| |
| |||||||
Log-Analyse und Auswertung: Ständiger Festplattenzugriff und Ping Peaks, Online Gaming nicht möglichWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
12.12.2010, 14:40
| #1 |
 |  Ständiger Festplattenzugriff und Ping Peaks, Online Gaming nicht möglich Hallo liebe Community, ich habe einen permanenten ca. sekündlichen Festplattenzugriff zu beklagen bei meinem Windows Vista 32bit Betriebssystem. Google spuckte das Problem öfter aus, aber das Deaktivieren aller möglichen Dienste (Wsearch; Fetch***) hat mir nicht geholfen. Das Ganze stört so extrem, da ich keine online games spielen kann. Ich habe ständige Ping Peaks. Normal ist er bei ca 25 aber durch den Festplattenzugriff (??) springt der Pings im 2-5 sek Takt auf 200. Das Ganze ist mittlerweise in 3 verschiedenen WLAN Areas aufgetreten, am Inet oder Anbieter kann es somit nicht liegen. Virenscan hat nichts ergeben. Der Process Explorer von Microsoft zeigte mir vieles an, aber nichts womit ich was anfangen kann. Daher nun meine Anfrage hier. Habe ein HijackThis logfile im anhang, zudem Malwarebytes prog im quickscan durchgeführt und diese Logfiles davon im Anhang. Danke für jede Hilfe schonmal. €: Habe nun gesehen, dass ein Vollscan mehr helfen könnte und dann noch OTL durchgeführt. Hier die Logs:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 12.12.2010 14:42:04 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\SouLy\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221,65 Gb Total Space | 10,08 Gb Free Space | 4,55% Space Free | Partition Type: NTFS
Drive Q: | 9,77 Gb Total Space | 3,57 Gb Free Space | 36,56% Space Free | Partition Type: NTFS
Drive S: | 1,46 Gb Total Space | 0,68 Gb Free Space | 46,12% Space Free | Partition Type: NTFS
Computer Name: SOULYSORC | User Name: SouLy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1795EC50-1131-4117-BB09-1DB5B225E03F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{18E9638A-C85C-4F2A-950E-99A2091E3C1E}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{19C57FD0-4D1E-4993-98A2-9EDB03EC4F84}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1B9A1D6C-CFC4-48DA-BBDA-5CD334BA012C}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{1C82BC39-3F48-4574-946B-6D756D8E0298}" = rport=10243 | protocol=6 | dir=out | app=system |
"{1FB71AD9-DCAC-4650-84B5-F2198E342657}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{23F222DB-4C7E-47C6-A381-BA44589C3CB5}" = lport=445 | protocol=6 | dir=in | app=system |
"{46F71168-D302-4DBF-97BC-69F8C550BF44}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{48590428-0518-42B1-ABB2-84B7E7628F6E}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{4FFA39B2-2697-45D3-A4C9-5F4FF1835FB9}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{53594ED3-1370-460E-878F-223CA6AD13CD}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5DCC5BD7-30AC-4F63-8882-DAFCF11AC4BB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5E82EA57-7B11-4399-90B9-22C843E21586}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{618F6B2B-8F5C-46EA-AACA-2F77662C62B3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{666ED141-583F-45CD-8BCD-93952A0DE338}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{6F121B8B-0664-436A-A7FA-F175E23FAF39}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{7779E118-117C-4B18-AD34-7BF910E7C7F1}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{7902AED2-C5C0-403D-BB37-289CC5641FED}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8892EE33-6516-4226-AA9E-481FBF9E237D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{8AD00333-6B76-4B99-8F1A-9A97E6A48C52}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{950DD133-D719-4AFC-8B59-281310F5FE25}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9747FC55-CEB2-4A14-94A0-06ED23024415}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9B9E2929-19AF-4DA6-B8C4-80D32BD0D5FB}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{9FDD4E8D-656B-4F3C-8386-FF1790BA998D}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9FE8DF80-CA8B-4F03-B79E-BA0C1A6CB3BD}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A32024BC-10CA-43D8-A289-BC9097303002}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A5EE91CF-8E43-4AC3-844B-F690039C96E4}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{A6F30A94-CB9B-4248-89B9-319343197FBC}" = rport=138 | protocol=17 | dir=out | app=system |
"{A9682A0A-2368-48B7-9B1E-56D8407F11CB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ADF246D3-F8CC-48AD-A6FF-8064D3E9C302}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AF45F15F-9E3D-4C58-91E3-517C8253747E}" = rport=137 | protocol=17 | dir=out | app=system |
"{AFD8C588-8140-4546-9F24-E774DB0FF06B}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{B46FF2EC-3332-43B3-B13C-E7585361A04F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C103A4C1-031F-4E44-A5B7-9CF2190C1797}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{C256CCCE-1D61-4B42-A5F0-4F0376C719C9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C776D29D-92DC-4912-8665-9347DCFD6433}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C8E182AF-EBB3-4128-9BCD-88B5C8E9931A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{C907EDC7-97EC-4FE2-A17A-ACB75E22E7FD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CB93EAB6-72A9-4996-8165-0D3930E2AD3D}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CBB180E2-ED8A-4056-9EC9-7878B6ED6CAB}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{CF96F711-C855-4133-8569-F79AEAD7FBE1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D4D6E020-3E06-4317-A3CC-4DC8100CBD2A}" = rport=139 | protocol=6 | dir=out | app=system |
"{D5C6E132-0ABD-4C19-8DF5-0C04DEA837BB}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{D742F3C6-B8F5-42AF-89D8-EE07B2CAAF0D}" = lport=137 | protocol=17 | dir=in | app=system |
"{D7D47A32-BDCF-4B92-8F2A-4F15DEBFA44E}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D8AFF09A-BF52-4449-9EB4-6B9A88CB4E01}" = lport=138 | protocol=17 | dir=in | app=system |
"{DA12B497-D463-4D83-9C14-4572D1479095}" = rport=445 | protocol=6 | dir=out | app=system |
"{DAB3CEE0-9AD5-4608-9567-D3AC344A2F23}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E3C27FC1-B2B8-472E-84C9-9E68AE29226B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{EE9819C2-8639-48FF-BB3D-26E0A0338703}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{EECA66C5-72F6-4A37-BC4D-18506ADBFCA6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F71A1772-FE9E-4898-A9AF-7DE3EF0DCCA7}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F995987C-A610-4949-BD35-C6782004F8DD}" = lport=139 | protocol=6 | dir=in | app=system |
"{FEB11F75-D542-469C-B422-FFBA28DCD499}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{002C70A5-0784-4295-90B9-2F9F01A5FC19}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{01F0935F-5D23-40BE-9112-69145CE4DF66}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0BDD2EEE-E7A5-43F6-9172-FCB5147668E3}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0F8789D6-348D-4EC3-A953-31406B371442}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{141E20EB-DF69-4CA0-A50F-A9CE9BFCCC78}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\soulslasha@gmx.de\counter-strike\hl.exe |
"{14EB9C89-C7D5-4909-A6B3-62081E84AE94}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{15447309-A05A-4409-BFE2-AA38E941A5A4}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{184EA800-06A7-4E84-A2E1-80F0F0FEF8AB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{23CD577C-5B1B-4ED4-A3F3-92EA34F77E01}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{266E6DD2-B726-4F86-A9E9-2ECC894E5D49}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{29287775-3AAE-42F5-ACCF-EEDDDD9CAC6D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2B6B82E2-33C2-46F0-8011-1AA8B5D0E18D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3002E910-617A-41D2-BCD4-02DE3DB6937E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{32A9B0C0-3328-4EF2-99F5-45725AF79396}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{35D30050-750E-4965-89F1-BD25F7D7E8EB}" = protocol=17 | dir=in | app=c:\program files\rapidsolution\tunebite\tunebitehelper.exe |
