 | Source = avast! | ID = 33554522
Description =
Error - 25.12.2009 10:44:03 | Computer Name = LENOVO-83F55030 | Source = avast! | ID = 33554522
Description =
Error - 25.12.2009 10:44:03 | Computer Name = LENOVO-83F55030 | Source = avast! | ID = 33554522
Description =
Error - 27.12.2009 05:44:24 | Computer Name = LENOVO-83F55030 | Source = avast! | ID = 33554522
Description =
Error - 27.12.2009 05:44:25 | Computer Name = LENOVO-83F55030 | Source = avast! | ID = 33554522
Description =
Error - 27.12.2009 05:44:25 | Computer Name = LENOVO-83F55030 | Source = avast! | ID = 33554522
Description =
Error - 27.12.2009 05:44:25 | Computer Name = LENOVO-83F55030 | Source = avast! | ID = 33554522
Description =
Error - 27.12.2009 05:44:25 | Computer Name = LENOVO-83F55030 | Source = avast! | ID = 33554522
Description =
[ Application Events ]
Error - 19.10.2010 03:44:21 | Computer Name = LENOVO-83F55030 | Source = Windows Search Service | ID = 7040
Description = Der Suchdienst hat beschädigte Datendateien im Index erkannt. Der
Dienst versucht, dieses Problem durch Neuerstellung des Index automatisch zu beheben.
Details:
Die
Inhaltsindex-Metadaten können nicht gelesen werden. (0xc0041801)
Error - 19.10.2010 03:44:21 | Computer Name = LENOVO-83F55030 | Source = Windows Search Service | ID = 1006
Description = Fehler beim Erstellen des SystemIndex-Suchindex durch den Windows-Suchdienst.
Interner Fehler <4, 0xc0041800, Fehler beim Hinzufügen des Projekts: C:\Dokumente
und Einstellungen\All Users\Anwendungsdaten\Microsoft\Search\Data\Applications\Windows\Projects>.
Error - 19.10.2010 03:54:28 | Computer Name = LENOVO-83F55030 | Source = ESENT | ID = 488
Description = SearchIndexer (2204) Versuch, Datei "C:\Dokumente und Einstellungen\All
Users\Anwendungsdaten\Microsoft\Search\Data\Applications\Windows\MSStmp.log" zu
erstellen, ist mit Systemfehler 80 (0x00000050): "Die Datei ist vorhanden. " fehlgeschlagen.
Fehler -1022 (0xfffffc02) beim Erstellen von Dateien.
Error - 19.10.2010 03:54:28 | Computer Name = LENOVO-83F55030 | Source = ESENT | ID = 486
Description = SearchIndexer (2204) Versuch, Datei "C:\Dokumente und Einstellungen\All
Users\Anwendungsdaten\Microsoft\Search\Data\Applications\Windows\res2.log" nach
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Search\Data\Applications\Windows\MSStmp.log"
zu verschieben, ist mit Systemfehler 183 (0x000000b7): "Eine Datei kann nicht erstellt
werden, wenn sie bereits vorhanden ist. " fehlgeschlagen. Fehler -1022 (0xfffffc02)
beim Verschieben von Dateien.
Error - 19.10.2010 03:54:28 | Computer Name = LENOVO-83F55030 | Source = ESENT | ID = 428
Description = SearchIndexer (2204) Das Datenbankmodul kann keine Aktualisierungen
akzeptieren, weil die Festplatte, auf der sich die Protokolldatei der Datenbank
befindet, über zu wenig freien Speicherplatz verfügt .
Error - 19.10.2010 03:54:28 | Computer Name = LENOVO-83F55030 | Source = ESENT | ID = 486
Description = SearchIndexer (2204) Versuch, Datei "C:\Dokumente und Einstellungen\All
Users\Anwendungsdaten\Microsoft\Search\Data\Applications\Windows\res1.log" nach
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Search\Data\Applications\Windows\MSStmp.log"
zu verschieben, ist mit Systemfehler 183 (0x000000b7): "Eine Datei kann nicht erstellt
werden, wenn sie bereits vorhanden ist. " fehlgeschlagen. Fehler -1022 (0xfffffc02)
beim Verschieben von Dateien.
Error - 19.10.2010 03:54:28 | Computer Name = LENOVO-83F55030 | Source = ESENT | ID = 429
Description = Windows (2204) Windows: Die Protokollfestplatte des Datenbankmoduls
ist voll. Das Löschen von Protokolldateien, um Speicherplatz freizugeben, kann
das Starten der Datenbank unmöglich machen, wenn die Datenbankdateien inkonsistent
sind. Nummerierte Protokolldateien können nur dann verschoben (nicht jedoch gelöscht)
werden, wenn die Datenbankdateien konsistent sind. Verschieben Sie MSS.log nicht.
Error - 19.10.2010 03:54:28 | Computer Name = LENOVO-83F55030 | Source = ESENT | ID = 413
Description = SearchIndexer (2204) Neue Protokolldatei konnte nicht erstellt werden,
weil die Datenbank nicht auf das Protokolllaufwerk schreiben kann. Das Laufwerk
ist möglicherweise schreibgeschützt, falsch konfiguriert, beschädigt oder hat zu
wenig freien Speicherplatz. Fehler -1022.
Error - 19.10.2010 03:54:28 | Computer Name = LENOVO-83F55030 | Source = ESENT | ID = 454
Description = SearchIndexer (2204) Bei Datenbankwiederherstellung trat ein unerwarteter
Fehler -1022 auf.
Error - 19.10.2010 03:54:28 | Computer Name = LENOVO-83F55030 | Source = Windows Search Service | ID = 9000
Description = Der Jet-Eigenschaftenspeicher kann vom Windows-Suchdienst nicht geöffnet
werden. Details: Der Inhaltsindex kann nicht gelesen werden. (0xc0041800)
[ OSession Events ]
Error - 10.03.2010 02:11:39 | Computer Name = LENOVO-83F55030 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.
Error - 14.03.2010 07:54:55 | Computer Name = LENOVO-83F55030 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.
Error - 14.03.2010 08:22:07 | Computer Name = LENOVO-83F55030 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.
Error - 15.03.2010 14:27:45 | Computer Name = LENOVO-83F55030 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.
Error - 15.03.2010 15:04:50 | Computer Name = LENOVO-83F55030 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.
Error - 21.03.2010 13:09:11 | Computer Name = LENOVO-83F55030 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.
Error - 23.03.2010 03:27:47 | Computer Name = LENOVO-83F55030 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.
Error - 17.06.2010 03:34:26 | Computer Name = LENOVO-83F55030 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 27
seconds with 0 seconds of active time. This session ended with a crash.
Error - 17.06.2010 03:37:24 | Computer Name = LENOVO-83F55030 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.
Error - 17.06.2010 03:37:34 | Computer Name = LENOVO-83F55030 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 19.10.2010 11:31:28 | Computer Name = LENOVO-83F55030 | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: 2147749155 (0x80040D23).
Error - 19.10.2010 11:41:05 | Computer Name = LENOVO-83F55030 | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: 2147749155 (0x80040D23).
Error - 19.10.2010 11:51:21 | Computer Name = LENOVO-83F55030 | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: 2147749155 (0x80040D23).
Error - 19.10.2010 12:01:40 | Computer Name = LENOVO-83F55030 | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: 2147749155 (0x80040D23).
Error - 19.10.2010 12:11:45 | Computer Name = LENOVO-83F55030 | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: 2147749155 (0x80040D23).
