|
Log-Analyse und Auswertung: Ständiger Festplattenzugriff und Ping Peaks, Online Gaming nicht möglichWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
12.12.2010, 14:40 | #1 |
| Ständiger Festplattenzugriff und Ping Peaks, Online Gaming nicht möglich Hallo liebe Community, ich habe einen permanenten ca. sekündlichen Festplattenzugriff zu beklagen bei meinem Windows Vista 32bit Betriebssystem. Google spuckte das Problem öfter aus, aber das Deaktivieren aller möglichen Dienste (Wsearch; Fetch***) hat mir nicht geholfen. Das Ganze stört so extrem, da ich keine online games spielen kann. Ich habe ständige Ping Peaks. Normal ist er bei ca 25 aber durch den Festplattenzugriff (??) springt der Pings im 2-5 sek Takt auf 200. Das Ganze ist mittlerweise in 3 verschiedenen WLAN Areas aufgetreten, am Inet oder Anbieter kann es somit nicht liegen. Virenscan hat nichts ergeben. Der Process Explorer von Microsoft zeigte mir vieles an, aber nichts womit ich was anfangen kann. Daher nun meine Anfrage hier. Habe ein HijackThis logfile im anhang, zudem Malwarebytes prog im quickscan durchgeführt und diese Logfiles davon im Anhang. Danke für jede Hilfe schonmal. €: Habe nun gesehen, dass ein Vollscan mehr helfen könnte und dann noch OTL durchgeführt. Hier die Logs:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 12.12.2010 14:42:04 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\SouLy\Downloads Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18975) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 221,65 Gb Total Space | 10,08 Gb Free Space | 4,55% Space Free | Partition Type: NTFS Drive Q: | 9,77 Gb Total Space | 3,57 Gb Free Space | 36,56% Space Free | Partition Type: NTFS Drive S: | 1,46 Gb Total Space | 0,68 Gb Free Space | 46,12% Space Free | Partition Type: NTFS Computer Name: SOULYSORC | User Name: SouLy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1795EC50-1131-4117-BB09-1DB5B225E03F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{18E9638A-C85C-4F2A-950E-99A2091E3C1E}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{19C57FD0-4D1E-4993-98A2-9EDB03EC4F84}" = lport=2869 | protocol=6 | dir=in | app=system | "{1B9A1D6C-CFC4-48DA-BBDA-5CD334BA012C}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{1C82BC39-3F48-4574-946B-6D756D8E0298}" = rport=10243 | protocol=6 | dir=out | app=system | "{1FB71AD9-DCAC-4650-84B5-F2198E342657}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{23F222DB-4C7E-47C6-A381-BA44589C3CB5}" = lport=445 | protocol=6 | dir=in | app=system | "{46F71168-D302-4DBF-97BC-69F8C550BF44}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{48590428-0518-42B1-ABB2-84B7E7628F6E}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{4FFA39B2-2697-45D3-A4C9-5F4FF1835FB9}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{53594ED3-1370-460E-878F-223CA6AD13CD}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{5DCC5BD7-30AC-4F63-8882-DAFCF11AC4BB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5E82EA57-7B11-4399-90B9-22C843E21586}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{618F6B2B-8F5C-46EA-AACA-2F77662C62B3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{666ED141-583F-45CD-8BCD-93952A0DE338}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{6F121B8B-0664-436A-A7FA-F175E23FAF39}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{7779E118-117C-4B18-AD34-7BF910E7C7F1}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{7902AED2-C5C0-403D-BB37-289CC5641FED}" = lport=10243 | protocol=6 | dir=in | app=system | "{8892EE33-6516-4226-AA9E-481FBF9E237D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{8AD00333-6B76-4B99-8F1A-9A97E6A48C52}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{950DD133-D719-4AFC-8B59-281310F5FE25}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{9747FC55-CEB2-4A14-94A0-06ED23024415}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{9B9E2929-19AF-4DA6-B8C4-80D32BD0D5FB}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{9FDD4E8D-656B-4F3C-8386-FF1790BA998D}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{9FE8DF80-CA8B-4F03-B79E-BA0C1A6CB3BD}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{A32024BC-10CA-43D8-A289-BC9097303002}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A5EE91CF-8E43-4AC3-844B-F690039C96E4}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{A6F30A94-CB9B-4248-89B9-319343197FBC}" = rport=138 | protocol=17 | dir=out | app=system | "{A9682A0A-2368-48B7-9B1E-56D8407F11CB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{ADF246D3-F8CC-48AD-A6FF-8064D3E9C302}" = lport=2869 | protocol=6 | dir=in | app=system | "{AF45F15F-9E3D-4C58-91E3-517C8253747E}" = rport=137 | protocol=17 | dir=out | app=system | "{AFD8C588-8140-4546-9F24-E774DB0FF06B}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{B46FF2EC-3332-43B3-B13C-E7585361A04F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{C103A4C1-031F-4E44-A5B7-9CF2190C1797}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{C256CCCE-1D61-4B42-A5F0-4F0376C719C9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{C776D29D-92DC-4912-8665-9347DCFD6433}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{C8E182AF-EBB3-4128-9BCD-88B5C8E9931A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | "{C907EDC7-97EC-4FE2-A17A-ACB75E22E7FD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{CB93EAB6-72A9-4996-8165-0D3930E2AD3D}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{CBB180E2-ED8A-4056-9EC9-7878B6ED6CAB}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{CF96F711-C855-4133-8569-F79AEAD7FBE1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D4D6E020-3E06-4317-A3CC-4DC8100CBD2A}" = rport=139 | protocol=6 | dir=out | app=system | "{D5C6E132-0ABD-4C19-8DF5-0C04DEA837BB}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{D742F3C6-B8F5-42AF-89D8-EE07B2CAAF0D}" = lport=137 | protocol=17 | dir=in | app=system | "{D7D47A32-BDCF-4B92-8F2A-4F15DEBFA44E}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{D8AFF09A-BF52-4449-9EB4-6B9A88CB4E01}" = lport=138 | protocol=17 | dir=in | app=system | "{DA12B497-D463-4D83-9C14-4572D1479095}" = rport=445 | protocol=6 | dir=out | app=system | "{DAB3CEE0-9AD5-4608-9567-D3AC344A2F23}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{E3C27FC1-B2B8-472E-84C9-9E68AE29226B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{EE9819C2-8639-48FF-BB3D-26E0A0338703}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{EECA66C5-72F6-4A37-BC4D-18506ADBFCA6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F71A1772-FE9E-4898-A9AF-7DE3EF0DCCA7}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{F995987C-A610-4949-BD35-C6782004F8DD}" = lport=139 | protocol=6 | dir=in | app=system | "{FEB11F75-D542-469C-B422-FFBA28DCD499}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{002C70A5-0784-4295-90B9-2F9F01A5FC19}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{01F0935F-5D23-40BE-9112-69145CE4DF66}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{0BDD2EEE-E7A5-43F6-9172-FCB5147668E3}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{0F8789D6-348D-4EC3-A953-31406B371442}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{141E20EB-DF69-4CA0-A50F-A9CE9BFCCC78}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\soulslasha@gmx.de\counter-strike\hl.exe | "{14EB9C89-C7D5-4909-A6B3-62081E84AE94}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{15447309-A05A-4409-BFE2-AA38E941A5A4}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{184EA800-06A7-4E84-A2E1-80F0F0FEF8AB}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{23CD577C-5B1B-4ED4-A3F3-92EA34F77E01}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{266E6DD2-B726-4F86-A9E9-2ECC894E5D49}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{29287775-3AAE-42F5-ACCF-EEDDDD9CAC6D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{2B6B82E2-33C2-46F0-8011-1AA8B5D0E18D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{3002E910-617A-41D2-BCD4-02DE3DB6937E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{32A9B0C0-3328-4EF2-99F5-45725AF79396}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{35D30050-750E-4965-89F1-BD25F7D7E8EB}" = protocol=17 | dir=in | app=c:\program files\rapidsolution\tunebite\tunebitehelper.exe | "{366CC22E-4C59-4A16-B133-350A8D76B838}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{37A7DF64-36A3-4D8C-AD12-425BD33F50A9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{37F9A80E-AB14-4FB6-80BB-83042FB330D6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{3E406A99-38A7-4DD1-82F4-31D2ABA3E16F}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{484ED170-FA3A-4297-AB43-21EB6A932152}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{4F19E599-7EDF-4693-9E59-3B38EF41D04C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{50609DF7-A855-4AEF-BB94-6946A62D194B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{5836142F-A31A-4DB8-9E77-8242EA0253FF}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{5ADCA79D-A19C-4214-86F4-630D56E950A9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{69E03895-847B-4CBA-AD44-ADC38928F45D}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{6AF16503-2C43-4E72-871B-2B97E9A9F4ED}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{7E7F0DA6-E922-4B5E-AA59-2EB34D93FE98}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{801DD450-3B48-4427-A631-3D26075C6F7D}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | "{82C3ED57-F017-448D-97E1-E5F09F95361A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{859CF748-4058-4C8D-8863-58171D5BFABE}" = protocol=17 | dir=in | app=c:\program files\rapidsolution\tunebite\tunebitehelper.exe | "{862C63FA-9F96-4C9C-B6A3-D6EF307D4C04}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8B268B36-89C9-48DD-B39A-0117431B6ECF}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{8FBCA2D0-640A-470E-9310-BBF9BE183020}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{92D58357-BF43-49C2-A176-2F17B1432634}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{97B239B6-EE97-4098-93D9-54711711E023}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{98DFD67D-6E16-4554-B18E-6872B5830CA5}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | "{9A8F83F3-AFAC-499C-A9C5-120826A86823}" = protocol=6 | dir=out | app=system | "{A4FA6836-92B7-4C59-8148-77AE4EA1AC9F}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{A5DDFDAD-807D-4277-8AD4-145F60F17651}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{AA63BF07-5669-4285-8090-B3A036A89BF8}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{AECD6FD9-8CB1-4FED-A24B-206B803EBE2A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{AFEF601E-7CD0-47EE-8B81-0A9040FC6CD5}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{B1DFC0DE-9C98-42BA-8538-367010BBE5CA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{B5F23A77-E202-41EF-AE02-CB5849DDD47B}" = protocol=6 | dir=in | app=c:\program files\rapidsolution\tunebite\tunebitehelper.exe | "{B668FE29-B602-434C-B041-88AC3298BBDE}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{B66A2CE9-A4C2-46A4-B1A3-C8D1FE0FB803}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{B8AFBC9C-D294-45BA-AF6E-7DD742F93407}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{B91D1BE4-C5EC-4230-AA2A-B62A96C2FF71}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{B99E26D6-396A-4D44-9234-DA91C18E087C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{BA2FA64E-7D00-4EF8-AF28-43DCAAE9541B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{BC8FD9B5-2553-4322-B1E6-97044C7C4E92}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{BCA6E49A-CCE4-497E-80F7-6B35EC836831}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{C177D883-E560-4568-9A49-B6BA92F6109D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\soulslasha@gmx.de\counter-strike\hl.exe | "{C65B51B0-EF0B-43AD-A3C6-C813137F7C9E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{CB5578BB-F950-4D36-AADF-EB5005925490}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{CC7E319A-2B6E-4EBF-8871-9CD47DD864E8}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{CCE0BAA8-AA50-4B08-BBCC-4AFDF1BD5C59}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{D1F823B6-BA90-40B7-9562-9EF78943292F}" = protocol=6 | dir=in | app=c:\program files\rapidsolution\tunebite\tunebitehelper.exe | "{DCE6F26F-A682-494E-BB08-266518DA443F}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{DEB56DCE-E744-4E4E-B335-AFCF9E243656}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{DED960DE-CDFF-4166-835A-C43AA81606D4}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{EAC499B9-5CB8-439D-A58F-EC6006656ED3}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{EE46F230-6ECF-4105-B8D8-79461DAE42D2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F10C946A-C743-4677-B22B-035718DB5C29}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{F3BD1010-363D-4B0A-90FB-3CDAFB07CDD8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{FF374705-BEF7-4400-8EE3-B7A6F6058818}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "TCP Query User{0A298B9E-5F7D-47DA-8C4A-C72E40E87E10}C:\program files\napster\napster.exe" = protocol=6 | dir=in | app=c:\program files\napster\napster.exe | "TCP Query User{11C93C16-B62D-49D9-BD9E-258088EDA425}C:\program files\flat out\flatout2.exe" = protocol=6 | dir=in | app=c:\program files\flat out\flatout2.exe | "TCP Query User{177F7D68-47C4-4778-A296-A17598A7BA8F}C:\ut\system\ut2003.exe" = protocol=6 | dir=in | app=c:\ut\system\ut2003.exe | "TCP Query User{23FF17B2-BCCD-4DF0-B7A0-988BCC63EFDC}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{2C3BFB17-67F6-40C2-B9F8-E45C65DA3002}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe | "TCP Query User{2EEE7853-A318-420A-AC6D-527AC7D1843E}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{2EEE9451-DB73-497A-B901-AB4829C61982}C:\sierra\counter-strike\cstrike.exe" = protocol=6 | dir=in | app=c:\sierra\counter-strike\cstrike.exe | "TCP Query User{2FC8B355-5F56-4D6E-A2BF-A0D4E0731CCA}C:\program files\jeyo\jmc_windowsmobile\jmc_wm.exe" = protocol=6 | dir=in | app=c:\program files\jeyo\jmc_windowsmobile\jmc_wm.exe | "TCP Query User{3D0B945E-9563-4897-91E7-B5A60908A0EC}C:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft\starcraft.exe | "TCP Query User{45A6A42E-4025-40DD-ABEE-62525790A370}C:\program files\steam\steamapps\soulslasha@gmx.de\counter-strike\hl.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\soulslasha@gmx.de\counter-strike\hl.exe | "TCP Query User{4725E7D3-262F-42EA-B26D-32C273B093E0}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | "TCP Query User{4DE8CADE-AE71-413F-BB0C-691160CD1218}C:\program files\hlsw\hlsw.exe" = protocol=6 | dir=in | app=c:\program files\hlsw\hlsw.exe | "TCP Query User{53473742-2E27-462D-8F81-25C5CFC5D00A}C:\program files\hlsw\hlsw.exe" = protocol=6 | dir=in | app=c:\program files\hlsw\hlsw.exe | "TCP Query User{56C42D75-D24B-4155-99B9-16068C816483}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{5823C092-1428-41F6-A7AD-B46F2B75E1F8}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | "TCP Query User{78E87C5F-AC79-4ECF-A7F2-87037638B4ED}C:\program files\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike source\hl2.exe | "TCP Query User{7AC3E2F4-1637-4787-81E2-DBD7A68F04DD}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "TCP Query User{96B3666A-7B54-4F89-8741-CFB5CDEBEF8C}C:\program files\the ship\the ship\ship.exe" = protocol=6 | dir=in | app=c:\program files\the ship\the ship\ship.exe | "TCP Query User{A603B789-E708-4D3E-A58F-A7563E781A66}C:\program files\napster\napster.exe" = protocol=6 | dir=in | app=c:\program files\napster\napster.exe | "TCP Query User{AE1CDFD8-6D0B-477A-BD0F-2438937E03ED}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "TCP Query User{B2EEE755-F51C-416C-9390-9286C40FE880}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | "TCP Query User{C0C03308-62E5-4B23-906F-B28D8032DF02}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "TCP Query User{D6754C92-A213-4FEF-BC81-BD4657AF4208}C:\program files\cs 1.6 (patch)\hl.exe" = protocol=6 | dir=in | app=c:\program files\cs 1.6 (patch)\hl.exe | "TCP Query User{DC533369-35FA-4326-9DE6-1434FB441970}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe | "UDP Query User{03E3FAE6-2EDD-4645-9A0A-EB9066899DED}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | "UDP Query User{1FC890D8-AE43-44AD-926C-29F05BC6DFD3}C:\program files\napster\napster.exe" = protocol=17 | dir=in | app=c:\program files\napster\napster.exe | "UDP Query User{38E25209-25E2-451B-8895-F0EEAF8D42C1}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{39BB9E9E-4DF4-4E86-BF76-3A3EEBF4F529}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe | "UDP Query User{414F18A3-299B-4112-AEE0-3A3794A4D2B5}C:\program files\the ship\the ship\ship.exe" = protocol=17 | dir=in | app=c:\program files\the ship\the ship\ship.exe | "UDP Query User{436A2801-8076-4A2C-98F2-CD5FB8051EEB}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{5498AE08-9AB9-4F7B-9C09-480851C48246}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe | "UDP Query User{5AE6E9CE-2B11-4496-933A-4E2427A649EA}C:\program files\jeyo\jmc_windowsmobile\jmc_wm.exe" = protocol=17 | dir=in | app=c:\program files\jeyo\jmc_windowsmobile\jmc_wm.exe | "UDP Query User{5D1A3D02-E3B8-456B-BF15-DCC49C07D508}C:\program files\flat out\flatout2.exe" = protocol=17 | dir=in | app=c:\program files\flat out\flatout2.exe | "UDP Query User{612BCA1F-2613-4123-9FEC-F32D85645424}C:\program files\napster\napster.exe" = protocol=17 | dir=in | app=c:\program files\napster\napster.exe | "UDP Query User{6C6C69DA-0813-4E31-9AB5-B0C8C4CD5719}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | "UDP Query User{7256CAE4-E813-4688-A5B0-F2DDE9E98C75}C:\program files\hlsw\hlsw.exe" = protocol=17 | dir=in | app=c:\program files\hlsw\hlsw.exe | "UDP Query User{7F6BF3BA-03C2-48F0-9210-4CCD9372AEA7}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | "UDP Query User{92784CC8-1882-4049-B57E-4F286A193AC4}C:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft\starcraft.exe | "UDP Query User{97372139-E8C2-4A7E-B685-C1B98432FD16}C:\program files\hlsw\hlsw.exe" = protocol=17 | dir=in | app=c:\program files\hlsw\hlsw.exe | "UDP Query User{A39237CD-0174-4A0E-AB3E-03820B5253EF}C:\program files\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike source\hl2.exe | "UDP Query User{B33BDE52-FDA5-4944-A015-FB41B0524FDB}C:\program files\cs 1.6 (patch)\hl.exe" = protocol=17 | dir=in | app=c:\program files\cs 1.6 (patch)\hl.exe | "UDP Query User{B5F5F818-B26D-4600-88AC-0DB919E76073}C:\ut\system\ut2003.exe" = protocol=17 | dir=in | app=c:\ut\system\ut2003.exe | "UDP Query User{BBD7A580-613F-4DC0-8B3B-25F6EA7503A3}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "UDP Query User{C0183796-C45C-465B-A547-9A00D5395DFE}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{C6BF03EA-AE19-4970-A6E2-94701CB866E8}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{D54D68AF-9FBE-4BA0-9CD5-C5602B3B3E3C}C:\sierra\counter-strike\cstrike.exe" = protocol=17 | dir=in | app=c:\sierra\counter-strike\cstrike.exe | "UDP Query User{E6768AC9-8635-4C76-A7EE-F1F13C8DFA1B}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "UDP Query User{EDB1C76F-5388-4280-B538-1535D2ECA407}C:\program files\steam\steamapps\soulslasha@gmx.de\counter-strike\hl.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\soulslasha@gmx.de\counter-strike\hl.