"{366CC22E-4C59-4A16-B133-350A8D76B838}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{37A7DF64-36A3-4D8C-AD12-425BD33F50A9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{37F9A80E-AB14-4FB6-80BB-83042FB330D6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3E406A99-38A7-4DD1-82F4-31D2ABA3E16F}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{484ED170-FA3A-4297-AB43-21EB6A932152}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4F19E599-7EDF-4693-9E59-3B38EF41D04C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{50609DF7-A855-4AEF-BB94-6946A62D194B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5836142F-A31A-4DB8-9E77-8242EA0253FF}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5ADCA79D-A19C-4214-86F4-630D56E950A9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{69E03895-847B-4CBA-AD44-ADC38928F45D}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6AF16503-2C43-4E72-871B-2B97E9A9F4ED}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7E7F0DA6-E922-4B5E-AA59-2EB34D93FE98}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{801DD450-3B48-4427-A631-3D26075C6F7D}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{82C3ED57-F017-448D-97E1-E5F09F95361A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{859CF748-4058-4C8D-8863-58171D5BFABE}" = protocol=17 | dir=in | app=c:\program files\rapidsolution\tunebite\tunebitehelper.exe |
"{862C63FA-9F96-4C9C-B6A3-D6EF307D4C04}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8B268B36-89C9-48DD-B39A-0117431B6ECF}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8FBCA2D0-640A-470E-9310-BBF9BE183020}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{92D58357-BF43-49C2-A176-2F17B1432634}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{97B239B6-EE97-4098-93D9-54711711E023}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{98DFD67D-6E16-4554-B18E-6872B5830CA5}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{9A8F83F3-AFAC-499C-A9C5-120826A86823}" = protocol=6 | dir=out | app=system |
"{A4FA6836-92B7-4C59-8148-77AE4EA1AC9F}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A5DDFDAD-807D-4277-8AD4-145F60F17651}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{AA63BF07-5669-4285-8090-B3A036A89BF8}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{AECD6FD9-8CB1-4FED-A24B-206B803EBE2A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AFEF601E-7CD0-47EE-8B81-0A9040FC6CD5}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B1DFC0DE-9C98-42BA-8538-367010BBE5CA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B5F23A77-E202-41EF-AE02-CB5849DDD47B}" = protocol=6 | dir=in | app=c:\program files\rapidsolution\tunebite\tunebitehelper.exe |
"{B668FE29-B602-434C-B041-88AC3298BBDE}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B66A2CE9-A4C2-46A4-B1A3-C8D1FE0FB803}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B8AFBC9C-D294-45BA-AF6E-7DD742F93407}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{B91D1BE4-C5EC-4230-AA2A-B62A96C2FF71}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B99E26D6-396A-4D44-9234-DA91C18E087C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{BA2FA64E-7D00-4EF8-AF28-43DCAAE9541B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{BC8FD9B5-2553-4322-B1E6-97044C7C4E92}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BCA6E49A-CCE4-497E-80F7-6B35EC836831}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C177D883-E560-4568-9A49-B6BA92F6109D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\soulslasha@gmx.de\counter-strike\hl.exe |
"{C65B51B0-EF0B-43AD-A3C6-C813137F7C9E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CB5578BB-F950-4D36-AADF-EB5005925490}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{CC7E319A-2B6E-4EBF-8871-9CD47DD864E8}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CCE0BAA8-AA50-4B08-BBCC-4AFDF1BD5C59}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D1F823B6-BA90-40B7-9562-9EF78943292F}" = protocol=6 | dir=in | app=c:\program files\rapidsolution\tunebite\tunebitehelper.exe |
"{DCE6F26F-A682-494E-BB08-266518DA443F}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{DEB56DCE-E744-4E4E-B335-AFCF9E243656}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DED960DE-CDFF-4166-835A-C43AA81606D4}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{EAC499B9-5CB8-439D-A58F-EC6006656ED3}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{EE46F230-6ECF-4105-B8D8-79461DAE42D2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F10C946A-C743-4677-B22B-035718DB5C29}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F3BD1010-363D-4B0A-90FB-3CDAFB07CDD8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FF374705-BEF7-4400-8EE3-B7A6F6058818}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"TCP Query User{0A298B9E-5F7D-47DA-8C4A-C72E40E87E10}C:\program files\napster\napster.exe" = protocol=6 | dir=in | app=c:\program files\napster\napster.exe |
"TCP Query User{11C93C16-B62D-49D9-BD9E-258088EDA425}C:\program files\flat out\flatout2.exe" = protocol=6 | dir=in | app=c:\program files\flat out\flatout2.exe |
"TCP Query User{177F7D68-47C4-4778-A296-A17598A7BA8F}C:\ut\system\ut2003.exe" = protocol=6 | dir=in | app=c:\ut\system\ut2003.exe |
"TCP Query User{23FF17B2-BCCD-4DF0-B7A0-988BCC63EFDC}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{2C3BFB17-67F6-40C2-B9F8-E45C65DA3002}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe |
"TCP Query User{2EEE7853-A318-420A-AC6D-527AC7D1843E}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{2EEE9451-DB73-497A-B901-AB4829C61982}C:\sierra\counter-strike\cstrike.exe" = protocol=6 | dir=in | app=c:\sierra\counter-strike\cstrike.exe |
"TCP Query User{2FC8B355-5F56-4D6E-A2BF-A0D4E0731CCA}C:\program files\jeyo\jmc_windowsmobile\jmc_wm.exe" = protocol=6 | dir=in | app=c:\program files\jeyo\jmc_windowsmobile\jmc_wm.exe |
"TCP Query User{3D0B945E-9563-4897-91E7-B5A60908A0EC}C:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"TCP Query User{45A6A42E-4025-40DD-ABEE-62525790A370}C:\program files\steam\steamapps\soulslasha@gmx.de\counter-strike\hl.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\soulslasha@gmx.de\counter-strike\hl.exe |
"TCP Query User{4725E7D3-262F-42EA-B26D-32C273B093E0}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe |
"TCP Query User{4DE8CADE-AE71-413F-BB0C-691160CD1218}C:\program files\hlsw\hlsw.exe" = protocol=6 | dir=in | app=c:\program files\hlsw\hlsw.exe |
"TCP Query User{53473742-2E27-462D-8F81-25C5CFC5D00A}C:\program files\hlsw\hlsw.exe" = protocol=6 | dir=in | app=c:\program files\hlsw\hlsw.exe |
"TCP Query User{56C42D75-D24B-4155-99B9-16068C816483}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{5823C092-1428-41F6-A7AD-B46F2B75E1F8}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe |
"TCP Query User{78E87C5F-AC79-4ECF-A7F2-87037638B4ED}C:\program files\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike source\hl2.exe |
"TCP Query User{7AC3E2F4-1637-4787-81E2-DBD7A68F04DD}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{96B3666A-7B54-4F89-8741-CFB5CDEBEF8C}C:\program files\the ship\the ship\ship.exe" = protocol=6 | dir=in | app=c:\program files\the ship\the ship\ship.exe |
"TCP Query User{A603B789-E708-4D3E-A58F-A7563E781A66}C:\program files\napster\napster.exe" = protocol=6 | dir=in | app=c:\program files\napster\napster.exe |
"TCP Query User{AE1CDFD8-6D0B-477A-BD0F-2438937E03ED}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{B2EEE755-F51C-416C-9390-9286C40FE880}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{C0C03308-62E5-4B23-906F-B28D8032DF02}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{D6754C92-A213-4FEF-BC81-BD4657AF4208}C:\program files\cs 1.6 (patch)\hl.exe" = protocol=6 | dir=in | app=c:\program files\cs 1.6 (patch)\hl.exe |
"TCP Query User{DC533369-35FA-4326-9DE6-1434FB441970}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe |
"UDP Query User{03E3FAE6-2EDD-4645-9A0A-EB9066899DED}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe |
"UDP Query User{1FC890D8-AE43-44AD-926C-29F05BC6DFD3}C:\program files\napster\napster.exe" = protocol=17 | dir=in | app=c:\program files\napster\napster.exe |