Error - 19.10.2010 12:22:05 | Computer Name = LENOVO-83F55030 | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: 2147749155 (0x80040D23).
Error - 19.10.2010 12:32:22 | Computer Name = LENOVO-83F55030 | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: 2147749155 (0x80040D23).
Error - 19.10.2010 12:42:53 | Computer Name = LENOVO-83F55030 | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: 2147749155 (0x80040D23).
Error - 19.10.2010 12:52:50 | Computer Name = LENOVO-83F55030 | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: 2147749155 (0x80040D23).
Error - 19.10.2010 13:03:02 | Computer Name = LENOVO-83F55030 | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: 2147749155 (0x80040D23).
< End of report >
|
|
19.10.2010, 20:31
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | RUBotted meldet Befall - Schutzprogramme finden bei Scan nichts Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = about:blank
O33 - MountPoints2\{168561a3-e005-11dd-8045-00a0d5ffff85}\Shell\AutoRun\command - "" = D:\Setup_FlipShare.exe -- File not found
O33 - MountPoints2\{168561a3-e005-11dd-8045-00a0d5ffff85}\Shell\Setup FlipShare\command - "" = D:\Setup_FlipShare.exe -- File not found
O33 - MountPoints2\{67b43176-b18c-11de-81c6-00a0d5ffff85}\Shell\AutoRun\command - "" = I:\Toshiba\more4you.exe -- File not found
O33 - MountPoints2\{8d579f8a-e558-11de-8261-00215c523b23}\Shell\AutoRun\command - "" = D:\Get_Started_for_Win.exe -- File not found
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.10.2010, 23:19
| #9 |
| | RUBotted meldet Befall - Schutzprogramme finden bei Scan nichts gemacht. folgendes ist passiert: sobald ich den fix-button gedrückt hatte, erschien ganz kurz unten rechts auf dem schirm ein großes pop-up-fenster mit roter schrift, offensichtlich eine warnung, die aber so schnell wieder verschwand, dass ich nicht lesen konnte, was da drauf stand. dann kam in der schirmmitte folgender hinweis von OLT: "cannot create file c:\\windows\sys32\diverses\etc\Hosts" sämtliche desktop-symbole verschwanden. nachdem ich den hinweis weggeklickt hatte, stand eine zeile ganz unten am boden des OLT-fensters: "resetting Hosts file. don not interrupt." es passierte dann aber gar nix mehr. nach langem warten hab ich das OLT-fenster geschlossen und das system neu gestartet. als erstes kam dann folgender OLT-logfile: Files\Folders moved on Reboot... C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. Registry entries deleted on Reboot... als zweites dann allerdings die übliche RUBotted-fenstermeldung... |
|
19.10.2010, 23:29
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | RUBotted meldet Befall - Schutzprogramme finden bei Scan nichts Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.10.2010, 08:15
| #11 |
| | RUBotted meldet Befall - Schutzprogramme finden bei Scan nichts erledigt. das ist passiert: ccleaner: alles problemlos. cofi: zuerst meldung "fehler". dann: "die anwendung konnte nicht initialisiert werden, da die arbeitsstation gerade runtergefahren wird". computer schaltete sich aus. beim hochfahren eine endlose menge solcher meldungsfenster: "die datei oder das verzeichnis c:\\dokumente und einstellungen\xx\anwendungsdaten\apple computer\itunes\itunesprefs.xml ist beschädigt und nicht lesbar. bitte führen sie CHKDSK aus." die meisten fenster bezogen sich auf firefox. dann: "verfügt nicht über die microsoft-wiederherstellungskonsole" plus frage, ob die nun insatlliert werden soll (verneint) dann: zeile im blauen texteditor: "starte keine anderen programme, bevor combofix fertig ist"-- es kamen dann aber nach und nach alle anwendungen im autostart, vermute ich. cofi hat dann ganz viele stufen getestet. und am ende dieses logfile produziert: Combofix Logfile: Code:
ATTFilter ComboFix 10-10-19.02 - Roadkicker 20.10.2010 8:50.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.2006.1393 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Roadkicker\Desktop\Cofi.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\dokumente und einstellungen\Roadkicker\Anwendungsdaten\PriceGong
c:\dokumente und einstellungen\Roadkicker\Anwendungsdaten\PriceGong\Data\mru.xml
C:\test.txt
c:\windows\ST6UNST.000
.
((((((((((((((((((((((( Dateien erstellt von 2010-09-20 bis 2010-10-20 ))))))))))))))))))))))))))))))
.
2010-10-19 21:53 . 2010-10-19 21:53 -------- d-----w- C:\_OTL
2010-10-19 13:23 . 2010-10-07 23:21 6146896 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{0B35F4E7-A60F-4E20-A220-3A0660F4FFD5}\mpengine.dll
2010-10-19 10:17 . 2010-10-19 10:17 -------- d-----w- c:\programme\iPod
2010-10-19 10:16 . 2010-10-19 10:18 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-10-19 10:10 . 2010-10-19 10:10 -------- d-----w- c:\programme\Bonjour
2010-10-15 05:59 . 2010-10-16 08:56 -------- d-----w- c:\dokumente und einstellungen\Roadkicker\Calibre Bibliothek
2010-10-15 05:59 . 2010-10-15 21:09 -------- d-----w- c:\dokumente und einstellungen\Roadkicker\Anwendungsdaten\calibre
2010-10-15 05:57 . 2010-10-15 05:58 -------- d-----w- c:\programme\Calibre2
2010-10-15 05:56 . 2010-10-15 05:57 31166976 ----a-w- c:\programme\calibre-0.7.23.msi
2010-10-15 05:34 . 2010-10-15 05:34 -------- d-----w- c:\dokumente und einstellungen\Roadkicker\Anwendungsdaten\app.jbbres.com
2010-10-14 19:59 . 2010-10-14 19:59 -------- d-----w- c:\dokumente und einstellungen\Roadkicker\Anwendungsdaten\Mobipocket Reader
2010-10-14 19:51 . 2010-10-14 19:51 -------- d-----w- c:\programme\Mobipocket.com
2010-10-14 19:51 . 2010-10-14 19:51 -------- d-----w- c:\programme\Gemeinsame Dateien\Mobipocket Shared
2010-10-14 19:48 . 2010-10-14 19:50 10606592 ----a-w- c:\programme\creator.msi
2010-10-14 04:08 . 2010-09-18 06:52 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2010-10-14 04:08 . 2010-09-18 06:52 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-14 04:08 . 2010-09-18 06:52 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-14 04:08 . 2010-08-23 16:11 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-10-12 20:49 . 2010-10-12 20:49 -------- d-----w- c:\dokumente und einstellungen\Roadkicker\Anwendungsdaten\eMule
2010-10-12 20:48 . 2010-10-14 14:54 -------- d-----w- c:\programme\eMule
2010-10-09 15:26 . 2010-10-09 15:26 -------- d-----w- c:\dokumente und einstellungen\LocalService\Anwendungsdaten\McAfee
2010-10-06 16:17 . 2010-10-20 06:27 3430224 ----a-w- c:\programme\ccsetup236.exe
2010-10-06 06:36 . 2010-10-06 06:36 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\McAfee
2010-10-06 06:36 . 2010-10-06 06:36 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\McAfee Security Scan
2010-10-06 06:35 . 2010-10-09 15:26 -------- d-----w- c:\programme\McAfee Security Scan
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\dokumente und einstellungen\Roadkicker\Anwendungsdaten\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\dokumente und einstellungen\Roadkicker\Anwendungsdaten\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\dokumente und einstellungen\Roadkicker\Anwendungsdaten\Dropbox\bin\DropboxExt.13.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\programme\RocketDock\RocketDock.exe" [2007-09-02 495616]
"SpywareTerminatorUpdate"="c:\programme\Spyware Terminator\SpywareTerminatorUpdate.exe" [2009-09-21 3055616]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-01-10 294912]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-01-10 208896]
"TPHOTKEY"="c:\programme\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-02-13 66928]
"TpShocks"="TpShocks.exe" [2007-11-22 181536]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-04-26 243248]
"SoundMAXPnP"="c:\programme\Analog Devices\Core\smax4pnp.exe" [2007-12-11 1044480]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-07 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-07 162328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-07 137752]
"AMSG"="c:\programme\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 419376]
"TVT Scheduler Proxy"="c:\programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe" [2007-12-05 487424]
"TMRUBottedTray"="c:\programme\Trend Micro\RUBotted\TMRUBottedTray.exe" [2008-11-06 288088]
"Everything"="c:\programme\Everything\Everything.exe" [2009-03-13 602624]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"Prey Laptop Tracker"="c:\prey\cron.exe" [2009-10-20 216552]
"MSSE"="c:\programme\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2010-09-24 421160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\GEMEIN~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]
c:\dokumente und einstellungen\Roadkicker\Startmen\Programme\Autostart\