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime "{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = ThinkPad Bluetooth with Enhanced Data Rate Software 6.1.0.4700 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{055B9AD2-48E1-462E-9992-814123063C46}" = Lenovo_ATK_Package "{061A431C-86E7-4DB4-92B8-36DE783865CF}" = Integrated Camera "{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) "{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero Burning ROM Help "{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService "{0EE4030A-8FD4-4798-A21D-17E525B1F7CF}" = Corel Snapfire "{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message "{11bfac10-b260-45a1-8453-ae662b66f71a}" = Nero 9 Trial "{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad-Dienstprogramm 'EasyEject' "{1439F7FF-6389-4593-8227-76E7BE4730C9}" = MXAir Tutorial "{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav" "{1A3696A0-31B9-4D2F-A5B6-FF6DD56BDE9D}_is1" = MyMenu 1.3 "{1c00c7c5-e615-4139-b817-7f4003de68c0}" = Nero PhotoSnap Help "{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{22ED657C-942A-4B73-A3A3-595740CE44B1}" = Tunebite "{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 13 "{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2 "{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint "{2FAAD1C5-2D9D-4EDB-BCD1-FF6573986439}" = Mobile Broadband Connect "{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed "{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode "{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT "{3F963A06-7C18-4039-9789-9644B3266AE7}" = Verizon Wireless BroadbandAccess Self Activation "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision "{44E9D4C2-946C-4378-9354-558803C47A68}" = Client Security - Password Manager "{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz "{4AB5764A-3894-49A2-BAA8-C4665F74CD4C}" = Registry patch to improve USB device detection on resume from sleep for Windows Vista "{4BD295B9-0190-4C54-B08E-33A6ECA922DF}" = ThinkVantage Access Connections "{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2 "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies "{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}" = Cisco Systems VPN Client 5.0.04.0300 "{54971F17-9D16-4D43-95D6-3A86E3D20EDB}" = Office-Bibliothek 4.0 "{56918C0C-0D87-4CA6-92BF-4975A43AC719}" = KhalInstallWrapper "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3 "{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008 "{588DF486-DF7A-11D5-82B4-000374890932}" = Turnierplaner "{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}" = Adobe Flash Player 9 ActiveX "{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01 "{5A1084A3-79B7-480C-9275-D8AA0CCEFA52}" = RUBICon "{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision "{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{60c731fb-c951-41ce-ad41-8e54c8594609}" = Nero Disc Copy Gadget Help "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5 "{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}" = PixiePack Codec Pack "{6280149E-EFF3-4F1B-BD43-5B7EDD6F620A}" = Ergänzung zu Lenovo Care "{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner "{65706020-7B6F-41F2-8047-FC69579E386A}" = Präsentationsdirektor "{668ACF05-E455-4932-A2D2-5822A8206FEB}" = Camera Center "{69333A04-5134-40A5-A055-9166A7AA1EC8}" = "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart "{77e33d87-255e-413e-9c8d-eed2a7f9bebf}" = Nero Live Help "{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights "{7E4C16B8-8F76-4940-8505-98E93C00BF19}" = Rescue and Recovery "{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client "{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help "{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent "{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer "{84ED5482-CFB0-4DD9-BF18-489FFDACD18A}" = Microsoft Antimalware Service DE-DE Language Pack "{85243696-5e58-4357-9cf8-3498c609941d}" = NeroLiveGadget Help "{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update "{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer "{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine "{900A92BA-19EF-4A34-86CF-7B6C85BDD971}" = VC_MergeModuleToMSI "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components "{90FABD40-E741-446F-839D-CEAE905D63BE}" = ThinkPad Mobility Center Customization "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center "{98a67610-a3b5-4098-a423-3708040026d3}" = "Nero SoundTrax Help "{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9CECB23C-F4BC-4FDA-A306-E544A216176A}" = ThinkVantage Status Gadget "{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap "{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget "{9F98C9F8-9B49-411C-AFB9-AF633249FA7C}" = ThinkVantage Fingerprint Software 5.8 "{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components "{ad6bc5cc-2ef0-49c4-b33d-cdc8b2c4dc80}" = Nero Recode Help "{AED53CDF-1046-4C6B-B5E2-C195125ECDA0}" = Intel(R) PROSet/Wireless WiFi-Software "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles "{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center "{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo "{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit "{B90450DF-E781-46FD-B1F1-0C86DA40E443}" = PIF DESIGNER "{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster "{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax "{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help "{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed "{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help "{CF52099A-3BEA-4C41-AEA8-1E190F04D737}" = Lenovo Care "{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM "{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime "{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Energie-Manager "{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers "{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed "{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0 "{e8631efb-6b9a-426c-b1ce-e7173ca26bf8}" = Nero WaveEditor Help "{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget "{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter "{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm "{FA62B4C2-6CFD-462F-9B59-68A730001AB3}" = Product Recovery Disc Burning Utility "{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes "{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool "1&1 Upload-Manager" = 1&1 Upload-Manager "414DA9DB2E84AAFAD2D2715FD9BABFAB2D209FFD" = Windows Driver Package - Lenovo 1.44 (05/14/2008 1.44) "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2 "CNXT_AUDIO_HDA" = Conexant HD Audio "CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP "Counter-Strike: Source v17" = Counter-Strike: Source v17 "Dartuoso" = Dartuoso "Dipmon" = Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "EPSON Scanner" = EPSON Scan "FPIRPOn" = Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista "Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1 "Google Chrome" = Google Chrome "Half-Life: Counter-Strike" = Half-Life: Counter-Strike "HLSW_is1" = HLSW v1.3.0 "Lenovo Registration" = Lenovo Registration "Lenovo Welcome_is1" = Lenovo Welcome v1.0.24.3 "LENOVO.SMIIF" = Lenovo System Interface Driver "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft Security Essentials" = Microsoft Security Essentials "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12) "NVIDIA Drivers" = NVIDIA Drivers "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "OnScreenDisplay" = Anzeige am Bildschirm "Power Management Driver" = ThinkPad Power Management Driver for SL Series "ProInst" = Intel PROSet Wireless "SopCast" = SopCast 3.0.3 "Starcraft" = Starcraft "Steam" = Steam "Steam App 130" = Half-Life: Blue Shift "Steam App 30" = Day of Defeat "Steam App 40" = Deathmatch Classic "SynTPDeinstKey" = ThinkPad UltraNav Driver "SystemRequirementsLab" = System Requirements Lab "ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier "TomTom HOME" = TomTom HOME "Uninstall_is1" = Uninstall 1.0.0.1 "USBPMon" = Registry patch for Windows Vista USB S3 PM Enablement "VLC media player" = VLC media player 1.0.5 "Windows Mobile Device Handbook" = Windows Mobile®-Gerätehandbuch "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "Zattoo" = Zattoo 3.3.4 Beta "Zattoo4" = Zattoo4 4.0.5 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{4E97552A-D0D2-47E3-B4A0-82E5A57A4198}_is1" = Bild Albelli Fotoservice "ff3052b039fbeb03" = DigitalPrintLab3 ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > und OTL.txt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 12.12.2010 14:42:04 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\SouLy\Downloads Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18975) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 221,65 Gb Total Space | 10,08 Gb Free Space | 4,55% Space Free | Partition Type: NTFS Drive Q: | 9,77 Gb Total Space | 3,57 Gb Free Space | 36,56% Space Free | Partition Type: NTFS Drive S: | 1,46 Gb Total Space | 0,68 Gb Free Space | 46,12% Space Free | Partition Type: NTFS Computer Name: SOULYSORC | User Name: SouLy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\SouLy\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Programme\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) PRC - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated) PRC - c:\Programme\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Programme\Lenovo\System Update\SUService.exe (Lenovo Group Limited) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) PRC - c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) PRC - C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe (Lenovo) PRC - C:\Programme\HLSW\hlsw.exe (Stripf Software) PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo) PRC - C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo) PRC - C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo) PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) PRC - C:\Programme\ThinkVantage Fingerprint Software\upeksvr.exe (UPEK Inc.) PRC - C:\Programme\Lenovo\Client Security Solution\tvttcsd.exe (Lenovo) PRC - c:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe () PRC - c:\Programme\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited) PRC - C:\Windows\System32\TPHDEXLG.exe (Lenovo.) PRC - C:\Windows\System32\ibmpmsvc.exe (Lenovo) PRC - C:\Programme\Lenovo\ATK Hotkey\LFKA.exe (Lenovo) PRC - C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\ATK Hotkey\LControl.exe (ATK0101) PRC - C:\Programme\Lenovo\ATK Hotkey\LFKAS.exe () PRC - C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) PRC - C:\Programme\Lenovo\ATK Hotkey\GFNEXSrv.exe () PRC - C:\Programme\Lenovo\ATK Hotkey\ASLDRSrv.exe () PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Modules (SafeList) ========== MOD - C:\Users\SouLy\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (SessionLauncher) -- C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe File not found SRV - (RoxLiveShare10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe File not found SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software GmbH) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (SUService) -- C:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (Power Manager DBC Service) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo) SRV - (TVT_UpdateMonitor) -- C:\Programme\Lenovo\Rescue and Recovery\UpdateMonitor.exe (Lenovo Group Limited) SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (AcSvc) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo) SRV - (AcPrfMgrSvc) -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo) SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (TSSCoreService) -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe (Lenovo) SRV - (ThinkVantage Registry Monitor Service) -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited) SRV - (btwdins) -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.) SRV - (TVT Backup Service) -- C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited) SRV - (TVT Backup Protection Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe () SRV - (TVT Scheduler) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited) SRV - (TPHDEXLGSVC) -- C:\Windows\System32\TPHDEXLG.exe (Lenovo.) SRV - (IBMPMSVC) -- C:\Windows\System32\ibmpmsvc.exe (Lenovo) SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) SRV - (LFKAS) -- C:\Programme\Lenovo\ATK Hotkey\LFKAS.exe () SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) SRV - (ATKGFNEXSrv) -- C:\Programme\Lenovo\ATK Hotkey\GFNEXSrv.exe () SRV - (ASLDRService) -- C:\Programme\Lenovo\ATK Hotkey\ASLDRSrv.exe () SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (btwl2cap) -- C:\Windows\System32\DRIVERS\btwl2cap.sys File not found DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek ) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics Incorporated) DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation) DRV - (SCR3XX2K) -- C:\Windows\System32\drivers\SCR3XX2K.sys (SCM Microsystems Inc.) DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation) DRV - (USBCCID) -- C:\Windows\System32\drivers\usbccid.sys (Microsoft Corporation) DRV - (tvtfilter) -- C:\Windows\System32\drivers\tvtfilter.sys (Lenovo) DRV - (TPPWRIF) -- C:\Windows\System32\drivers\TPPWR32V.SYS () DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo (United States) Inc.) DRV - (DCamUSBGene) -- C:\Windows\System32\drivers\USBSTK.sys () DRV - (ui11rdr) -- C:\Windows\System32\drivers\ui11rdr.SYS (1&1 Internet AG) DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (smihlp) SMI Helper Driver (smihlp) -- C:\Programme\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys (UPEK Inc.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.) DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.) DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.) DRV - (tvtumon) -- C:\Windows\System32\drivers\tvtumon.sys (Lenovo) DRV - (Shockprf) -- C:\Windows\System32\DRIVERS\Apsx86.sys (Lenovo.) DRV - (TPDIGIMN) -- C:\Windows\System32\DRIVERS\ApsHM86.sys (Lenovo.) DRV - (IBMPMDRV) -- C:\Windows\System32\drivers\ibmpmdrv.sys (Lenovo.) DRV - (lenovo.smi) -- C:\Windows\System32\drivers\smiif32.sys (Lenovo Group Limited) DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation) DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation) DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.) DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.) DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (TcUsb) -- C:\Windows\System32\drivers\tcusb.sys (UPEK Inc.) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (tbhsd) -- C:\Windows\System32\drivers\tbhsd.sys (RapidSolution Software AG) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (ASMMAP) -- C:\Programme\Lenovo\ATK Hotkey\ASMMAP.sys () DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (MTsensor) -- C:\Windows\System32\drivers\A0101V32.sys (ATK0100) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.live.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.11 19:02:57 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.11 19:04:50 | 000,000,000 | ---D | M] [2008.10.19 11:38:20 | 000,000,000 | ---D | M] -- C:\Users\SouLy\AppData\Roaming\mozilla\Extensions [2008.10.19 11:38:20 | 000,000,000 | ---D | M] -- C:\Users\SouLy\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2010.12.12 14:19:04 | 000,000,000 | ---D | M] -- C:\Users\SouLy\AppData\Roaming\mozilla\Firefox\Profiles\48wf5y93.default\extensions [2010.05.14 18:46:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\SouLy\AppData\Roaming\mozilla\Firefox\Profiles\48wf5y93.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.11.05 19:33:42 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\SouLy\AppData\Roaming\mozilla\Firefox\Profiles\48wf5y93.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.08.02 18:37:36 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2008.12.19 00:30:20 | 000,106,128 | ---- | M] ( ) -- C:\Programme\Mozilla Firefox\plugins\npstrlnk.dll [2010.10.11 12:56:24 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.10.11 12:56:24 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.10.11 12:56:24 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.10.11 12:56:24 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.10.11 12:56:24 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: ::1 localhost O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.50.140.246 192.168.0.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.) O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.) O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found O24 - Desktop WallPaper: C:\SWTOOLS\Wallpaper\BlackMap1680X1050.jpg O24 - Desktop BackupWallPaper: C:\SWTOOLS\Wallpaper\BlackMap1680X1050.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008.06.10 17:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ] O32 - AutoRun File - [2008.06.02 23:46:54 | 000,000,049 | -HS- | M] () - S:\AUTORUN.INF -- [ NTFS ] O33 - MountPoints2\{42860065-9ef2-11df-96b2-bd5612f5f6f3}\Shell\AutoRun\command - "" = D:\Menu.exe -- File not found O33 - MountPoints2\{876d02b3-e54f-11dd-bd98-001fe2e523b3}\Shell\Open\command - "" = D:\resycled\boot.com -- File not found O33 - MountPoints2\{8a2f17d7-7592-11dd-8387-0022159a37cc}\Shell - "" = AutoRun O33 - MountPoints2\{8a2f17d7-7592-11dd-8387-0022159a37cc}\Shell\AutoRun\command - "" = S:\LenovoSDrive.exe -- [2008.07.29 23:37:58 | 000,180,224 | -HS- | M] () O33 - MountPoints2\{9c3490e3-7543-11dd-b831-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{9c3490e3-7543-11dd-b831-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2008.07.21 17:09:40 | 000,262,144 | -HS- | M] (Lenovo Group Limited) O33 - MountPoints2\{da065477-9dc6-11dd-ad75-001fe2e523b3}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.12.12 14:29:55 | 000,000,000 | ---D | C] -- C:\Users\SouLy\AppData\Roaming\Malwarebytes [2010.12.12 14:29:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.12.12 14:29:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.12.12 14:29:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.12.12 14:29:48 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.12.12 13:12:27 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Security Essentials [2010.12.11 19:22:09 | 000,038,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys [2010.12.11 19:06:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell [2010.12.11 19:04:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll [2010.12.11 19:04:42 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe [2010.12.11 19:04:42 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe [2010.12.11 19:04:42 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe [2010.12.11 19:04:39 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll [2010.12.11 19:04:39 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll [2010.12.11 19:04:38 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll [2010.12.11 19:04:38 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe [2010.12.11 19:04:38 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll [2010.12.11 19:04:37 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll [2010.12.11 19:04:37 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll [2010.12.11 19:04:30 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll [2010.12.11 19:04:30 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe [2010.12.11 19:04:30 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll [2010.12.11 19:04:30 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll [2010.12.11 19:04:30 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll [2010.12.11 19:03:44 | 