"UDP Query User{38E25209-25E2-451B-8895-F0EEAF8D42C1}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{39BB9E9E-4DF4-4E86-BF76-3A3EEBF4F529}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe |
"UDP Query User{414F18A3-299B-4112-AEE0-3A3794A4D2B5}C:\program files\the ship\the ship\ship.exe" = protocol=17 | dir=in | app=c:\program files\the ship\the ship\ship.exe |
"UDP Query User{436A2801-8076-4A2C-98F2-CD5FB8051EEB}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{5498AE08-9AB9-4F7B-9C09-480851C48246}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe |
"UDP Query User{5AE6E9CE-2B11-4496-933A-4E2427A649EA}C:\program files\jeyo\jmc_windowsmobile\jmc_wm.exe" = protocol=17 | dir=in | app=c:\program files\jeyo\jmc_windowsmobile\jmc_wm.exe |
"UDP Query User{5D1A3D02-E3B8-456B-BF15-DCC49C07D508}C:\program files\flat out\flatout2.exe" = protocol=17 | dir=in | app=c:\program files\flat out\flatout2.exe |
"UDP Query User{612BCA1F-2613-4123-9FEC-F32D85645424}C:\program files\napster\napster.exe" = protocol=17 | dir=in | app=c:\program files\napster\napster.exe |
"UDP Query User{6C6C69DA-0813-4E31-9AB5-B0C8C4CD5719}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{7256CAE4-E813-4688-A5B0-F2DDE9E98C75}C:\program files\hlsw\hlsw.exe" = protocol=17 | dir=in | app=c:\program files\hlsw\hlsw.exe |
"UDP Query User{7F6BF3BA-03C2-48F0-9210-4CCD9372AEA7}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe |
"UDP Query User{92784CC8-1882-4049-B57E-4F286A193AC4}C:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"UDP Query User{97372139-E8C2-4A7E-B685-C1B98432FD16}C:\program files\hlsw\hlsw.exe" = protocol=17 | dir=in | app=c:\program files\hlsw\hlsw.exe |
"UDP Query User{A39237CD-0174-4A0E-AB3E-03820B5253EF}C:\program files\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike source\hl2.exe |
"UDP Query User{B33BDE52-FDA5-4944-A015-FB41B0524FDB}C:\program files\cs 1.6 (patch)\hl.exe" = protocol=17 | dir=in | app=c:\program files\cs 1.6 (patch)\hl.exe |
"UDP Query User{B5F5F818-B26D-4600-88AC-0DB919E76073}C:\ut\system\ut2003.exe" = protocol=17 | dir=in | app=c:\ut\system\ut2003.exe |
"UDP Query User{BBD7A580-613F-4DC0-8B3B-25F6EA7503A3}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{C0183796-C45C-465B-A547-9A00D5395DFE}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{C6BF03EA-AE19-4970-A6E2-94701CB866E8}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{D54D68AF-9FBE-4BA0-9CD5-C5602B3B3E3C}C:\sierra\counter-strike\cstrike.exe" = protocol=17 | dir=in | app=c:\sierra\counter-strike\cstrike.exe |
"UDP Query User{E6768AC9-8635-4C76-A7EE-F1F13C8DFA1B}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{EDB1C76F-5388-4280-B538-1535D2ECA407}C:\program files\steam\steamapps\soulslasha@gmx.de\counter-strike\hl.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\soulslasha@gmx.de\counter-strike\hl.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = ThinkPad Bluetooth with Enhanced Data Rate Software 6.1.0.4700
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{055B9AD2-48E1-462E-9992-814123063C46}" = Lenovo_ATK_Package
"{061A431C-86E7-4DB4-92B8-36DE783865CF}" = Integrated Camera
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero Burning ROM Help
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0EE4030A-8FD4-4798-A21D-17E525B1F7CF}" = Corel Snapfire
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{11bfac10-b260-45a1-8453-ae662b66f71a}" = Nero 9 Trial
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad-Dienstprogramm 'EasyEject'
"{1439F7FF-6389-4593-8227-76E7BE4730C9}" = MXAir Tutorial
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"
"{1A3696A0-31B9-4D2F-A5B6-FF6DD56BDE9D}_is1" = MyMenu 1.3
"{1c00c7c5-e615-4139-b817-7f4003de68c0}" = Nero PhotoSnap Help
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22ED657C-942A-4B73-A3A3-595740CE44B1}" = Tunebite
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 13
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{2FAAD1C5-2D9D-4EDB-BCD1-FF6573986439}" = Mobile Broadband Connect
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3F963A06-7C18-4039-9789-9644B3266AE7}" = Verizon Wireless BroadbandAccess Self Activation
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{44E9D4C2-946C-4378-9354-558803C47A68}" = Client Security - Password Manager
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{4AB5764A-3894-49A2-BAA8-C4665F74CD4C}" = Registry patch to improve USB device detection on resume from sleep for Windows Vista
"{4BD295B9-0190-4C54-B08E-33A6ECA922DF}" = ThinkVantage Access Connections
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}" = Cisco Systems VPN Client 5.0.04.0300
"{54971F17-9D16-4D43-95D6-3A86E3D20EDB}" = Office-Bibliothek 4.0
"{56918C0C-0D87-4CA6-92BF-4975A43AC719}" = KhalInstallWrapper
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{588DF486-DF7A-11D5-82B4-000374890932}" = Turnierplaner
"{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}" = Adobe Flash Player 9 ActiveX
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01
"{5A1084A3-79B7-480C-9275-D8AA0CCEFA52}" = RUBICon
"{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision
"{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60c731fb-c951-41ce-ad41-8e54c8594609}" = Nero Disc Copy Gadget Help
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}" = PixiePack Codec Pack
"{6280149E-EFF3-4F1B-BD43-5B7EDD6F620A}" = Ergänzung zu Lenovo Care
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Präsentationsdirektor
"{668ACF05-E455-4932-A2D2-5822A8206FEB}" = Camera Center
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{77e33d87-255e-413e-9c8d-eed2a7f9bebf}" = Nero Live Help
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{7E4C16B8-8F76-4940-8505-98E93C00BF19}" = Rescue and Recovery
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer
"{84ED5482-CFB0-4DD9-BF18-489FFDACD18A}" = Microsoft Antimalware Service DE-DE Language Pack
"{85243696-5e58-4357-9cf8-3498c609941d}" = NeroLiveGadget Help
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{900A92BA-19EF-4A34-86CF-7B6C85BDD971}" = VC_MergeModuleToMSI
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{90FABD40-E741-446F-839D-CEAE905D63BE}" = ThinkPad Mobility Center Customization
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{98a67610-a3b5-4098-a423-3708040026d3}" = "Nero SoundTrax Help
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CECB23C-F4BC-4FDA-A306-E544A216176A}" = ThinkVantage Status Gadget
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget
"{9F98C9F8-9B49-411C-AFB9-AF633249FA7C}" = ThinkVantage Fingerprint Software 5.8
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{ad6bc5cc-2ef0-49c4-b33d-cdc8b2c4dc80}" = Nero Recode Help
"{AED53CDF-1046-4C6B-B5E2-C195125ECDA0}" = Intel(R) PROSet/Wireless WiFi-Software
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{B90450DF-E781-46FD-B1F1-0C86DA40E443}" = PIF DESIGNER
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{CF52099A-3BEA-4C41-AEA8-1E190F04D737}" = Lenovo Care
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Energie-Manager
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{e8631efb-6b9a-426c-b1ce-e7173ca26bf8}" = Nero WaveEditor Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm
"{FA62B4C2-6CFD-462F-9B59-68A730001AB3}" = Product Recovery Disc Burning Utility
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"1&1 Upload-Manager" = 1&1 Upload-Manager
"414DA9DB2E84AAFAD2D2715FD9BABFAB2D209FFD" = Windows Driver Package - Lenovo 1.44 (05/14/2008 1.44)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Counter-Strike: Source v17" = Counter-Strike: Source v17
"Dartuoso" = Dartuoso
"Dipmon" = Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EPSON Scanner" = EPSON Scan
"FPIRPOn" = Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1
"Google Chrome" = Google Chrome
"Half-Life: Counter-Strike" = Half-Life: Counter-Strike
"HLSW_is1" = HLSW v1.3.0
"Lenovo Registration" = Lenovo Registration
"Lenovo Welcome_is1" = Lenovo Welcome v1.0.24.3
"LENOVO.SMIIF" = Lenovo System Interface Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Essentials" = Microsoft Security Essentials