DeskNotes.lnk - c:\dokumente und einstellungen\Roadkicker\Anwendungsdaten\Microsoft\Installer\{2A4A057A-4460-4B53-A718-5D83507DFFFD}\_B454330C7AFE569ABD2195.exe [2010-8-12 209254]
Dropbox.lnk - c:\dokumente und einstellungen\Roadkicker\Anwendungsdaten\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
McAfee Security Scan Plus.lnk - c:\programme\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Renaissance Wireless Server.lnk - c:\windows\Installer\{CF14C10E-2380-47F4-99CB-BEB1A86A9494}\_C167998F9359606FC11225.exe [2010-4-1 22486]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programme\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-08-14 13:54 89600 ----a-w- c:\windows\system32\psqlpwd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 07:37 34344 ----a-w- c:\programme\Lenovo\HOTKEY\notifyf2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2007-12-14 07:36 28672 ----a-w- c:\programme\Lenovo\HOTKEY\tphklock.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\C:\0autocheck autochk *
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
Notification Packages REG_MULTI_SZ scecli psqlpwd
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^BTTray.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk
backup=c:\windows\pss\BTTray.lnkCommon Startup
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Office-Bibliothek-Direktsuche.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Office-Bibliothek-Direktsuche.lnk
backup=c:\windows\pss\Office-Bibliothek-Direktsuche.lnkCommon Startup
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Outlook on the Desktop.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Outlook on the Desktop.lnk
backup=c:\windows\pss\Outlook on the Desktop.lnkCommon Startup
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Windows Search.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTray]
2008-02-18 16:34 425984 -c--a-w- c:\programme\ThinkPad\ConnectUtilities\ACTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACWLIcon]
2008-02-18 16:30 126976 -c--a-w- c:\programme\ThinkPad\ConnectUtilities\ACWLIcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-09-10 23:43 67488 -c--a-w- c:\programme\Adobe\Photoshop Elements 6.0\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
2007-11-05 20:34 741376 ------w- c:\programme\Brother\Brmfcmon\BrMfcWnd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2007-10-30 14:05 77824 ------w- c:\programme\Brother\ControlCenter3\BrCtrCen.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2007-10-11 18:01 46368 -c--a-w- c:\programme\ScanSoft\PaperPort\IndexSearch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 00:10 421160 ----a-w- c:\programme\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPMailChecker]
2008-01-10 17:21 124248 -c--a-w- c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager]
2008-01-10 17:21 144728 -c--a-w- c:\progra~1\THINKV~1\PrdCtr\LPMGR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
2010-07-20 15:21 323280 ----a-w- c:\programme\Napster\napster.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2007-10-11 18:03 29984 -c--a-w- c:\programme\ScanSoft\PaperPort\pptd40nt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder]
2007-08-31 08:01 328992 -c--a-w- c:\programme\ScanSoft\PaperPort\Ereg\Ereg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 09:17 421888 ----a-w- c:\programme\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]
2007-12-05 15:32 487424 ----a-w- c:\programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uninstall Adobe Download Manager]
2010-09-01 13:52 66112 ----a-w- c:\programme\NOS\bin\getPlus_Helper_3004.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wanliteconnect]
2008-03-06 18:07 405504 ----a-w- c:\programme\Lenovo\Mobile Broadband Connect\Wananc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2009.SP4\\RpcAgentSrv.exe"=
"c:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2009.SP4\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Programme\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Programme\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programme\\SopCast\\SopCast.exe"=
"c:\\Programme\\Macromedia\\Contribute 2\\Contribute.exe"=
"c:\\Programme\\uTorrent\\uTorrent.exe"=
"c:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\Renaissance Wireless Server\\Renaissance Wireless Server.exe"=
"c:\\Dokumente und Einstellungen\\Roadkicker\\Anwendungsdaten\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Programme\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\Programme\\Opera\\opera.exe"=
"c:\\Programme\\eMule\\emule.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [16.10.2007 18:32 19504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [08.11.2008 18:57 165584]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [21.09.2009 20:28 142592]
R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [05.12.2007 16:42 46656]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [19.01.2009 20:31 277544]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [08.11.2008 18:57 17744]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe [06.05.2009 19:53 1220608]
R2 HssWd;Hotspot Shield Monitoring Service;c:\programme\Hotspot Shield\bin\hsswd.exe -product HSS --> c:\programme\Hotspot Shield\bin\hsswd.exe -product HSS [?]
R2 IconixOutlookUpdaterService;Iconix Outlook Addin Updater Service;c:\programme\Iconix eMailID\OutlookClient\IconixOutlookUpdaterService.exe [22.06.2009 14:31 214288]
R2 RUBotted;Trend Micro RUBotted Service;c:\programme\Trend Micro\RUBotted\TMRUBotted.exe [18.12.2008 19:11 582992]
R2 smihlp;SMI Helper Driver (smihlp);c:\programme\Gemeinsame Dateien\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [14.08.2007 15:46 10896]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\programme\Lenovo\Rescue and Recovery\rrpservice.exe [05.12.2007 17:17 520192]
R3 5U875UVC;Integrated Camera;c:\windows\system32\drivers\5U875x86.sys [20.09.2008 00:28 71552]
R3 SWUMX01;Sierra Wireless USB MUX Driver (UMTS01);c:\windows\system32\drivers\swumx01.sys [12.01.2007 10:29 70656]
R3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\TMPassthru.sys [18.12.2008 19:11 206608]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [22.05.2007 14:59 30336]
S?2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [09.03.2010 00:27 135664]
S?2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\programme\Lenovo\Rescue and Recovery\UpdateMonitor.exe [05.12.2007 16:42 249856]
S2 AsUsbDrvXp;AsUsbDrvXp;c:\windows\system32\drivers\AsUsbDrvXP.sys [03.03.2009 14:41 17936]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe [07.08.2008 12:10 3276800]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\programme\McAfee Security Scan\2.0.181\McCHSvc.exe [15.01.2010 14:49 227232]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [27.01.2006 03:01 14336]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\programme\SiSoftware\SiSoftware Sandra Lite 2009.SP4\RpcAgentSrv.exe [28.09.2009 08:29 99176]
S3 SWNC8U01;Sierra Wireless MUX NDIS Driver (UMTS01);c:\windows\system32\drivers\SWNC8U01.sys [12.01.2007 13:26 102144]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [09.01.2009 19:42 18432]
S3 TMPassthru;Trend Micro Passthru Ndis Service;c:\windows\system32\drivers\TMPassthru.sys [18.12.2008 19:11 206608]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10.11.2008 19:45 639224]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 17:02 114688 ----a-w- c:\programme\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
2010-10-20 c:\windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job
- c:\programme\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 14:54]
2010-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-03-08 22:27]
2010-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-03-08 22:27]
2010-10-20 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programme\Microsoft Security Essentials\MpCmdRun.exe [2010-03-25 19:40]
2010-10-20 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-09-19 16:30]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
IE: &Windows Live Search - c:\programme\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Evernote - c:\programme\Evernote\Evernote3\enbar.dll/2000
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Senden an &Bluetooth-Gerät... - c:\programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Senden an Bluetooth - c:\programme\ThinkPad\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\dokumente und einstellungen\Roadkicker\Anwendungsdaten\Mozilla\Firefox\Profiles\hminwzw0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?