000,675,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpprefcl.dll [2010.12.11 17:48:30 | 004,177,272 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\SouLy\Desktop\procexp.exe [2010.12.11 15:23:23 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2010.12.11 15:21:22 | 000,000,000 | ---D | C] -- C:\Users\SouLy\AppData\Local\Sunbelt Software [2010.12.11 15:17:50 | 000,000,000 | ---D | C] -- C:\Programme\Lavasoft [2010.12.11 15:17:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2010.12.11 15:12:06 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2010.12.11 15:09:07 | 000,000,000 | ---D | C] -- C:\Users\SouLy\AppData\Roaming\Uniblue [2010.12.11 15:08:36 | 000,000,000 | ---D | C] -- C:\Users\SouLy\AppData\Local\PackageAware [2010.12.11 15:01:20 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2010.12.10 15:16:15 | 000,000,000 | ---D | C] -- C:\Users\SouLy\Desktop\Gutscheine [2010.11.28 19:01:45 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2010.11.28 19:01:44 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2010.11.26 15:40:04 | 000,000,000 | ---D | C] -- C:\Users\SouLy\AppData\Local\Unity [2010.11.21 16:18:38 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Camera Device [2010.11.21 11:06:38 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype [2010.11.21 11:06:37 | 000,000,000 | R--D | C] -- C:\Programme\Skype [2010.11.17 19:58:43 | 000,000,000 | ---D | C] -- C:\Users\SouLy\AppData\Roaming\DivX [2010.11.17 19:51:00 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX ========== Files - Modified Within 30 Days ========== [2010.12.12 14:35:16 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{517A91EB-6947-4E13-B08D-60B0079DE088}.job [2010.12.12 14:29:52 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.12.12 14:11:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.12.12 14:05:23 | 000,689,222 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.12.12 14:05:23 | 000,645,608 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.12.12 14:05:23 | 000,150,990 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.12.12 14:05:23 | 000,122,436 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.12.12 14:02:32 | 000,235,507 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010.12.12 14:01:37 | 000,235,507 | ---- | M] () -- C:\ProgramData\nvModes.dat [2010.12.12 14:01:18 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.12.12 14:00:15 | 000,003,744 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.12.12 14:00:14 | 000,003,744 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.12.12 14:00:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.12.12 14:00:03 | 3220,492,288 | -HS- | M] () -- C:\hiberfil.sys [2010.12.12 13:12:28 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk [2010.12.11 19:22:36 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf [2010.12.11 19:22:30 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf [2010.12.11 19:19:45 | 000,380,000 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.12.11 19:16:04 | 000,000,256 | ---- | M] () -- C:\Windows\wininit.ini [2010.12.11 18:34:43 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.12.11 18:15:42 | 000,000,194 | ---- | M] () -- C:\Users\Public\Documents\BluetoothLog.html [2010.12.11 16:16:20 | 000,361,728 | ---- | M] (TuneUp Software GmbH) -- C:\Windows\System32\TuneUpDefragService.exe [2010.12.11 15:23:23 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2010.12.10 17:18:04 | 000,000,680 | ---- | M] () -- C:\Users\SouLy\AppData\Local\d3d9caps.dat [2010.12.10 17:16:34 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf [2010.12.09 22:12:50 | 000,154,624 | ---- | M] () -- C:\Users\SouLy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.12.09 18:10:38 | 000,053,521 | ---- | M] () -- C:\Users\SouLy\Documents\wirelesskeyview.zip [2010.11.29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.11.29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.11.28 19:02:41 | 000,001,674 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.11.22 11:35:13 | 000,047,616 | ---- | M] () -- C:\Users\SouLy\Desktop\Wolters_20101117.doc [2010.11.22 11:07:54 | 000,048,128 | ---- | M] () -- C:\Users\SouLy\Desktop\Jurgeleit_20101117.doc [2010.11.22 10:59:04 | 004,177,272 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\SouLy\Desktop\procexp.exe [2010.11.21 12:46:39 | 000,054,501 | ---- | M] () -- C:\Users\SouLy\Desktop\Fifa 11 - Spezialbewegungen.pdf [2010.11.21 11:29:50 | 000,039,283 | ---- | M] () -- C:\Users\SouLy\Documents\Rechnung.August.Detlef.pdf [2010.11.18 15:15:25 | 000,053,760 | ---- | M] () -- C:\Users\SouLy\Desktop\Erker_20101117.doc ========== Files Created - No Company Name ========== [2010.12.12 14:29:52 | 000,000,916 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.12.12 14:00:03 | 3220,492,288 | -HS- | C] () -- C:\hiberfil.sys [2010.12.12 13:12:28 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk [2010.12.11 19:22:36 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf [2010.12.11 19:22:30 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf [2010.12.11 19:22:13 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf [2010.12.11 19:04:32 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs [2010.12.11 19:04:32 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml [2010.12.11 19:04:32 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl [2010.12.11 17:48:30 | 000,072,268 | ---- | C] () -- C:\Users\SouLy\Desktop\procexp.chm [2010.12.10 17:16:34 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf [2010.12.09 18:10:35 | 000,053,521 | ---- | C] () -- C:\Users\SouLy\Documents\wirelesskeyview.zip [2010.11.28 19:02:41 | 000,001,674 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.11.22 11:08:26 | 000,047,616 | ---- | C] () -- C:\Users\SouLy\Desktop\Wolters_20101117.doc [2010.11.21 12:46:39 | 000,054,501 | ---- | C] () -- C:\Users\SouLy\Desktop\Fifa 11 - Spezialbewegungen.pdf [2010.11.21 11:29:50 | 000,039,283 | ---- | C] () -- C:\Users\SouLy\Documents\Rechnung.August.Detlef.pdf [2010.11.18 15:17:11 | 000,048,128 | ---- | C] () -- C:\Users\SouLy\Desktop\Jurgeleit_20101117.doc [2010.11.18 14:45:09 | 000,053,760 | ---- | C] () -- C:\Users\SouLy\Desktop\Erker_20101117.doc [2010.09.12 22:13:27 | 000,017,408 | ---- | C] () -- C:\Users\SouLy\AppData\Local\WebpageIcons.db [2010.08.02 17:26:25 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009.12.03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2009.09.25 18:53:55 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.06.13 18:39:40 | 000,000,952 | ---- | C] () -- C:\Windows\System32\KGyGaAvL.sys [2009.04.25 23:54:41 | 000,000,760 | ---- | C] () -- C:\Users\SouLy\AppData\Roaming\setup_ldm.iss [2009.04.02 15:42:41 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini [2009.01.11 09:45:12 | 000,000,680 | ---- | C] () -- C:\Users\SouLy\AppData\Local\d3d9caps.dat [2008.11.20 14:30:05 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2008.11.20 14:20:10 | 000,000,027 | ---- | C] () -- C:\Windows\CDE DX3800G.ini [2008.11.16 17:25:31 | 000,000,005 | ---- | C] () -- C:\ProgramData\DragToDiscUserNameE.txt [2008.11.10 17:17:23 | 000,000,080 | ---- | C] () -- C:\Windows\sierra.ini [2008.11.06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.10.28 21:54:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.10.15 18:08:14 | 000,154,624 | ---- | C] () -- C:\Users\SouLy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.08.29 12:58:26 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll [2008.08.28 22:25:27 | 000,012,080 | ---- | C] () -- C:\Windows\System32\drivers\TPPWR32V.SYS [2008.08.28 22:25:06 | 000,061,440 | ---- | C] () -- C:\Windows\System32\AABATT.dll [2008.08.28 22:21:18 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll [2008.08.28 22:21:18 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll [2008.08.28 22:21:18 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll [2008.08.28 22:21:18 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll [2008.08.28 22:21:18 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll [2008.08.28 22:21:18 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll [2008.08.28 22:18:56 | 000,000,256 | ---- | C] () -- C:\Windows\wininit.ini [2008.08.28 22:11:14 | 000,235,507 | ---- | C] () -- C:\ProgramData\nvModes.001 [2008.08.28 22:11:12 | 000,235,507 | ---- | C] () -- C:\ProgramData\nvModes.dat [2008.08.28 22:06:10 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.08.28 22:04:11 | 000,522,256 | ---- | C] () -- C:\Windows\System32\drivers\USBSTK1.sys [2008.08.28 22:04:11 | 000,299,920 | ---- | C] () -- C:\Windows\System32\drivers\USBSTK0.sys [2008.08.28 22:04:11 | 000,173,584 | ---- | C] () -- C:\Windows\System32\drivers\USBSTK.sys [2008.08.28 22:04:11 | 000,145,424 | ---- | C] () -- C:\Windows\System32\drivers\USBSTK2.sys [2008.08.28 22:04:11 | 000,025,616 | ---- | C] () -- C:\Windows\System32\drivers\USBSTK3.sys [2008.06.09 22:30:42 | 000,057,344 | ---- | C] () -- C:\Windows\System32\BtwNamespaceExt2.dll [2007.12.03 10:46:16 | 000,000,000 | ---- | C] () -- C:\ProgramData\f7129022-a000-4847-db07-470265a73c4f [2007.08.23 18:30:00 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8 < End of report > Geändert von SouLySoRc (12.12.2010 um 15:38 Uhr) |
13.12.2010, 11:22 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Ständiger Festplattenzugriff und Ping Peaks, Online Gaming nicht möglich Hallo und
__________________Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________ |
13.12.2010, 16:18 | #3 |
| Ständiger Festplattenzugriff und Ping Peaks, Online Gaming nicht möglich Leider keine Ergebnisse:
__________________Malwarebytes' Anti-Malware 1.50 www.malwarebytes.org Datenbank Version: 5299 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18975 12.12.2010 17:12:26 mbam-log-2010-12-12 (17-12-26).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 377475 Laufzeit: 2 Stunde(n), 13 Minute(n), 21 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Zudem auch Microsoft Security Essentials ohne Ergebnis. 76 Prozesse laufen auf diesem Rechner und ich kann sie nicht wirklich zuordnen. Zudem ist mir aufgefallen, dass wenn ich zB auf einen Server connecte (bzgl Ping) auf dem keiner drauf ist kaum Ping Peaks sind. Sind allerdings einige Spieler auf dem Server so springt der Ping dauerhaft.. Was kann ich sonst noch tun ?? |
13.12.2010, 22:14 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Ständiger Festplattenzugriff und Ping Peaks, Online Gaming nicht möglich Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL SRV - (SessionLauncher) -- C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe File not found SRV - (RoxLiveShare10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe File not found O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008.06.10 17:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ] O32 - AutoRun File - [2008.06.02 23:46:54 | 000,000,049 | -HS- | M] () - S:\AUTORUN.INF -- [ NTFS ] O33 - MountPoints2\{42860065-9ef2-11df-96b2-bd5612f5f6f3}\Shell\AutoRun\command - "" = D:\Menu.exe -- File not found O33 - MountPoints2\{876d02b3-e54f-11dd-bd98-001fe2e523b3}\Shell\Open\command - "" = D:\resycled\boot.com -- File not found O33 - MountPoints2\{8a2f17d7-7592-11dd-8387-0022159a37cc}\Shell - "" = AutoRun O33 - MountPoints2\{8a2f17d7-7592-11dd-8387-0022159a37cc}\Shell\AutoRun\command - "" = S:\LenovoSDrive.exe -- [2008.07.29 23:37:58 | 000,180,224 | -HS- | M] () O33 - MountPoints2\{9c3490e3-7543-11dd-b831-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{9c3490e3-7543-11dd-b831-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2008.07.21 17:09:40 | 000,262,144 | -HS- | M] (Lenovo Group Limited) O33 - MountPoints2\{da065477-9dc6-11dd-ad75-001fe2e523b3}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe -- File not found @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8 :Commands [purity] [resethosts] [emptytemp] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten |
14.12.2010, 16:24 | #5 |
| Ständiger Festplattenzugriff und Ping Peaks, Online Gaming nicht möglich All processes killed ========== OTL ========== Service SessionLauncher stopped successfully! Service SessionLauncher deleted successfully! File C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe File not found not found. Service RoxLiveShare10 stopped successfully! Service RoxLiveShare10 deleted successfully! File C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe File not found not found. C:\autoexec.bat moved successfully. Q:\AUTORUN.INF moved successfully. S:\AUTORUN.INF moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{42860065-9ef2-11df-96b2-bd5612f5f6f3}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42860065-9ef2-11df-96b2-bd5612f5f6f3}\ not found. File D:\Menu.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{876d02b3-e54f-11dd-bd98-001fe2e523b3}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{876d02b3-e54f-11dd-bd98-001fe2e523b3}\ not found. File D:\resycled\boot.com not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a2f17d7-7592-11dd-8387-0022159a37cc}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a2f17d7-7592-11dd-8387-0022159a37cc}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a2f17d7-7592-11dd-8387-0022159a37cc}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a2f17d7-7592-11dd-8387-0022159a37cc}\ not found. S:\LenovoSDrive.exe moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c3490e3-7543-11dd-b831-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9c3490e3-7543-11dd-b831-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c3490e3-7543-11dd-b831-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9c3490e3-7543-11dd-b831-806e6f6e6963}\ not found. Q:\LenovoQDrive.exe moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da065477-9dc6-11dd-ad75-001fe2e523b3}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{da065477-9dc6-11dd-ad75-001fe2e523b3}\ not found. File F:\InstallTomTomHOME.exe not found. ADS C:\ProgramData\TEMPFC5A2B2 deleted successfully. ADS C:\ProgramData\TEMP:A8ADE5D8 deleted successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: SouLy ->Temp folder emptied: 1312802 bytes ->Temporary Internet Files folder emptied: 2958226 bytes ->Java cache emptied: 43234571 bytes ->FireFox cache emptied: 79726566 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 4401 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 740779 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 122,00 mb OTL by OldTimer - Version 3.2.17.3 log created on 12142010_161858 Files\Folders moved on Reboot... Registry entries deleted on Reboot... Ich muss zu meiner Schande gestehen, dass ich einige Progz deinstalliert habe seitdem und nen RegCleaner habe laufen lassen. Sorry 8[ Hoffe das Ergebnis trübt sich nicht dadurch. |
14.12.2010, 16:47 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Ständiger Festplattenzugriff und Ping Peaks, Online Gaming nicht möglich Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ --> Ständiger Festplattenzugriff und Ping Peaks, Online Gaming nicht möglich |
14.12.2010, 21:42 | #7 |
| Ständiger Festplattenzugriff und Ping Peaks, Online Gaming nicht möglich Combofix Logfile: Code:
ATTFilter ComboFix 10-12-14.01 - SouLy 14.12.2010 21:21:55.1.2 - x86 Microsoft® Windows Vista™ Business 6.0.6002.2.1252.49.1031.18.3070.2091 [GMT 1:00] ausgeführt von:: c:\users\SouLy\Desktop\cofi.exe.exe AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66} SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\Thumbs.db . ((((((((((((((((((((((( Dateien erstellt von 2010-11-14 bis 2010-12-14 )))))))))))))))))))))))))))))) . 2010-12-14 20:31 . 2010-12-14 20:34 -------- d-----w- c:\users\SouLy\AppData\Local\temp 2010-12-14 15:18 . 2010-12-14 15:18 -------- d-----w- C:\_OTL 2010-12-14 15:16 . 2010-11-09 19:33 6273872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F7CD49C3-9C02-4AE1-8EF9-AE6E128512B6}\mpengine.dll 2010-12-13 16:14 . 2010-12-13 16:14 -------- d-----w- c:\users\SouLy\AppData\Local\Microsoft_Corporation 2010-12-12 19:06 . 2010-11-09 19:33 6273872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2010-12-12 14:45 . 2010-12-12 14:45 -------- d-----w- c:\program files\CCleaner 2010-12-12 14:43 . 2010-12-14 16:45 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2010-12-12 14:43 . 2010-12-12 22:18 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-12-12 13:29 . 2010-12-12 13:29 -------- d-----w- c:\users\SouLy\AppData\Roaming\Malwarebytes 2010-12-12 13:29 . 2010-12-12 13:29 -------- d-----w- c:\programdata\Malwarebytes 2010-12-12 13:29 . 2010-11-29 16:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-12 13:29 . 2010-12-12 13:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-12-12 13:29 . 2010-11-29 16:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-12-12 12:12 . 2010-12-12 12:12 -------- d-----w- c:\program files\Microsoft Security Essentials 2010-12-11 18:22 . 2009-07-14 17:45 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2010-12-11 18:22 . 2009-07-14 17:45 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2010-12-11 18:03 . 2009-06-03 23:56 675152 ----a-w- c:\windows\system32\gpprefcl.dll 2010-12-11 14:23 . 2010-12-11 14:23 98392 ------w- c:\windows\system32\drivers\SBREDrv.sys 2010-12-11 14:21 . 2010-12-11 14:21 -------- d-----w- c:\users\SouLy\AppData\Local\Sunbelt Software 2010-12-11 14:17 . 2010-12-11 18:08 -------- d-----w- c:\programdata\Lavasoft 2010-12-11 14:17 . 2010-12-11 14:17 -------- d-----w- c:\program files\Lavasoft 2010-12-11 14:09 . 2010-12-11 14:09 -------- d-----w- c:\users\SouLy\AppData\Roaming\Uniblue 2010-12-11 14:08 . 2010-12-11 14:08 -------- d-----w- c:\users\SouLy\AppData\Local\PackageAware 2010-12-11 14:01 . 2010-12-11 17:47 -------- d-----w- c:\programdata\SecTaskMan 2010-12-10 14:23 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6E734315-80A5-471C-80E0-FD16B3B39970}\mpengine.dll 2010-11-28 18:01 . 2010-11-28 18:01 -------- d-----w- c:\program files\iPod 2010-11-28 18:01 . 2010-11-28 18:02 -------- d-----w- c:\program files\iTunes 2010-11-26 14:40 . 2010-12-11 14:11 -------- d-----w- c:\users\SouLy\AppData\Local\Unity 2010-11-24 08:39 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll 2010-11-21 15:18 . 2010-11-21 15:18 -------- d-----w- c:\programdata\PC Camera Device 2010-11-21 10:06 . 2010-11-21 10:06 -------- d-----w- c:\program files\Common Files\Skype 2010-11-21 10:06 . 2010-11-21 10:06 -------- d-----r- c:\program files\Skype 2010-11-17 18:58 . 2010-11-20 01:45 -------- d-----w- c:\users\SouLy\AppData\Roaming\DivX 2010-11-17 18:51 . 2010-12-11 16:31 -------- d-----w- c:\programdata\DivX . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-11 15:16 . 2009-04-13 12:40 361728 ------w- c:\windows\system32\TuneUpDefragService.exe 2010-10-19 20:51 . 2009-10-10 18:20 222080 ------w- c:\windows\system32\MpSigStub.exe 2010-09-28 14:44 . 2010-09-28 14:44 41984 ------w- c:\windows\system32\drivers\usbaapl.sys 2010-09-28 14:44 . 2010-09-28 14:44 4184352 ------w- c:\windows\system32\usbaaplrc.dll . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) "DisableCAD"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] 2008-06-24 15:31 95496 ------w- c:\windows\System32\psqlpwd.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk backup=c:\windows\pss\VPN Client.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTray] 2008-08-07 11:23 431392 ------w- c:\program files\ThinkPad\ConnectUtilities\ACTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync] 2010-03-13 12:54 91520 ------w- c:\program files\Microsoft Office\Office14\BCSSync.