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OnScreenDisplay" = Anzeige am Bildschirm
"Power Management Driver" = ThinkPad Power Management Driver for SL Series
"ProInst" = Intel PROSet Wireless
"SopCast" = SopCast 3.0.3
"Starcraft" = Starcraft
"Steam" = Steam
"Steam App 130" = Half-Life: Blue Shift
"Steam App 30" = Day of Defeat
"Steam App 40" = Deathmatch Classic
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"SystemRequirementsLab" = System Requirements Lab
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"TomTom HOME" = TomTom HOME
"Uninstall_is1" = Uninstall 1.0.0.1
"USBPMon" = Registry patch for Windows Vista USB S3 PM Enablement
"VLC media player" = VLC media player 1.0.5
"Windows Mobile Device Handbook" = Windows Mobile®-Gerätehandbuch
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Zattoo" = Zattoo 3.3.4 Beta
"Zattoo4" = Zattoo4 4.0.5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{4E97552A-D0D2-47E3-B4A0-82E5A57A4198}_is1" = Bild Albelli Fotoservice
"ff3052b039fbeb03" = DigitalPrintLab3
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
und OTL.txt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 12.12.2010 14:42:04 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\SouLy\Downloads Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18975) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 221,65 Gb Total Space | 10,08 Gb Free Space | 4,55% Space Free | Partition Type: NTFS Drive Q: | 9,77 Gb Total Space | 3,57 Gb Free Space | 36,56% Space Free | Partition Type: NTFS Drive S: | 1,46 Gb Total Space | 0,68 Gb Free Space | 46,12% Space Free | Partition Type: NTFS Computer Name: SOULYSORC | User Name: SouLy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\SouLy\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Programme\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) PRC - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated) PRC - c:\Programme\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Programme\Lenovo\System Update\SUService.exe (Lenovo Group Limited) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) PRC - c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) PRC - C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe (Lenovo) PRC - C:\Programme\HLSW\hlsw.exe (Stripf Software) PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo) PRC - C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo) PRC - C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo) PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) PRC - C:\Programme\ThinkVantage Fingerprint Software\upeksvr.exe (UPEK Inc.) PRC - C:\Programme\Lenovo\Client Security Solution\tvttcsd.exe (Lenovo) PRC - c:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe () PRC - c:\Programme\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited) PRC - C:\Windows\System32\TPHDEXLG.exe (Lenovo.) PRC - C:\Windows\System32\ibmpmsvc.exe (Lenovo) PRC - C:\Programme\Lenovo\ATK Hotkey\LFKA.exe (Lenovo) PRC - C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\ATK Hotkey\LControl.exe (ATK0101) PRC - C:\Programme\Lenovo\ATK Hotkey\LFKAS.exe () PRC - C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) PRC - C:\Programme\Lenovo\ATK Hotkey\GFNEXSrv.exe () PRC - C:\Programme\Lenovo\ATK Hotkey\ASLDRSrv.exe () PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Modules (SafeList) ========== MOD - C:\Users\SouLy\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (SessionLauncher) -- C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe File not found SRV - (RoxLiveShare10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe File not found SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software GmbH) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (SUService) -- C:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (Power Manager DBC Service) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo) SRV - (TVT_UpdateMonitor) -- C:\Programme\Lenovo\Rescue and Recovery\UpdateMonitor.exe (Lenovo Group Limited) SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (AcSvc) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo) SRV - (AcPrfMgrSvc) -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo) SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (TSSCoreService) -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe (Lenovo) SRV - (ThinkVantage Registry Monitor Service) -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited) SRV - (btwdins) -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.) SRV - (TVT Backup Service) -- C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited) SRV - (TVT Backup Protection Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe () SRV - (TVT Scheduler) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited) SRV - (TPHDEXLGSVC) -- C:\Windows\System32\TPHDEXLG.exe (Lenovo.) SRV - (IBMPMSVC) -- C:\Windows\System32\ibmpmsvc.exe (Lenovo) SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) SRV - (LFKAS) -- C:\Programme\Lenovo\ATK Hotkey\LFKAS.exe () SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) SRV - (ATKGFNEXSrv) -- C:\Programme\Lenovo\ATK Hotkey\GFNEXSrv.exe () SRV - (ASLDRService) -- C:\Programme\Lenovo\ATK Hotkey\ASLDRSrv.exe () SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (btwl2cap) -- C:\Windows\System32\DRIVERS\btwl2cap.sys File not found DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek ) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics Incorporated) DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation) DRV - (SCR3XX2K) -- C:\Windows\System32\drivers\SCR3XX2K.sys (SCM Microsystems Inc.) DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation) DRV - (USBCCID) -- C:\Windows\System32\drivers\usbccid.sys (Microsoft Corporation) DRV - (tvtfilter) -- C:\Windows\System32\drivers\tvtfilter.sys (Lenovo) DRV - (TPPWRIF) -- C:\Windows\System32\drivers\TPPWR32V.SYS () DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo (United States) Inc.) DRV - (DCamUSBGene) -- C:\Windows\System32\drivers\USBSTK.sys () DRV - (ui11rdr) -- C:\Windows\System32\drivers\ui11rdr.SYS (1&1 Internet AG) DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (smihlp) SMI Helper Driver (smihlp) -- C:\Programme\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys (UPEK Inc.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.) DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.) DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.) DRV - (tvtumon) -- C:\Windows\System32\drivers\tvtumon.sys (Lenovo) DRV - (Shockprf) -- C:\Windows\System32\DRIVERS\Apsx86.sys (Lenovo.) DRV - (TPDIGIMN) -- C:\Windows\System32\DRIVERS\ApsHM86.sys (Lenovo.) DRV - (IBMPMDRV) -- C:\Windows\System32\drivers\ibmpmdrv.sys (Lenovo.) DRV - (lenovo.smi) -- C:\Windows\System32\drivers\smiif32.sys (Lenovo Group Limited) DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation) DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation) DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.) DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.) DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (TcUsb) -- C:\Windows\System32\drivers\tcusb.sys (UPEK Inc.) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (tbhsd) -- C:\Windows\System32\drivers\tbhsd.sys (RapidSolution Software AG) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (ASMMAP) -- C:\Programme\Lenovo\ATK Hotkey\ASMMAP.sys () DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (MTsensor) -- C:\Windows\System32\drivers\A0101V32.sys (ATK0100) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.live.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.11 19:02:57 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.11 19:04:50 | 000,000,000 | ---D | M] [2008.10.19 11:38:20 | 000,000,000 | ---D | M] -- C:\Users\SouLy\AppData\Roaming\mozilla\Extensions [2008.10.19 11:38:20 | 000,000,000 | ---D | M] -- C:\Users\SouLy\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2010.12.12 14:19:04 | 000,000,000 | ---D | M] -- C:\Users\SouLy\AppData\Roaming\mozilla\Firefox\Profiles\48wf5y93.default\extensions [2010.05.14 18:46:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\SouLy\AppData\Roaming\mozilla\Firefox\Profiles\48wf5y93.