FF - component: c:\dokumente und einstellungen\Roadkicker\Anwendungsdaten\Mozilla\Firefox\Profiles\hminwzw0.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\enbar3.dll
FF - plugin: c:\dokumente und einstellungen\Roadkicker\Anwendungsdaten\Mozilla\Firefox\Profiles\hminwzw0.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\dokumente und einstellungen\Roadkicker\Anwendungsdaten\Mozilla\Firefox\Profiles\hminwzw0.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\programme\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programme\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\programme\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npstrlnk.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\programme\Veetle\Player\npvlc.dll
FF - plugin: c:\programme\Veetle\plugins\npVeetle.dll
FF - plugin: c:\programme\Veetle\VLCBroadcast\npvbp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
Notify-ACNotify - ACNotify.dll
MSConfigStartUp-cssauth - c:\programme\Lenovo\Client Security Solution\cssauth.exe
MSConfigStartUp-MobileConnect - c:\programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'winlogon.exe'(1184)
c:\windows\system32\vrlogon.dll
c:\programme\ThinkPad\ConnectUtilities\ACNotify.dll
c:\programme\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\programme\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\programme\ThinkPad\ConnectUtilities\ACHelper.dll
c:\windows\system32\psqlpwd.dll
c:\programme\ThinkVantage Fingerprint Software\homefus2.dll
c:\programme\ThinkVantage Fingerprint Software\infra.dll
c:\programme\ThinkVantage Fingerprint Software\homepass.dll
c:\programme\ThinkVantage Fingerprint Software\bio.dll
c:\programme\ThinkVantage Fingerprint Software\ps2css.dll
c:\programme\ThinkVantage Fingerprint Software\remote.dll
c:\programme\Lenovo\HOTKEY\tphklock.dll
c:\programme\ThinkVantage Fingerprint Software\pscssint.dll
c:\programme\ThinkVantage Fingerprint Software\crypto.dll
- - - - - - - > 'lsass.exe'(1260)
c:\windows\system32\psqlpwd.dll
c:\programme\ThinkVantage Fingerprint Software\homefus2.dll
c:\programme\ThinkVantage Fingerprint Software\infra.dll
- - - - - - - > 'explorer.exe'(3052)
c:\programme\RocketDock\RocketDock.dll
c:\dokumente und einstellungen\Roadkicker\Anwendungsdaten\Dropbox\bin\DropboxExt.13.dll
c:\windows\system32\BTNEIG~1.DLL
c:\windows\system32\wbtapi.dll
c:\windows\system32\btwpimif.dll
c:\windows\system32\btosif.dll
c:\windows\system32\btrez.dll
c:\windows\system32\btwicons.dll
c:\windows\system32\BtXpPanel.Dll
c:\windows\system32\netprovcredman.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\programme\Microsoft Security Essentials\MsMpEng.exe
c:\programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\programme\Intel\Wireless\Bin\S24EvMon.exe
c:\programme\Alwil Software\Avast5\AvastSvc.exe
c:\programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\programme\Intel\Wireless\Bin\EvtEng.exe
c:\programme\Pure Digital Technologies\FlipShare\FlipShareService.exe
c:\programme\Hotspot Shield\bin\openvpnas.exe
c:\programme\Hotspot Shield\HssWPR\hsssrv.exe
c:\programme\Hotspot Shield\bin\hsswd.exe
c:\programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Intel\Wireless\Bin\RegSrvc.exe
c:\programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\programme\lenovo\system update\suservice.exe
c:\programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.exe
c:\programme\Lenovo\Rescue and Recovery\rrservice.exe
c:\programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
c:\windows\system32\wdfmgr.exe
c:\programme\ThinkPad\ConnectUtilities\AcSvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\TpShocks.exe
c:\windows\system32\igfxsrvc.exe
c:\programme\Lenovo\HOTKEY\TPONSCR.exe
c:\programme\Lenovo\Zoom\TpScrex.exe
c:\dokumente und einstellungen\All Users\Anwendungsdaten\Renaissance Wireless Server\Renaissance Wireless Server.exe
c:\programme\DeskNotes 2.2.1\DeskNotes.exe
c:\programme\Chromatic Dragon\Toodledo Sync Application\SyncApp.exe
c:\programme\DeskTask\DeskTask.exe
c:\windows\system32\wbem\unsecapp.exe
c:\programme\iPod\bin\iPodService.exe
c:\programme\Hotspot Shield\bin\openvpntray.exe
c:\programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-10-20 09:01:07 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-10-20 07:01
Vor Suchlauf: 7.412.310.016 Bytes frei
Nach Suchlauf: 7.468.343.296 Bytes frei
- - End Of File - - FF4033C996219477394ABBE5CBAB2E1E
|
|
20.10.2010, 11:46
| #12 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | RUBotted meldet Befall - Schutzprogramme finden bei Scan nichtsZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.10.2010, 12:49
| #13 |
| | RUBotted meldet Befall - Schutzprogramme finden bei Scan nichts oha. und ich hatte es mir noch aufgeschrieben. kann ich das jetzt noch machen? |
|
20.10.2010, 14:30
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | RUBotted meldet Befall - Schutzprogramme finden bei Scan nichts Kann man nachträglich machen, kommt vllt später nochmal falls wir sie denn wirklich brauchen. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus Downloade Dir anschließend bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.10.2010, 14:47
| #15 |
| | RUBotted meldet Befall - Schutzprogramme finden bei Scan nichts OSAM: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 15:41:22 on 20.10.2010 OS: Windows XP Professional Service Pack 3 (Build 2600) Default Browser: Mozilla Corporation Firefox 3.6.10 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "Auf Updates für Windows Live Toolbar prüfen.job" - "Microsoft Corporation" - C:\Programme\Windows Live Toolbar\MSNTBUP.EXE "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "PMTask.job" - ? - C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE (File found, but it contains no detailed information) "MP Scheduled Scan.job" - "Microsoft Corporation" - c:\Programme\Microsoft Security Essentials\MpCmdRun.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "BrnStiCp.cpl" - "Brother Industries,Ltd." - C:\WINDOWS\system32\BrnStiCp.cpl "btcpl.cpl" - "Broadcom Corporation." - C:\WINDOWS\system32\btcpl.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "TpShCPL.cpl" - "Lenovo." - C:\WINDOWS\system32\TpShCPL.