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLOG] 2008-10-27 01:37 214576 ------w- c:\progra~1\ThinkPad\UTILIT~1\BTVLOGEX.DLL [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CameraApplicationLauncher] 2008-08-12 12:47 16384 ------w- c:\program files\Lenovo\Camera Center\bin\CameraApplicationLaunchPadLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader] 2006-08-04 09:00 462336 ------w- c:\program files\Corel\Corel Snapfire\Corel Photo Downloader.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cssauth] 2008-06-25 10:14 3077432 ------w- c:\program files\Lenovo\Client Security Solution\cssauth.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZEJMNAP] 2008-06-04 17:36 242976 ------w- c:\progra~1\ThinkPad\UTILIT~1\EZEJMNAP.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-11-17 19:59 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer] 2007-04-11 13:32 56080 ------w- c:\windows\KHALMNPR.Exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPMailChecker] 2008-06-08 18:00 124248 ------w- c:\progra~1\Lenovo\LENOVO~2\LPMLCHK.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager] 2008-06-08 18:00 165208 ------w- c:\progra~1\Lenovo\LENOVO~2\LPMGR.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2009-07-26 15:44 3883840 ------w- c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2008-06-19 18:03 13543968 ------w- c:\windows\System32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2008-06-19 18:03 92704 ------w- c:\windows\System32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWMTRV] 2008-10-27 01:37 632096 ------w- c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] 2009-03-05 15:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-03-09 04:19 148888 ------w- c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2009-01-19 21:29 39408 ------w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPFNF7] 2008-07-30 19:00 60192 ------w- c:\progra~1\Lenovo\NPDIRECT\tpfnf7sp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TpShocks] 2008-06-06 16:21 181536 ------w- c:\windows\System32\TpShocks.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy] 2008-05-24 14:49 487424 ------w- c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management] 2007-05-31 07:21 648072 ------w- c:\windows\WindowsMobile\wmdcBase.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2008-01-21 02:25 202240 ------w- c:\program files\Windows Media Player\wmpnscfg.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "RoxioDragToDisc"="c:\program files\Lenovo\Drag-to-Disc\DrgToDsc.exe" "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" "NapsterShell"=c:\program files\Napster\napster.exe /systray "Windows Mobile-based device management"=%windir%\WindowsMobile\wmdSync.exe "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" R1 tvtumon;tvtumon;c:\windows\system32\DRIVERS\tvtumon.sys [2008-05-24 48192] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [2008-10-09 360448] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] R3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\DRIVERS\SCR3XX2K.sys [2010-01-06 57856] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] R4 gupdate1ca0936c2de0bd8;Google Update Service (gupdate1ca0936c2de0bd8);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-20 133104] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-02 691696] S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2008-05-14 19496] S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480] S2 LFKAS;Service of LFKA;c:\program files\Lenovo\ATK Hotkey\LFKAS.exe [2008-03-19 208896] S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2008-10-27 66848] S2 smihlp;SMI Helper Driver (smihlp);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2008-06-24 12560] S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2008-06-06 520192] S3 DCamUSBGene;Integrated Camera;c:\windows\system32\DRIVERS\usbstk.sys [2008-07-31 173584] S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-06-26 3662848] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-06-19 43040] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}] 2008-02-25 10:55 7680 ------w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe . Inhalt des "geplante Tasks" Ordners 2010-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-20 12:36] 2010-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-20 12:36] 2010-12-14 c:\windows\Tasks\User_Feed_Synchronization-{517A91EB-6947-4E13-B08D-60B0079DE088}.job - c:\windows\system32\msfeedssync.exe [2010-10-13 04:25] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.com/ uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: An OneNote s&enden - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105 IE: Bild an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000 IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 IE: Seite an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL FF - ProfilePath - c:\users\SouLy\AppData\Roaming\Mozilla\Firefox\Profiles\48wf5y93.default\ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - user.js: yahoo.homepage.dontask - true FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: content.max.tokenizing.time - 200000 FF - user.js: content.notify.interval - 100000 FF - user.js: content.switch.threshold - 650000 FF - user.js: nglayout.initialpaint.delay - 300 . - - - - Entfernte verwaiste Registrierungseinträge - - - - MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe MSConfigStartUp-DivXUpdate - c:\program files\DivX\DivX Update\DivXUpdate.exe MSConfigStartUp-EPSON Stylus DX3800 Series - c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe MSConfigStartUp-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe MSConfigStartUp-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe MSConfigStartUp-TPHOTKEY - c:\program files\Lenovo\HOTKEY\LVOSDSVC.exe MSConfigStartUp-Windows Mobile Device Center - c:\windows\WindowsMobile\wmdc.exe ************************************************************************** Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'Explorer.exe'(4068) c:\windows\system32\btncopy.dll . ------------------------ Weitere laufende Prozesse ------------------------ . c:\windows\system32\ibmpmsvc.exe c:\windows\system32\nvvsvc.exe c:\program files\Microsoft Security Essentials\MsMpEng.exe c:\program files\ThinkVantage Fingerprint Software\upeksvr.exe c:\windows\system32\rundll32.exe c:\program files\Lenovo\ATK Hotkey\ASLDRSrv.exe c:\program files\Lenovo\ATK Hotkey\GFNEXSrv.exe c:\windows\system32\WLANExt.exe c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe c:\program files\Cisco Systems\VPN Client\cvpnd.exe c:\program files\Intel\WiFi\bin\EvtEng.exe c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\windows\System32\TPHDEXLG.exe c:\program files\Lenovo\Client Security Solution\tvttcsd.exe c:\program files\Lenovo\Rescue and Recovery\rrservice.exe c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe c:\windows\system32\DRIVERS\xaudio.exe c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe c:\program files\Lenovo\System Update\SUService.exe c:\windows\servicing\TrustedInstaller.exe c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe c:\program files\Lenovo\ATK Hotkey\LCONTROL.exe c:\program files\Lenovo\ATK Hotkey\LFKA.exe c:\windows\system32\conime.exe c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe . ************************************************************************** . Zeit der Fertigstellung: 2010-12-14 21:39:43 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2010-12-14 20:39 Vor Suchlauf: 16 Verzeichnis(se), 35.195.969.536 Bytes frei Nach Suchlauf: 19 Verzeichnis(se), 39.278.419.968 Bytes frei - - End Of File - - 54342B4E37A66C13AA0ACCC122E730C5 Danke schonmal Hoffe, es findet sich was :] |
15.12.2010, 11:51 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Ständiger Festplattenzugriff und Ping Peaks, Online Gaming nicht möglich Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
15.12.2010, 19:38 | #9 |
| Ständiger Festplattenzugriff und Ping Peaks, Online Gaming nicht möglich Text zu lang. Logfiles im Anhang. Siehst du denn schon was ? Danke für die Hilfe. OSAM OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 19:32:25 on 15.12.2010 OS: Windows Vista Business Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.13 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "iproset.cpl" - "Intel(R) Corporation" - C:\Windows\system32\iproset.cpl "TpShCPL.cpl" - "Lenovo." - C:\Windows\system32\TpShCPL.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\MLCFG32.CPL "Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero 9\Nero BurnRights\NeroBurnRights_cpl.cpl "PROSet Tools" - "Intel(R) Corporation" - C:\Windows\System32\iPROSet.cpl "ProtectorSuiteInfoPanel" - "UPEK Inc." - C:\Program Files\ThinkVantage Fingerprint Software\infopnl.cpl "wmdConn.cpl" - "Microsoft Corporation" - C:\Windows\WindowsMobile\wmdConn.