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.11.05 19:33:42 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\SouLy\AppData\Roaming\mozilla\Firefox\Profiles\48wf5y93.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.08.02 18:37:36 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2008.12.19 00:30:20 | 000,106,128 | ---- | M] ( ) -- C:\Programme\Mozilla Firefox\plugins\npstrlnk.dll [2010.10.11 12:56:24 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.10.11 12:56:24 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.10.11 12:56:24 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.10.11 12:56:24 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.10.11 12:56:24 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: ::1 localhost O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.50.140.246 192.168.0.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.) O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.) O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found O24 - Desktop WallPaper: C:\SWTOOLS\Wallpaper\BlackMap1680X1050.jpg O24 - Desktop BackupWallPaper: C:\SWTOOLS\Wallpaper\BlackMap1680X1050.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008.06.10 17:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ] O32 - AutoRun File - [2008.06.02 23:46:54 | 000,000,049 | -HS- | M] () - S:\AUTORUN.INF -- [ NTFS ] O33 - MountPoints2\{42860065-9ef2-11df-96b2-bd5612f5f6f3}\Shell\AutoRun\command - "" = D:\Menu.exe -- File not found O33 - MountPoints2\{876d02b3-e54f-11dd-bd98-001fe2e523b3}\Shell\Open\command - "" = D:\resycled\boot.com -- File not found O33 - MountPoints2\{8a2f17d7-7592-11dd-8387-0022159a37cc}\Shell - "" = AutoRun O33 - MountPoints2\{8a2f17d7-7592-11dd-8387-0022159a37cc}\Shell\AutoRun\command - "" = S:\LenovoSDrive.exe -- [2008.07.29 23:37:58 | 000,180,224 | -HS- | M] () O33 - MountPoints2\{9c3490e3-7543-11dd-b831-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{9c3490e3-7543-11dd-b831-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2008.07.21 17:09:40 | 000,262,144 | -HS- | M] (Lenovo Group Limited) O33 - MountPoints2\{da065477-9dc6-11dd-ad75-001fe2e523b3}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.12.12 14:29:55 | 000,000,000 | ---D | C] -- C:\Users\SouLy\AppData\Roaming\Malwarebytes [2010.12.12 14:29:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.12.12 14:29:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.12.12 14:29:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.12.12 14:29:48 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.12.12 13:12:27 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Security Essentials [2010.12.11 19:22:09 | 000,038,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys [2010.12.11 19:06:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell [2010.12.11 19:04:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll [2010.12.11 19:04:42 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe [2010.12.11 19:04:42 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe [2010.12.11 19:04:42 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe [2010.12.11 19:04:39 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll [2010.12.11 19:04:39 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll [2010.12.11 19:04:38 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll [2010.12.11 19:04:38 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe [2010.12.11 19:04:38 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll [2010.12.11 19:04:37 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll [2010.12.11 19:04:37 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll [2010.12.11 19:04:30 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll [2010.12.11 19:04:30 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe [2010.12.11 19:04:30 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll [2010.12.11 19:04:30 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll [2010.12.11 19:04:30 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll [2010.12.11 19:03:44 | 000,675,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpprefcl.dll [2010.12.11 17:48:30 | 004,177,272 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\SouLy\Desktop\procexp.exe [2010.12.11 15:23:23 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2010.12.11 15:21:22 | 000,000,000 | ---D | C] -- C:\Users\SouLy\AppData\Local\Sunbelt Software [2010.12.11 15:17:50 | 000,000,000 | ---D | C] -- C:\Programme\Lavasoft [2010.12.11 15:17:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2010.12.11 15:12:06 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2010.12.11 15:09:07 | 000,000,000 | ---D | C] -- C:\Users\SouLy\AppData\Roaming\Uniblue [2010.12.11 15:08:36 | 000,000,000 | ---D | C] -- C:\Users\SouLy\AppData\Local\PackageAware [2010.12.11 15:01:20 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2010.12.10 15:16:15 | 000,000,000 | ---D | C] -- C:\Users\SouLy\Desktop\Gutscheine [2010.11.28 19:01:45 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2010.11.28 19:01:44 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2010.11.26 15:40:04 | 000,000,000 | ---D | C] -- C:\Users\SouLy\AppData\Local\Unity [2010.11.21 16:18:38 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Camera Device [2010.11.21 11:06:38 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype [2010.11.21 11:06:37 | 000,000,000 | R--D | C] -- C:\Programme\Skype [2010.11.17 19:58:43 | 000,000,000 | ---D | C] -- C:\Users\SouLy\AppData\Roaming\DivX [2010.11.17 19:51:00 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX ========== Files - Modified Within 30 Days ========== [2010.12.12 14:35:16 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{517A91EB-6947-4E13-B08D-60B0079DE088}.job [2010.12.12 14:29:52 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.12.12 14:11:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.12.12 14:05:23 | 000,689,222 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.12.12 14:05:23 | 000,645,608 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.12.12 14:05:23 | 000,150,990 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.12.12 14:05:23 | 000,122,436 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.12.12 14:02:32 | 000,235,507 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010.12.12 14:01:37 | 000,235,507 | ---- | M] () -- C:\ProgramData\nvModes.dat [2010.12.12 14:01:18 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.12.12 14:00:15 | 000,003,744 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.12.12 14:00:14 | 000,003,744 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.12.12 14:00:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.12.12 14:00:03 | 3220,492,288 | -HS- | M] () -- C:\hiberfil.sys [2010.12.12 13:12:28 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk [2010.12.11 19:22:36 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf [2010.12.11 19:22:30 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf [2010.12.11 19:19:45 | 000,380,000 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.12.11 19:16:04 | 000,000,256 | ---- | M] () -- C:\Windows\wininit.ini [2010.12.11 18:34:43 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.12.11 18:15:42 | 000,000,194 | ---- | M] () -- C:\Users\Public\Documents\BluetoothLog.html [2010.12.11 16:16:20 | 000,361,728 | ---- | M] (TuneUp Software GmbH) -- C:\Windows\System32\TuneUpDefragService.exe [2010.12.11 15:23:23 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2010.12.10 17:18:04 | 000,000,680 | ---- | M] () -- C:\Users\SouLy\AppData\Local\d3d9caps.dat [2010.12.10 17:16:34 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf [2010.12.09 22:12:50 | 000,154,624 | ---- | M] () -- C:\Users\SouLy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.12.09 18:10:38 | 000,053,521 | ---- | M] () -- C:\Users\SouLy\Documents\wirelesskeyview.zip [2010.11.29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.11.29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.11.28 19:02:41 | 000,001,674 