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL "ProtectorSuiteInfoPanel" - "UPEK Inc." - C:\Programme\ThinkVantage Fingerprint Software\infopnl.cpl "QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl "SMAX4CP" - "Analog Devices, Inc." - C:\Programme\Analog Devices\SoundMAX\SMax4.cpl "Windows Media Connect" - "Microsoft Corporation" - C:\Programme\Windows Media Connect 2\wmccpl.dll [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "acedrv11" (acedrv11) - "Protect Software GmbH" - C:\WINDOWS\system32\drivers\acedrv11.sys "Acronis Snapshots Manager" (snapman) - "Acronis" - C:\WINDOWS\System32\DRIVERS\snapman.sys "Acronis TrueImage Backup Archive Explorer" (timounter) - "Acronis" - C:\WINDOWS\System32\DRIVERS\timntr.sys "Acronis TrueImage FS Filter" (tifsfilter) - "Acronis" - C:\WINDOWS\System32\DRIVERS\tifsfilt.sys "ANC" (ANC) - "IBM Corp." - C:\WINDOWS\System32\drivers\ANC.SYS "Anchorfree HSS Adapter" (taphss) - "AnchorFree Inc" - C:\WINDOWS\System32\DRIVERS\taphss.sys "Apple Mobile USB Driver" (USBAAPL) - "Apple, Inc." - C:\WINDOWS\System32\Drivers\usbaapl.sys "APS Digitizer Activity Monitor" (TPDIGIMN) - "Lenovo." - C:\WINDOWS\System32\DRIVERS\ApsHM86.sys "AsUsbDrvXp" (AsUsbDrvXp) - ? - C:\WINDOWS\System32\DRIVERS\AsUsbDrvXP.sys (File found, but it contains no detailed information) "aswFsBlk" (aswFsBlk) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswFsBlk.sys "aswRdr" (aswRdr) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswRdr.sys "aswSP" (aswSP) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswSP.sys "avast! Asynchronous Virus Monitor" (Aavmker4) - "AVAST Software" - C:\WINDOWS\system32\drivers\Aavmker4.sys "avast! Network Shield Support" (aswTdi) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswTdi.sys "avast! Standard Shield Support" (aswMon2) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswMon2.sys "catchme" (catchme) - ? - C:\DOKUME~1\ROADKI~1\LOKALE~1\Temp\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "Hotspot Shield Helper Miniport" (HssDrv) - "AnchorFree Inc." - C:\WINDOWS\System32\DRIVERS\HssDrv.sys "IBMTPCHK" (IBMTPCHK) - ? - C:\WINDOWS\system32\Drivers\IBMBLDID.sys (File found, but it contains no detailed information) "IVI ASPI Shell" (Iviaspi) - "InterVideo, Inc." - C:\WINDOWS\System32\drivers\iviaspi.sys "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "mbr" (mbr) - ? - C:\DOKUME~1\ROADKI~1\LOKALE~1\Temp\mbr.sys (Hidden registry entry, rootkit activity | File not found) "NSNDIS5 NDIS Protocol Driver" (NSNDIS5) - ? - C:\WINDOWS\system32\NSNDIS5.SYS (File not found) "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "pmem" (pmem) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\pmemnt.sys "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "SANDRA" (SANDRA) - "SiSoftware" - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP4\WNt500x86\Sandra.sys "Shockprf" (Shockprf) - "Lenovo." - C:\WINDOWS\System32\DRIVERS\Apsx86.sys "SMI Helper Driver (smihlp)" (smihlp) - "UPEK Inc." - C:\Programme\Gemeinsame Dateien\ThinkVantage Fingerprint Software\Drivers\smihlp.sys "Spyware Terminator Driver 2" (sp_rsdrv2) - ? - C:\WINDOWS\system32\drivers\sp_rsdrv2.sys "SynasUSB" (SynasUSB) - "SIA Syncrosoft" - C:\WINDOWS\System32\drivers\SynasUSB.sys "TAP VPN Adapter" (tapvpn) - "The OpenVPN Project" - C:\WINDOWS\System32\DRIVERS\tapvpn.sys "TPPWRIF" (TPPWRIF) - ? - C:\WINDOWS\System32\drivers\Tppwrif.sys (File found, but it contains no detailed information) "Tunebite High-Speed Dubbing" (tbhsd) - "RapidSolution Software AG" - C:\WINDOWS\System32\drivers\tbhsd.sys "tvtumon" (tvtumon) - "Lenovo" - C:\WINDOWS\System32\DRIVERS\tvtumon.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) "ZTE Mass Storage Filter Driver" (massfilter) - ? - C:\WINDOWS\System32\drivers\massfilter.sys (File not found) [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} "PixiePack Codec Pack 1.1.1200.0" - ? - C:\Programme\PixiePack Codec Pack\InstallerHelper.exe {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {56F9679E-7826-4C84-81F3-532071A8BCC5} "Windows Desktop Search Namespace Manager" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {472083B0-C522-11CF-8763-00608CC02F24} "avast" - "AVAST Software" - C:\Programme\Alwil Software\Avast5\ashShell.dll {6af09ec9-b429-11d4-a1fb-0090960218cb} "Bluetooth-Umgebung" - "Broadcom Corporation." - C:\WINDOWS\system32\BTNEIG~1.DLL {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\WINDOWS\system32\btncopy.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {BD88A479-9623-4897-8546-BC62B9628F44} "SPTHandler" - "Crawler.com" - C:\Programme\Spyware Terminator\sptcontmenu.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL {13E7F612-F261-4391-BEA2-39DF4F3FA311} "Windows Desktop Search" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\msnlExt.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "PDFCreator Toolbar" - ? - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll <binary data> "Windows Live Toolbar" - "Microsoft Corporation" - C:\Programme\Windows Live Toolbar\msntb.dll <binary data> "{32099AAC-C132-4136-9E9A-4E364A424E17}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10d.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_14-windows-i586.cab {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "@btrez.dll,-4015" - ? - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEE1} "Add to Evernote" - "Evernote Corporation" - C:\Programme\Evernote\Evernote3\enbar.dll {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} "PDFCreator Toolbar" - ? - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll <binary data> "Windows Live Toolbar" - "Microsoft Corporation" - C:\Programme\Windows Live Toolbar\msntb.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {C451C08A-EC37-45DF-AAAD-18B51AB5E837} "PDFCreator Toolbar Helper" - ? - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} "Windows Live Toolbar Helper" - "Microsoft Corporation" - C:\Programme\Windows Live Toolbar\msntb.dll [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Notification packages" - "UPEK Inc." - C:\WINDOWS\system32\psqlpwd.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini "McAfee Security Scan Plus.lnk" - "McAfee, Inc." - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (Shortcut exists | File exists) "Renaissance Wireless Server.lnk" - ? - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Renaissance Wireless Server\Renaissance Wireless Server.exe (Shortcut exists | File exists) -----( %UserProfile%\Startmenü\Programme\Autostart )----- "DeskNotes.lnk" - "MB" - C:\Programme\DeskNotes 2.2.1\DeskNotes.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\Dokumente und Einstellungen\Roadkicker\Startmenü\Programme\Autostart\desktop.ini "Dropbox.lnk" - ? - C:\Dokumente und Einstellungen\Roadkicker\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Shortcut exists | File exists) "Stardock ObjectDock.lnk" - ? - C:\Dokumente und Einstellungen\Roadkicker\Startmenü\Programme\Autostart\Stardock ObjectDock.lnk (Shortcut exists | File not found) "Toodledo Sync Tool.lnk" - "Chromatic Dragon" - C:\Programme\Chromatic Dragon\Toodledo Sync Application\SyncApp.exe (Shortcut exists | File exists) "Verknüpfung mit DeskTask.lnk" - "Carthago Software" - C:\Programme\DeskTask\DeskTask.