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "APS Digitizer Activity Monitor" (TPDIGIMN) - "Lenovo." - C:\Windows\System32\DRIVERS\ApsHM86.sys "ASMMAP" (ASMMAP) - ? - C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys "Bluetooth L2CAP Service" (btwl2cap) - ? - C:\Windows\System32\DRIVERS\btwl2cap.sys (File not found) "catchme" (catchme) - ? - C:\cofi.exe\catchme.sys (File not found) "Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\Windows\system32\Drivers\CVPNDRVA.sys "FssFltr" (fssfltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\fssfltr.sys "fxdiqpod" (fxdiqpod) - ? - C:\Users\SouLy\AppData\Local\Temp\fxdiqpod.sys (Hidden registry entry, rootkit activity | File not found) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "Lavasoft helper driver" (Lavasoft Kernexplorer) - ? - C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys "Shockprf" (Shockprf) - "Lenovo." - C:\Windows\System32\DRIVERS\Apsx86.sys "SMI Helper Driver (smihlp)" (smihlp) - "UPEK Inc." - C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys "sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "TPPWRIF" (TPPWRIF) - ? - C:\Windows\System32\drivers\Tppwr32v.sys (File signed by Microsoft | File found, but it contains no detailed information) "tvtfilter" (tvtfilter) - "Lenovo" - C:\Windows\System32\DRIVERS\tvtfilter.sys "tvtumon" (tvtumon) - "Lenovo" - C:\Windows\System32\DRIVERS\tvtumon.sys "WimFltr" (WimFltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\wimfltr.sys [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {61E3FE32-07B9-4563-A3E0-2DE2D620FE10} "PixiePack Codec Pack 0.10.6.0" - ? - C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe (File found, but it contains no detailed information) -----( HKLM\Software\Classes\Protocols\Filter )----- {807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} "Arbeitsbereiche" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL {D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech Inc." - C:\Program Files\Logitech\SetPoint\kbcplext.dll {B9B9F083-2B04-452A-8691-83694AC1037B} "LogiExt Class" - "Logitech Inc." - C:\Program Files\Logitech\SetPoint\mcplext.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll {0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL {00020D75-0000-0000-C000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\MLSHEXT.DLL {7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? - (File not found | COM-object registry key not found) {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll {E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll {E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll {E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll {E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" - ? - (File not found | COM-object registry key not found) <binary data> "{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_13.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab {D0C0F75C-683A-4390-A791-1ACFD5599AB8} "Oberon Flash Game Host" - "Oberon Media, Inc." - C:\Windows\Downloaded Program Files\OberonGameHost.dll / hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "@btrez.dll,-4015" - ? - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} "ClsidExtension" - "Lenovo Group Limited" - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll "ICQ6" - "ICQ, LLC." - C:\Program Files\ICQ6.5\ICQ.exe {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll {FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} "IePasswordManagerHelper Class" - "Lenovo Group Limited" - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} "Windows Live Toolbar Helper" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\SouLy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "MSSE" - "Microsoft Corporation" - "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "EPSON Stylus DX3800 Series 2KMonitor5E" - "SEIKO EPSON CORPORATION" - C:\Windows\system32\E_FLMACE.DLL [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%SystemRoot%\System32\TuneUpDefragService.exe,-1" (TuneUp.Defrag) - "TuneUp Software GmbH" - C:\Windows\System32\TuneUpDefragService.exe "@%windir%\WindowsMobile\wcescomm.dll,-40079" (WcesComm) - "Microsoft Corporation" - C:\Windows\WindowsMobile\wcescomm.dll "@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Ac Profile Manager Service" (AcPrfMgrSvc) - "Lenovo" - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe "Access Connections Main Service" (AcSvc) - "Lenovo" - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe "ASLDR Service" (ASLDRService) - ? - C:\Program Files\Lenovo\ATK Hotkey\ASLDRSrv.exe "ATKGFNEX Service" (ATKGFNEXSrv) - ? - C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe "Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe "Intel® PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe "Intel® PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe "IviRegMgr" (IviRegMgr) - "InterVideo" - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe "Microsoft SharePoint Workspace Audit Service" (Microsoft SharePoint Workspace Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\GROOVE.EXE "Nero BackItUp Scheduler 4.0" (Nero BackItUp Scheduler 4.0) - "Nero AG" - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE "Power Manager DBC Service" (Power Manager DBC Service) - "Lenovo" - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE "SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe "Service of LFKA" (LFKAS) - ? - C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe "SQL Server (MSSMLBIZ)" (MSSQL$MSSMLBIZ) - "Microsoft Corporation" - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe "SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe "SQL Server-Browser" (SQLBrowser) - "Microsoft Corporation" - c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe "SQL Server-Startdienst für Business Contact Manager" (BcmSqlStartupSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe "System Update" (SUService) - "Lenovo Group Limited" - C:\Program Files\Lenovo\System Update\SUService.exe "ThinkPad HDD APS Logging Service" (TPHDEXLGSVC) - "Lenovo." - C:\Windows\System32\TPHDEXLG.exe "ThinkVantage Registry Monitor Service" (ThinkVantage Registry Monitor Service) - "Lenovo Group Limited" - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe "TSS Core Service" (TSSCoreService) - "Lenovo" - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe "TVT Backup Protection Service" (TVT Backup Protection Service) - ? - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe "TVT Backup Service" (TVT Backup Service) - "Lenovo Group Limited" - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe "TVT Scheduler" (TVT Scheduler) - "Lenovo Group Limited" - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe "TVT Windows Update Monitor" (TVT_UpdateMonitor) - "Lenovo Group Limited" - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe "Windows Live Family Safety-Dienst" (fsssvc) - "Microsoft Corporation" - C:\Program Files\Windows Live\Family Safety\fsssvc.exe [Winlogon] -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )----- "GinaDLL" - "UPEK Inc." - C:\Windows\system32\vrlogon.dll -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "psfus" - "UPEK Inc." - C:\Windows\system32\psqlpwd.dll "ScCertProp" - ? - wlnotify.dll (File not found) ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
15.12.2010, 19:39 | #10 |
| Ständiger Festplattenzugriff und Ping Peaks, Online Gaming nicht möglich GMER ist zu groß als txt für den Anhang und für das Posting auch (Der Text, den Sie eingegeben haben, besteht aus 435214 Zeichen und ist damit zu lang. Bitte kürzen Sie den Text auf die maximale Länge von 135120 Zeichen.) Soll ich es in 4 Teile splitten ? In Word ist es 485 KB groß, lediglich 112 Seiten... |
16.12.2010, 10:35 | #11 |
| Ständiger Festplattenzugriff und Ping Peaks, Online Gaming nicht möglich HAb die Datei nun mal geuploaded: hxxp://www.file-upload.net/download-3053093/GMER.txt.html HOffe das ist legitim? Wenn nicht bitte link löschen. |
16.12.2010, 15:31 | #12 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Ständiger Festplattenzugriff und Ping Peaks, Online Gaming nicht möglichZitat:
Wenn nicht: Schau mal hier => Vista Notfall/Recovery-CD 32-Bit - Dr. Windows Lad das iso runter, brenn es zB mit ImgBurn per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten). Falls Du eine normale Vista-Installations-DVD hast, brauchst Du das o.g. Image nicht sondern kannst einfach von der Vista-DVD booten. Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen.
__________________ Logfiles bitte immer in CODE-Tags posten |
17.12.2010, 12:45 | #13 |
| Ständiger Festplattenzugriff und Ping Peaks, Online Gaming nicht möglich Ich habe eine Partition die laut systemmelsung zum Booten benötigt wird und nicht verändert werden darf. Zudem habe ich eine Partition auf der die werkseitogen Einstellungen gespeichert sind. Von der habe ich mir einst eine image erstellt. Quasi ne Recovery Partition. Beides war werkseitig vorhanden. Ich habe dem Grunde nach aber nur 1 OS, nämlich Vista. Demnach werde ich deine Anleitung mal durchfuhren??! |
17.12.2010, 13:36 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Ständiger Festplattenzugriff und Ping Peaks, Online Gaming nicht möglich Ja bitte ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
18.12.2010, 16:33 | #15 |
| Ständiger Festplattenzugriff und Ping Peaks, Online Gaming nicht möglich Danke soweit schonmal. Habe alles wie angewiesen durchgeführt und beide Male von der Konsole die Bestätigung erhalten dass der Vorgang erfolgreich durchgeführt wurde. Und nun ? Das Ping Peak Problem besteht immer noch €dit: Auf manchen Servern sind die Peaks weniger stark ausgeprägt als auf anderen ist mir aufgefallen. Auf ganz wenigen Servern sind kaum Peaks. Sehr seltsam.. Geändert von SouLySoRc (18.12.2010 um 16:45 Uhr) |
Themen zu Ständiger Festplattenzugriff und Ping Peaks, Online Gaming nicht möglich |
adblock, alternate, anhang, corp./icp, counter-strike source, deaktivieren, dienste, document, excel.exe, explorer, festplatte, firefox.exe, frage, gfnexsrv.exe, gmx.de, google chrome, hijack, hijackthis, hijackthis logfile, iastor.sys, install.exe, lenovo, location, logfile, malwarebytes, microsoft, microsoft office 2003, microsoft office word, microsoft security, nicht möglich, nichts, nvlddmkm.sys, nvstor.sys, office 2007, oldtimer, online, online games, otl.exe, otl.txt, platte, plug-in, problem, process, programdata, saver, scan, sched.exe, searchplugins, shell32.dll, sierra, skype.exe, spiele, spielen, sptd.sys, ständiger, thinkvantage registry monitor service, vista, vista 32bit, vlc media player, windows, windows vista, wsearch, zugriff |