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.11.22 11:35:13 | 000,047,616 | ---- | M] () -- C:\Users\SouLy\Desktop\Wolters_20101117.doc [2010.11.22 11:07:54 | 000,048,128 | ---- | M] () -- C:\Users\SouLy\Desktop\Jurgeleit_20101117.doc [2010.11.22 10:59:04 | 004,177,272 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\SouLy\Desktop\procexp.exe [2010.11.21 12:46:39 | 000,054,501 | ---- | M] () -- C:\Users\SouLy\Desktop\Fifa 11 - Spezialbewegungen.pdf [2010.11.21 11:29:50 | 000,039,283 | ---- | M] () -- C:\Users\SouLy\Documents\Rechnung.August.Detlef.pdf [2010.11.18 15:15:25 | 000,053,760 | ---- | M] () -- C:\Users\SouLy\Desktop\Erker_20101117.doc ========== Files Created - No Company Name ========== [2010.12.12 14:29:52 | 000,000,916 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.12.12 14:00:03 | 3220,492,288 | -HS- | C] () -- C:\hiberfil.sys [2010.12.12 13:12:28 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk [2010.12.11 19:22:36 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf [2010.12.11 19:22:30 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf [2010.12.11 19:22:13 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf [2010.12.11 19:04:32 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs [2010.12.11 19:04:32 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml [2010.12.11 19:04:32 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl [2010.12.11 17:48:30 | 000,072,268 | ---- | C] () -- C:\Users\SouLy\Desktop\procexp.chm [2010.12.10 17:16:34 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf [2010.12.09 18:10:35 | 000,053,521 | ---- | C] () -- C:\Users\SouLy\Documents\wirelesskeyview.zip [2010.11.28 19:02:41 | 000,001,674 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.11.22 11:08:26 | 000,047,616 | ---- | C] () -- C:\Users\SouLy\Desktop\Wolters_20101117.doc [2010.11.21 12:46:39 | 000,054,501 | ---- | C] () -- C:\Users\SouLy\Desktop\Fifa 11 - Spezialbewegungen.pdf [2010.11.21 11:29:50 | 000,039,283 | ---- | C] () -- C:\Users\SouLy\Documents\Rechnung.August.Detlef.pdf [2010.11.18 15:17:11 | 000,048,128 | ---- | C] () -- C:\Users\SouLy\Desktop\Jurgeleit_20101117.doc [2010.11.18 14:45:09 | 000,053,760 | ---- | C] () -- C:\Users\SouLy\Desktop\Erker_20101117.doc [2010.09.12 22:13:27 | 000,017,408 | ---- | C] () -- C:\Users\SouLy\AppData\Local\WebpageIcons.db [2010.08.02 17:26:25 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009.12.03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2009.09.25 18:53:55 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.06.13 18:39:40 | 000,000,952 | ---- | C] () -- C:\Windows\System32\KGyGaAvL.sys [2009.04.25 23:54:41 | 000,000,760 | ---- | C] () -- C:\Users\SouLy\AppData\Roaming\setup_ldm.iss [2009.04.02 15:42:41 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini [2009.01.11 09:45:12 | 000,000,680 | ---- | C] () -- C:\Users\SouLy\AppData\Local\d3d9caps.dat [2008.11.20 14:30:05 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2008.11.20 14:20:10 | 000,000,027 | ---- | C] () -- C:\Windows\CDE DX3800G.ini [2008.11.16 17:25:31 | 000,000,005 | ---- | C] () -- C:\ProgramData\DragToDiscUserNameE.txt [2008.11.10 17:17:23 | 000,000,080 | ---- | C] () -- C:\Windows\sierra.ini [2008.11.06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.10.28 21:54:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.10.15 18:08:14 | 000,154,624 | ---- | C] () -- C:\Users\SouLy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.08.29 12:58:26 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll [2008.08.28 22:25:27 | 000,012,080 | ---- | C] () -- C:\Windows\System32\drivers\TPPWR32V.SYS [2008.08.28 22:25:06 | 000,061,440 | ---- | C] () -- C:\Windows\System32\AABATT.dll [2008.08.28 22:21:18 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll [2008.08.28 22:21:18 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll [2008.08.28 22:21:18 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll [2008.08.28 22:21:18 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll [2008.08.28 22:21:18 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll [2008.08.28 22:21:18 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll [2008.08.28 22:18:56 | 000,000,256 | ---- | C] () -- C:\Windows\wininit.ini [2008.08.28 22:11:14 | 000,235,507 | ---- | C] () -- C:\ProgramData\nvModes.001 [2008.08.28 22:11:12 | 000,235,507 | ---- | C] () -- C:\ProgramData\nvModes.dat [2008.08.28 22:06:10 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.08.28 22:04:11 | 000,522,256 | ---- | C] () -- C:\Windows\System32\drivers\USBSTK1.sys [2008.08.28 22:04:11 | 000,299,920 | ---- | C] () -- C:\Windows\System32\drivers\USBSTK0.sys [2008.08.28 22:04:11 | 000,173,584 | ---- | C] () -- C:\Windows\System32\drivers\USBSTK.sys [2008.08.28 22:04:11 | 000,145,424 | ---- | C] () -- C:\Windows\System32\drivers\USBSTK2.sys [2008.08.28 22:04:11 | 000,025,616 | ---- | C] () -- C:\Windows\System32\drivers\USBSTK3.sys [2008.06.09 22:30:42 | 000,057,344 | ---- | C] () -- C:\Windows\System32\BtwNamespaceExt2.dll [2007.12.03 10:46:16 | 000,000,000 | ---- | C] () -- C:\ProgramData\f7129022-a000-4847-db07-470265a73c4f [2007.08.23 18:30:00 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8 < End of report > Geändert von SouLySoRc (12.12.2010 um 15:38 Uhr) |
|
13.12.2010, 11:22
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Ständiger Festplattenzugriff und Ping Peaks, Online Gaming nicht möglich Hallo und
__________________ Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________ |
|
13.12.2010, 16:18
| #3 |
| | Ständiger Festplattenzugriff und Ping Peaks, Online Gaming nicht möglich Leider keine Ergebnisse:
__________________Malwarebytes' Anti-Malware 1.50 www.malwarebytes.org Datenbank Version: 5299 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18975 12.12.2010 17:12:26 mbam-log-2010-12-12 (17-12-26).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 377475 Laufzeit: 2 Stunde(n), 13 Minute(n), 21 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Zudem auch Microsoft Security Essentials ohne Ergebnis. 76 Prozesse laufen auf diesem Rechner und ich kann sie nicht wirklich zuordnen. Zudem ist mir aufgefallen, dass wenn ich zB auf einen Server connecte (bzgl Ping) auf dem keiner drauf ist kaum Ping Peaks sind. Sind allerdings einige Spieler auf dem Server so springt der Ping dauerhaft.. Was kann ich sonst noch tun ?? |
|
13.12.2010, 22:14
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ständiger Festplattenzugriff und Ping Peaks, Online Gaming nicht möglich Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
SRV - (SessionLauncher) -- C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe File not found
SRV - (RoxLiveShare10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe File not found
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.06.10 17:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O32 - AutoRun File - [2008.06.02 23:46:54 | 000,000,049 | -HS- | M] () - S:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{42860065-9ef2-11df-96b2-bd5612f5f6f3}\Shell\AutoRun\command - "" = D:\Menu.exe -- File not found
O33 - MountPoints2\{876d02b3-e54f-11dd-bd98-001fe2e523b3}\Shell\Open\command - "" = D:\resycled\boot.com -- File not found
O33 - MountPoints2\{8a2f17d7-7592-11dd-8387-0022159a37cc}\Shell - "" = AutoRun
O33 - MountPoints2\{8a2f17d7-7592-11dd-8387-0022159a37cc}\Shell\AutoRun\command - "" = S:\LenovoSDrive.exe -- [2008.07.29 23:37:58 | 000,180,224 | -HS- | M] ()
O33 - MountPoints2\{9c3490e3-7543-11dd-b831-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9c3490e3-7543-11dd-b831-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2008.07.21 17:09:40 | 000,262,144 | -HS- | M] (Lenovo Group Limited)
O33 - MountPoints2\{da065477-9dc6-11dd-ad75-001fe2e523b3}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe -- File not found
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
14.12.2010, 16:24
| #5 |