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "RocketDock" - ? - "C:\Programme\RocketDock\RocketDock.exe" (File found, but it contains no detailed information) "SpywareTerminatorUpdate" - "Crawler.com" - "C:\Programme\Spyware Terminator\SpywareTerminatorUpdate.exe" -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "AMSG" - "LENOVO" - C:\Programme\ThinkVantage\AMSG\Amsg.exe /startup "avast5" - "AVAST Software" - C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui "BLOG" - ? - rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog (File found, but it contains no detailed information) "Everything" - ? - "C:\Programme\Everything\Everything.exe" -startup "EZEJMNAP" - "Lenovo Group Ltd." - C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe "iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe" "MSSE" - "Microsoft Corporation" - "c:\Programme\Microsoft Security Essentials\msseces.exe" -hide -runkey "Prey Laptop Tracker" - ? - c:\Prey\cron.exe --log "PWRMGRTR" - "Lenovo Group Limited" - rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor "QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\QTTask.exe" -atboottime "TMRUBottedTray" - ? - "C:\Programme\Trend Micro\RUBotted\TMRUBottedTray.exe" "TPHOTKEY" - "Lenovo Group Limited" - C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe "TpShocks" - "Lenovo." - TpShocks.exe "TVT Scheduler Proxy" - "Lenovo Group Limited" - C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe [Network Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )----- "IntelNetProvCredMan" - "Intel Corporation" - c:\windows\system32\netprovcredman.dll [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Bluetooth-Druckeranschluss" - "Broadcom Corporation." - C:\WINDOWS\system32\bthcrp.dll "PDFCreator" - ? - C:\WINDOWS\system32\pdfcmnnt.dll (File found, but it contains no detailed information) "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Ac Profile Manager Service" (AcPrfMgrSvc) - "Lenovo " - C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe "Access Connections Main Service" (AcSvc) - "Lenovo " - C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe "Adobe Active File Monitor V6" (AdobeActiveFileMonitor6.0) - ? - C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe (File found, but it contains no detailed information) "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Programme\Alwil Software\Avast5\AvastSvc.exe "avast! iAVS4 Control Service" (aswUpdSv) - ? - "C:\Programme\Alwil Software\Avast4\aswUpdSv.exe" (File not found) "avast! Mail Scanner" (avast! Mail Scanner) - "AVAST Software" - C:\Programme\Alwil Software\Avast5\AvastSvc.exe "avast! Web Scanner" (avast! Web Scanner) - "AVAST Software" - C:\Programme\Alwil Software\Avast5\AvastSvc.exe "Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe "FABS - Helping agent for MAGIX media database" (Fabs) - "MAGIX AG" - C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe "Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe "FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe "FlipShare Service" (FlipShare Service) - ? - C:\Programme\Pure Digital Technologies\FlipShare\FlipShareService.exe "getPlus(R) Helper" (getPlusHelper) - "NOS Microsystems Ltd." - C:\Programme\NOS\bin\getPlus_Helper.dll "getPlus(R) Helper 3004" (nosGetPlusHelper) - "NOS Microsystems Ltd." - C:\Programme\NOS\bin\getPlus_Helper_3004.dll "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "Hotspot Shield Helper Service" (HssSrv) - ? - C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe "Hotspot Shield Monitoring Service" (HssWd) - ? - C:\Programme\Hotspot Shield\bin\hsswd.exe (File found, but it contains no detailed information) "Hotspot Shield Service" (HotspotShieldService) - ? - C:\Programme\Hotspot Shield\bin\openvpnas.exe (File found, but it contains no detailed information) "Hotspot Shield Tray Service" (HssTrayService) - ? - C:\Programme\Hotspot Shield\bin\HssTrayService.EXE (File found, but it contains no detailed information) "Iconix Outlook Addin Updater Service" (IconixOutlookUpdaterService) - "Iconix Inc." - C:\Programme\Iconix eMailID\OutlookClient\IconixOutlookUpdaterService.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe "Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\EvtEng.exe "Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe "Intel(R) PROSet/Wireless Service" (S24EventMonitor) - "Intel Corporation " - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe "IviRegMgr" (IviRegMgr) - "InterVideo" - C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "Macromedia Licensing Service" (Macromedia Licensing Service) - ? - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe "McAfee Security Scan Component Host Service" (McComponentHostService) - "McAfee, Inc." - C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe "Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - c:\Programme\Microsoft Security Essentials\MsMpEng.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "SiSoftware Deployment Agent Service" (SandraAgentSrv) - "SiSoftware" - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP4\RpcAgentSrv.exe "SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe "StarWind iSCSI Service" (StarWindService) - "Rocket Division Software" - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe "System Update" (SUService) - "Lenovo Group Limited" - c:\programme\lenovo\system update\suservice.exe "ThinkPad HDD APS Logging Service" (TPHDEXLGSVC) - "Lenovo." - C:\WINDOWS\System32\TPHDEXLG.exe "ThinkVantage Registry Monitor Service" (ThinkVantage Registry Monitor Service) - "Lenovo Group Limited" - C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe "Trend Micro RUBotted Service" (RUBotted) - ? - C:\Programme\Trend Micro\RUBotted\TMRUBotted.exe "TVT Backup Protection Service" (TVT Backup Protection Service) - ? - C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe "TVT Backup Service" (TVT Backup Service) - "Lenovo Group Limited" - C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe "TVT Scheduler" (TVT Scheduler) - "Lenovo Group Limited" - c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe "TVT Windows Update Monitor" (TVT_UpdateMonitor) - "Lenovo Group Limited" - C:\Programme\Lenovo\Rescue and Recovery\UpdateMonitor.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Media Connect-Dienst" (WMConnectCDS) - "Microsoft Corporation" - C:\Programme\Windows Media Connect 2\wmccds.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )----- "GinaDLL" - "UPEK Inc." - C:\WINDOWS\system32\vrlogon.dll -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "psfus" - "UPEK Inc." - C:\WINDOWS\system32\psqlpwd.dll "tpfnf2" - ? - C:\Programme\Lenovo\HOTKEY\notifyf2.dll (File found, but it contains no detailed information) "tphotkey" - "Lenovo Group Limited" - C:\Programme\Lenovo\HOTKEY\tphklock.dll "WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru MBR: MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows XP Professional Windows Information: Service Pack 3 (build 2600) Logical Drives Mask: 0x0000000c Kernel Drivers (total 163): 0x804D7000 \WINDOWS\system32\ntkrnlpa.exe 0x806E5000 \WINDOWS\system32\hal.dll 0xBA5A8000 \WINDOWS\system32\KDCOM.DLL 0xBA4B8000 \WINDOWS\system32\BOOTVID.dll 0xB9F78000 ACPI.sys 0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS 0xB9F67000 pci.sys 0xBA0A8000 isapnp.sys 0xBA4BC000 compbatt.sys 0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS 0xBA670000 pciide.sys 0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS 0xBA0B8000 MountMgr.sys 0xB9F48000 ftdisk.sys 0xBA5AC000 dmload.sys 0xB9F22000 dmio.sys 0xBA330000 PartMgr.sys 0xBA4C4000 ACPIEC.sys 0xBA671000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 0xBA0C8000 VolSnap.sys 0xB9F0A000 atapi.sys 0xB9E42000 iaStor.sys 0xBA0D8000 disk.sys 0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS 0xB9E22000 fltmgr.sys 0xB9E10000 sr.sys 0xBA0F8000 PxHelp20.sys 0xB9DF9000 KSecDD.sys 0xB9D6C000 Ntfs.sys 0xB9D3F000 NDIS.sys 0xB9D0B000 timntr.sys 0xBA338000 ApsHM86.sys 0xB9CF6000 snapman.sys 0xB9CDA000 Apsx86.sys 0xB9CC0000 Mup.sys 0xBA288000 \SystemRoot\system32\DRIVERS\intelppm.sys 0xB86CC000 \SystemRoot\system32\DRIVERS\igxpmp32.sys 0xB86B8000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xB8677000 \SystemRoot\system32\DRIVERS\e1e5132.sys 0xBA420000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0xB8653000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0xBA450000 \SystemRoot\system32\DRIVERS\usbehci.sys 0xB862B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0xB8408000 \SystemRoot\system32\DRIVERS\NETw4x32.sys 0xBA298000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0xBA408000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0xB83DE000 \SystemRoot\system32\DRIVERS\Apfiltr.sys 0xBA2A8000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS 0xB8362000 \SystemRoot\System32\Drivers\wdf01000.sys 0xBA3F8000 \SystemRoot\system32\DRIVERS\mouclass.sys 0xBA400000 \SystemRoot\system32\DRIVERS\atmeltpm.sys 0xB9C84000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0xB9C80000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys 0xBA2B8000 \SystemRoot\system32\DRIVERS\imapi.sys 0xBA430000 \SystemRoot\system32\drivers\iviaspi.sys 0xBA2C8000 \SystemRoot\system32\DRIVERS\cdrom.sys 0xBA2D8000 \SystemRoot\system32\DRIVERS\redbook.sys 0xB833F000 \SystemRoot\system32\DRIVERS\ks.sys 0xBA480000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0xB826E000 \SystemRoot\system32\DRIVERS\btkrnl.sys 0xBA2E8000 \SystemRoot\system32\drivers\tbhsd.sys 0xB824A000 \SystemRoot\system32\drivers\portcls.sys 0xBA2F8000 \SystemRoot\system32\drivers\drmk.sys 0xBA763000 \SystemRoot\system32\DRIVERS\audstub.sys 0xBA308000 \SystemRoot\system32\DRIVERS\HssDrv.sys 0xBA318000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0xB8C64000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0xB8233000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0xBA128000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0xBA138000 \SystemRoot\system32\DRIVERS\raspptp.sys 0xBA460000 \SystemRoot\system32\DRIVERS\TDI.SYS 0xB8222000 \SystemRoot\system32\DRIVERS\psched.sys 0xBA148000 \SystemRoot\system32\DRIVERS\msgpc.sys 0xBA488000 \SystemRoot\system32\DRIVERS\ptilink.sys 0xBA4A0000 \SystemRoot\system32\DRIVERS\raspti.sys 0xBA158000 \SystemRoot\system32\DRIVERS\tapvpn.sys 0xBA358000 \SystemRoot\system32\DRIVERS\taphss.sys 0xB8152000 \SystemRoot\system32\DRIVERS\rdpdr.sys 0xBA168000 \SystemRoot\system32\DRIVERS\termdd.sys 0xBA3A8000 \SystemRoot\system32\DRIVERS\psadd.sys 0xBA3B8000 \SystemRoot\system32\DRIVERS\Tvti2c.sys 0xBA5F6000 \SystemRoot\system32\DRIVERS\swenum.sys 0xB80F4000 \SystemRoot\system32\DRIVERS\update.sys 0xB9C4B000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0xB80C3000 \SystemRoot\system32\DRIVERS\TMPassthru.sys 0xBA1A8000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xBA1C8000 \SystemRoot\system32\DRIVERS\usbhub.sys 0xBA5FE000 \SystemRoot\system32\DRIVERS\USBD.SYS 0xA7F4E000 \SystemRoot\system32\drivers\ADIHdAud.sys 0xA7F0E000 \SystemRoot\system32\drivers\AEAudio.sys 0xB9C9C000 \SystemRoot\System32\Drivers\i2omgmt.SYS 0xA7EEB000 \SystemRoot\system32\DRIVERS\MpFilter.sys 0xBA1F8000 \SystemRoot\system32\DRIVERS\tvtumon.sys 0xBA61A000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xBA7F3000 \SystemRoot\System32\Drivers\Null.SYS 0xBA61E000 \SystemRoot\System32\Drivers\Beep.SYS 0xBA3B0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0xBA3C8000 \SystemRoot\System32\drivers\vga.sys 0xBA622000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xBA626000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xBA3D8000 \SystemRoot\System32\Drivers\Msfs.SYS 0xBA3E8000 \SystemRoot\System32\Drivers\Npfs.SYS 0xB8C70000 \SystemRoot\system32\DRIVERS\rasacd.sys 0xA7EB8000 \SystemRoot\system32\DRIVERS\ipsec.sys 0xA7E5F000 \SystemRoot\system32\DRIVERS\tcpip.sys 0xBA208000 \SystemRoot\System32\Drivers\aswTdi.SYS 0xA7E11000 \SystemRoot\system32\DRIVERS\ipnat.sys 0xA7DE9000 \SystemRoot\system32\DRIVERS\netbt.sys 0xBA218000 \SystemRoot\system32\DRIVERS\wanarp.sys 0xA7DC7000 \SystemRoot\System32\drivers\afd.sys 0xBA228000 \SystemRoot\system32\DRIVERS\netbios.sys 0xBA448000 \SystemRoot\System32\drivers\Tppwrif.sys 0xBA468000 \SystemRoot\system32\DRIVERS\TPHKDRV.sys 0xA7CE4000 \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys 0xA7CB9000 \SystemRoot\system32\DRIVERS\rdbss.sys 0xA7C49000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xBA630000 \??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys 0xBA258000 \SystemRoot\System32\Drivers\Fips.SYS 0xA7C22000 \SystemRoot\System32\Drivers\aswSP.SYS 0xA7F32000 \SystemRoot\System32\drivers\ANC.SYS 0xBA378000 \SystemRoot\System32\Drivers\Aavmker4.SYS 0xB8212000 \SystemRoot\System32\Drivers\tcusb.sys 0xA7BE8000 \SystemRoot\system32\DRIVERS\swumx01.sys 0xA7BD6000 \SystemRoot\system32\DRIVERS\5U875x86.sys 0xB8202000 \SystemRoot\system32\DRIVERS\STREAM.SYS 0xB81F2000 \SystemRoot\System32\Drivers\Cdfs.SYS 0xBA370000 \SystemRoot\System32\Drivers\Modem.SYS 0xA7B0E000 \SystemRoot\System32\Drivers\dump_iaStor.sys 0xBF800000 \SystemRoot\System32\win32k.sys 0xB9C98000 \SystemRoot\System32\drivers\Dxapi.sys 0xBA3F0000 \SystemRoot\System32\watchdog.sys 0xBF000000 \SystemRoot\System32\drivers\dxg.sys 0xBA742000 \SystemRoot\System32\drivers\dxgthk.sys 0xBF024000 \SystemRoot\System32\igxpgd32.dll 0xBF012000 \SystemRoot\System32\igxprd32.dll 0xBF04E000 \SystemRoot\System32\igxpdv32.DLL 0xBF1F2000 \SystemRoot\System32\igxpdx32.DLL 0xBFFA0000 \SystemRoot\System32\ATMFD.DLL 0xA7C1A000 \SystemRoot\System32\Drivers\aswFsBlk.SYS 0xBA188000 \SystemRoot\system32\DRIVERS\tvtfilter.sys 0xBA418000 \SystemRoot\system32\DRIVERS\tifsfilt.sys 0xBA636000 \??