| | Ständiger Festplattenzugriff und Ping Peaks, Online Gaming nicht möglich All processes killed ========== OTL ========== Service SessionLauncher stopped successfully! Service SessionLauncher deleted successfully! File C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe File not found not found. Service RoxLiveShare10 stopped successfully! Service RoxLiveShare10 deleted successfully! File C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe File not found not found. C:\autoexec.bat moved successfully. Q:\AUTORUN.INF moved successfully. S:\AUTORUN.INF moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{42860065-9ef2-11df-96b2-bd5612f5f6f3}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42860065-9ef2-11df-96b2-bd5612f5f6f3}\ not found. File D:\Menu.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{876d02b3-e54f-11dd-bd98-001fe2e523b3}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{876d02b3-e54f-11dd-bd98-001fe2e523b3}\ not found. File D:\resycled\boot.com not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a2f17d7-7592-11dd-8387-0022159a37cc}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a2f17d7-7592-11dd-8387-0022159a37cc}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a2f17d7-7592-11dd-8387-0022159a37cc}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a2f17d7-7592-11dd-8387-0022159a37cc}\ not found. S:\LenovoSDrive.exe moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c3490e3-7543-11dd-b831-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9c3490e3-7543-11dd-b831-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c3490e3-7543-11dd-b831-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9c3490e3-7543-11dd-b831-806e6f6e6963}\ not found. Q:\LenovoQDrive.exe moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da065477-9dc6-11dd-ad75-001fe2e523b3}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{da065477-9dc6-11dd-ad75-001fe2e523b3}\ not found. File F:\InstallTomTomHOME.exe not found. ADS C:\ProgramData\TEMP  FC5A2B2 deleted successfully.ADS C:\ProgramData\TEMP:A8ADE5D8 deleted successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: SouLy ->Temp folder emptied: 1312802 bytes ->Temporary Internet Files folder emptied: 2958226 bytes ->Java cache emptied: 43234571 bytes ->FireFox cache emptied: 79726566 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 4401 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 740779 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 122,00 mb OTL by OldTimer - Version 3.2.17.3 log created on 12142010_161858 Files\Folders moved on Reboot... Registry entries deleted on Reboot... Ich muss zu meiner Schande gestehen, dass ich einige Progz deinstalliert habe seitdem und nen RegCleaner habe laufen lassen. Sorry 8[ Hoffe das Ergebnis trübt sich nicht dadurch. |
|
14.12.2010, 16:47
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ständiger Festplattenzugriff und Ping Peaks, Online Gaming nicht möglich Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ --> Ständiger Festplattenzugriff und Ping Peaks, Online Gaming nicht möglich |
|
14.12.2010, 21:42
| #7 |
| | Ständiger Festplattenzugriff und Ping Peaks, Online Gaming nicht möglich Combofix Logfile: Code:
ATTFilter ComboFix 10-12-14.01 - SouLy 14.12.2010 21:21:55.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.49.1031.18.3070.2091 [GMT 1:00]
ausgeführt von:: c:\users\SouLy\Desktop\cofi.exe.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\Thumbs.db
.
((((((((((((((((((((((( Dateien erstellt von 2010-11-14 bis 2010-12-14 ))))))))))))))))))))))))))))))
.
2010-12-14 20:31 . 2010-12-14 20:34 -------- d-----w- c:\users\SouLy\AppData\Local\temp
2010-12-14 15:18 . 2010-12-14 15:18 -------- d-----w- C:\_OTL
2010-12-14 15:16 . 2010-11-09 19:33 6273872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F7CD49C3-9C02-4AE1-8EF9-AE6E128512B6}\mpengine.dll
2010-12-13 16:14 . 2010-12-13 16:14 -------- d-----w- c:\users\SouLy\AppData\Local\Microsoft_Corporation
2010-12-12 19:06 . 2010-11-09 19:33 6273872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-12-12 14:45 . 2010-12-12 14:45 -------- d-----w- c:\program files\CCleaner
2010-12-12 14:43 . 2010-12-14 16:45 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-12-12 14:43 . 2010-12-12 22:18 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-12-12 13:29 . 2010-12-12 13:29 -------- d-----w- c:\users\SouLy\AppData\Roaming\Malwarebytes
2010-12-12 13:29 . 2010-12-12 13:29 -------- d-----w- c:\programdata\Malwarebytes
2010-12-12 13:29 . 2010-11-29 16:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-12 13:29 . 2010-12-12 13:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-12 13:29 . 2010-11-29 16:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-12 12:12 . 2010-12-12 12:12 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-12-11 18:22 . 2009-07-14 17:45 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2010-12-11 18:22 . 2009-07-14 17:45 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2010-12-11 18:03 . 2009-06-03 23:56 675152 ----a-w- c:\windows\system32\gpprefcl.dll
2010-12-11 14:23 . 2010-12-11 14:23 98392 ------w- c:\windows\system32\drivers\SBREDrv.sys
2010-12-11 14:21 . 2010-12-11 14:21 -------- d-----w- c:\users\SouLy\AppData\Local\Sunbelt Software
2010-12-11 14:17 . 2010-12-11 18:08 -------- d-----w- c:\programdata\Lavasoft
2010-12-11 14:17 . 2010-12-11 14:17 -------- d-----w- c:\program files\Lavasoft
2010-12-11 14:09 . 2010-12-11 14:09 -------- d-----w- c:\users\SouLy\AppData\Roaming\Uniblue
2010-12-11 14:08 . 2010-12-11 14:08 -------- d-----w- c:\users\SouLy\AppData\Local\PackageAware
2010-12-11 14:01 . 2010-12-11 17:47 -------- d-----w- c:\programdata\SecTaskMan
2010-12-10 14:23 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6E734315-80A5-471C-80E0-FD16B3B39970}\mpengine.dll
2010-11-28 18:01 . 2010-11-28 18:01 -------- d-----w- c:\program files\iPod
2010-11-28 18:01 . 2010-11-28 18:02 -------- d-----w- c:\program files\iTunes
2010-11-26 14:40 . 2010-12-11 14:11 -------- d-----w- c:\users\SouLy\AppData\Local\Unity
2010-11-24 08:39 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-21 15:18 . 2010-11-21 15:18 -------- d-----w- c:\programdata\PC Camera Device
2010-11-21 10:06 . 2010-11-21 10:06 -------- d-----w- c:\program files\Common Files\Skype
2010-11-21 10:06 . 2010-11-21 10:06 -------- d-----r- c:\program files\Skype
2010-11-17 18:58 . 2010-11-20 01:45 -------- d-----w- c:\users\SouLy\AppData\Roaming\DivX
2010-11-17 18:51 . 2010-12-11 16:31 -------- d-----w- c:\programdata\DivX
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-11 15:16 . 2009-04-13 12:40 361728 ------w- c:\windows\system32\TuneUpDefragService.exe
2010-10-19 20:51 . 2009-10-10 18:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-28 14:44 . 2010-09-28 14:44 41984 ------w- c:\windows\system32\drivers\usbaapl.sys
2010-09-28 14:44 . 2010-09-28 14:44 4184352 ------w- c:\windows\system32\usbaaplrc.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2008-06-24 15:31 95496 ------w- c:\windows\System32\psqlpwd.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTray]
2008-08-07 11:23 431392 ------w- c:\program files\ThinkPad\ConnectUtilities\ACTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 12:54 91520 ------w- c:\program files\Microsoft Office\Office14\BCSSync.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLOG]
2008-10-27 01:37 214576 ------w- c:\progra~1\ThinkPad\UTILIT~1\BTVLOGEX.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CameraApplicationLauncher]
2008-08-12 12:47 16384 ------w- c:\program files\Lenovo\Camera Center\bin\CameraApplicationLaunchPadLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2006-08-04 09:00 462336 ------w- c:\program files\Corel\Corel Snapfire\Corel Photo Downloader.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cssauth]
2008-06-25 10:14 3077432 ------w- c:\program files\Lenovo\Client Security Solution\cssauth.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZEJMNAP]
2008-06-04 17:36 242976 ------w- c:\progra~1\ThinkPad\UTILIT~1\EZEJMNAP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-17 19:59 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2007-04-11 13:32 56080 ------w- c:\windows\KHALMNPR.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPMailChecker]
2008-06-08 18:00 124248 ------w- c:\progra~1\Lenovo\LENOVO~2\LPMLCHK.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager]