\C:\Programme\Gemeinsame Dateien\ThinkVantage Fingerprint Software\Drivers\smihlp.sys 0xBA498000 \SystemRoot\system32\DRIVERS\AegisP.sys 0xA78A0000 \SystemRoot\system32\DRIVERS\nwlnkipx.sys 0xB8182000 \SystemRoot\system32\DRIVERS\nwlnknb.sys 0xA7982000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xA79D2000 \SystemRoot\system32\DRIVERS\s24trans.sys 0xA7659000 \SystemRoot\System32\Drivers\aswMon2.SYS 0xA75C1000 \SystemRoot\system32\DRIVERS\nwlnkspx.sys 0xA73D9000 \SystemRoot\system32\DRIVERS\nwrdr.sys 0xA73AC000 \SystemRoot\system32\DRIVERS\mrxdav.sys 0xA72F1000 \??\C:\WINDOWS\system32\drivers\acedrv11.sys 0xBA5C2000 \??\C:\WINDOWS\System32\drivers\pmemnt.sys 0xA6CBF000 \SystemRoot\system32\DRIVERS\srv.sys 0xA64FB000 \SystemRoot\system32\drivers\wdmaud.sys 0xA6618000 \SystemRoot\system32\drivers\sysaudio.sys 0xA43FB000 \??\C:\DOKUME~1\ROADKI~1\LOKALE~1\Temp\mbr.sys 0xA40BE000 \SystemRoot\System32\Drivers\HTTP.sys 0xA7858000 \SystemRoot\System32\Drivers\aswRdr.SYS 0xBA650000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS 0xA6A6F000 \SystemRoot\system32\DRIVERS\asyncmac.sys 0xA3C9F000 \SystemRoot\system32\drivers\kmixer.sys 0x7C910000 \WINDOWS\system32\ntdll.dll Processes (total 85): 0 System Idle Process 4 System 900 C:\WINDOWS\system32\smss.exe 1160 csrss.exe 1184 C:\WINDOWS\system32\winlogon.exe 1228 C:\WINDOWS\system32\services.exe 1260 C:\WINDOWS\system32\lsass.exe 1452 C:\WINDOWS\system32\ibmpmsvc.exe 1488 C:\WINDOWS\system32\svchost.exe 1564 svchost.exe 1816 C:\Programme\Microsoft Security Essentials\MsMpEng.exe 1856 C:\WINDOWS\system32\svchost.exe 1884 C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe 500 C:\Programme\Intel\Wireless\Bin\S24EvMon.exe 744 svchost.exe 916 svchost.exe 1808 C:\Programme\Alwil Software\Avast5\AvastSvc.exe 1460 C:\WINDOWS\system32\spoolsv.exe 1656 svchost.exe 1100 C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe 1296 C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe 1684 C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe 1704 C:\Programme\Bonjour\mDNSResponder.exe 1956 C:\Programme\Intel\Wireless\Bin\EvtEng.exe 656 C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe 1012 C:\Programme\Pure Digital Technologies\FlipShare\FlipShareService.exe 2052 C:\Programme\Hotspot Shield\bin\openvpnas.exe 2116 C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe 2288 C:\Programme\Hotspot Shield\bin\hsswd.exe 2356 C:\Programme\Iconix eMailID\OutlookClient\IconixOutlookUpdaterService.exe 2424 C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe 2440 C:\Programme\Java\jre6\bin\jqs.exe 2484 C:\Programme\Intel\Wireless\Bin\RegSrvc.exe 2844 C:\Programme\Trend Micro\RUBotted\TMRUBotted.exe 3784 C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe 3800 C:\WINDOWS\system32\svchost.exe 3828 C:\Programme\Lenovo\System Update\SUService.exe 4044 C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe 612 C:\WINDOWS\system32\TPHDEXLG.exe 676 C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe 1092 C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe 2124 C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe 2196 wdfmgr.exe 2300 C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe 2328 wmiprvse.exe 2520 C:\WINDOWS\system32\rundll32.exe 3324 C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe 2456 C:\WINDOWS\system32\TpShocks.exe 2688 C:\PROGRA~1\ThinkPad\UTILIT~1\EZEJMNAP.EXE 3520 C:\Programme\Analog Devices\Core\smax4pnp.exe 2784 C:\WINDOWS\system32\igfxtray.exe 2868 C:\WINDOWS\system32\hkcmd.exe 3724 C:\WINDOWS\system32\igfxpers.exe 696 C:\Programme\ThinkVantage\AMSG\Amsg.exe 3044 C:\WINDOWS\system32\igfxsrvc.exe 3144 C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe 3252 C:\Programme\Trend Micro\RUBotted\TMRUBottedTray.exe 3636 C:\Programme\Everything\Everything.exe 3656 C:\PROGRA~1\ALWILS~1\Avast5\AvastUI.exe 3700 C:\Prey\cron.exe 3652 C:\Programme\Microsoft Security Essentials\msseces.exe 3952 C:\Programme\iTunes\iTunesHelper.exe 3960 C:\Programme\RocketDock\RocketDock.exe 3980 C:\Programme\Spyware Terminator\SpywareTerminatorUpdate.exe 1708 C:\Programme\Lenovo\HOTKEY\TPONSCR.exe 464 C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe 2532 C:\Programme\Lenovo\ZOOM\TpScrex.exe 2596 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Renaissance Wireless Server\Renaissance Wireless Server.exe 2940 C:\Programme\DeskNotes 2.2.1\DeskNotes.exe 3080 C:\Dokumente und Einstellungen\Roadkicker\Anwendungsdaten\Dropbox\bin\Dropbox.exe 2136 C:\Programme\Chromatic Dragon\Toodledo Sync Application\SyncApp.exe 1356 C:\Programme\DeskTask\DeskTask.exe 4128 C:\WINDOWS\system32\ctfmon.exe 5956 unsecapp.exe 4612 C:\Programme\iPod\bin\iPodService.exe 5572 alg.exe 4528 C:\Programme\Hotspot Shield\bin\openvpntray.exe 4404 C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe 3052 C:\WINDOWS\explorer.exe 4884 C:\Programme\Mozilla Firefox\firefox.exe 4152 C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE 2404 C:\Programme\FeedDemon\FeedDemon.exe 284 C:\Programme\Evernote\Evernote3\Evernote.exe 3348 C:\Programme\Evernote\Evernote3\EvernoteTray.exe 3976 C:\Dokumente und Einstellungen\Roadkicker\Desktop\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS) PhysicalDrive0 Model Number: SAMSUNGMCCOE64G8MPP-0VA, Rev: PS105L16 Size Device Name MBR Status -------------------------------------------- 59 GB \\.\PhysicalDrive0 Unknown MBR code SHA1: 52819666D6D79462C9624733C0082C566F986D78 Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit: Done! |
|
| Themen zu RUBotted meldet Befall - Schutzprogramme finden bei Scan nichts |
| antivirus, avast!, bho, bonjour, dropbox, einstellungen, excel, firefox, google, helper, hijack, hijackthis, hkus\s-1-5-18, hotspot, hotspot shield, hängen, internet, internet explorer, lenovo, microsoft essentials, microsoft security, microsoft security essentials, mozilla, plug-in, registry, rundll, scan, security, security scan, senden, server, software, spyware, spyware terminator, system, thinkvantage registry monitor service, tracker, windows, windows xp |
Linear-Darstellung