2008-06-08 18:00 165208 ------w- c:\progra~1\Lenovo\LENOVO~2\LPMGR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 15:44 3883840 ------w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-06-19 18:03 13543968 ------w- c:\windows\System32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-06-19 18:03 92704 ------w- c:\windows\System32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWMTRV]
2008-10-27 01:37 632096 ------w- c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 15:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-03-09 04:19 148888 ------w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-01-19 21:29 39408 ------w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPFNF7]
2008-07-30 19:00 60192 ------w- c:\progra~1\Lenovo\NPDIRECT\tpfnf7sp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TpShocks]
2008-06-06 16:21 181536 ------w- c:\windows\System32\TpShocks.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]
2008-05-24 14:49 487424 ------w- c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
2007-05-31 07:21 648072 ------w- c:\windows\WindowsMobile\wmdcBase.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ------w- c:\program files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"RoxioDragToDisc"="c:\program files\Lenovo\Drag-to-Disc\DrgToDsc.exe"
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"NapsterShell"=c:\program files\Napster\napster.exe /systray
"Windows Mobile-based device management"=%windir%\WindowsMobile\wmdSync.exe
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
R1 tvtumon;tvtumon;c:\windows\system32\DRIVERS\tvtumon.sys [2008-05-24 48192]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [2008-10-09 360448]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\DRIVERS\SCR3XX2K.sys [2010-01-06 57856]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 gupdate1ca0936c2de0bd8;Google Update Service (gupdate1ca0936c2de0bd8);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-20 133104]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-02 691696]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2008-05-14 19496]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]
S2 LFKAS;Service of LFKA;c:\program files\Lenovo\ATK Hotkey\LFKAS.exe [2008-03-19 208896]
S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2008-10-27 66848]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2008-06-24 12560]
S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2008-06-06 520192]
S3 DCamUSBGene;Integrated Camera;c:\windows\system32\DRIVERS\usbstk.sys [2008-07-31 173584]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-06-26 3662848]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-06-19 43040]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
2008-02-25 10:55 7680 ------w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
2010-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-20 12:36]
2010-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-20 12:36]
2010-12-14 c:\windows\Tasks\User_Feed_Synchronization-{517A91EB-6947-4E13-B08D-60B0079DE088}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: An OneNote s&enden - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\SouLy\AppData\Roaming\Mozilla\Firefox\Profiles\48wf5y93.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSConfigStartUp-DivXUpdate - c:\program files\DivX\DivX Update\DivXUpdate.exe
MSConfigStartUp-EPSON Stylus DX3800 Series - c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
MSConfigStartUp-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe
MSConfigStartUp-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSConfigStartUp-TPHOTKEY - c:\program files\Lenovo\HOTKEY\LVOSDSVC.exe
MSConfigStartUp-Windows Mobile Device Center - c:\windows\WindowsMobile\wmdc.exe
**************************************************************************
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien:
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'Explorer.exe'(4068)
c:\windows\system32\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\ThinkVantage Fingerprint Software\upeksvr.exe
c:\windows\system32\rundll32.exe
c:\program files\Lenovo\ATK Hotkey\ASLDRSrv.exe
c:\program files\Lenovo\ATK Hotkey\GFNEXSrv.exe
c:\windows\system32\WLANExt.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\System32\TPHDEXLG.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\program files\Lenovo\ATK Hotkey\LCONTROL.exe
c:\program files\Lenovo\ATK Hotkey\LFKA.exe
c:\windows\system32\conime.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-12-14 21:39:43 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-12-14 20:39
Vor Suchlauf: 16 Verzeichnis(se), 35.195.969.536 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 39.278.419.968 Bytes frei
- - End Of File - - 54342B4E37A66C13AA0ACCC122E730C5
Danke schonmal Hoffe, es findet sich was :] |
|
15.12.2010, 11:51
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ständiger Festplattenzugriff und Ping Peaks, Online Gaming nicht möglich Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.12.2010, 19:38
| #9 |
| | Ständiger Festplattenzugriff und Ping Peaks, Online Gaming nicht möglich Text zu lang. Logfiles im Anhang. Siehst du denn schon was ? Danke für die Hilfe. OSAM OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 19:32:25 on 15.12.2010 OS: Windows Vista Business Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.13 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "iproset.cpl" - "Intel(R) Corporation" - C:\Windows\system32\iproset.cpl "TpShCPL.cpl" - "Lenovo." - C:\Windows\system32\TpShCPL.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\MLCFG32.CPL "Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero 9\Nero BurnRights\NeroBurnRights_cpl.cpl "PROSet Tools" - "Intel(R) Corporation" - C:\Windows\System32\iPROSet.cpl "ProtectorSuiteInfoPanel" - "UPEK Inc." - C:\Program Files\ThinkVantage Fingerprint Software\infopnl.cpl "wmdConn.cpl" - "Microsoft Corporation" - C:\Windows\WindowsMobile\wmdConn.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "APS Digitizer Activity Monitor" (TPDIGIMN) - "Lenovo." - C:\Windows\System32\DRIVERS\ApsHM86.sys "ASMMAP" (ASMMAP) - ? - C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys "Bluetooth L2CAP Service" (btwl2cap) - ? - C:\Windows\System32\DRIVERS\btwl2cap.sys (File not found) "catchme" (catchme) - ? - C:\cofi.exe\catchme.sys (File not found) "Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\Windows\system32\Drivers\CVPNDRVA.sys "FssFltr" (fssfltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\fssfltr.sys "fxdiqpod" (fxdiqpod) - ? - C:\Users\SouLy\AppData\Local\Temp\fxdiqpod.sys (Hidden registry entry, rootkit activity | File not found) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "Lavasoft helper driver" (Lavasoft Kernexplorer) - ? - C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys "Shockprf" (Shockprf) - "Lenovo." - C:\Windows\System32\DRIVERS\Apsx86.sys "SMI Helper Driver (smihlp)" (smihlp) - "UPEK Inc." - C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys "sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "TPPWRIF" (TPPWRIF) - ? - C:\Windows\System32\drivers\Tppwr32v.sys (File signed by Microsoft | File found, but it contains no detailed information) "tvtfilter" (tvtfilter) - "Lenovo" - C:\Windows\System32\DRIVERS\tvtfilter.sys "tvtumon" (tvtumon) - "Lenovo" - C:\Windows\System32\DRIVERS\tvtumon.sys "WimFltr" (WimFltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\wimfltr.sys [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {61E3FE32-07B9-4563-A3E0-2DE2D620FE10} "PixiePack Codec Pack 0.10.6.0" - ? - C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe (File found, but it contains no detailed information) -----( HKLM\Software\Classes\Protocols\Filter )----- {807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} "Arbeitsbereiche" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL {D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech Inc." - C:\Program Files\Logitech\SetPoint\kbcplext.dll {B9B9F083-2B04-452A-8691-83694AC1037B} "LogiExt Class" - "Logitech Inc." - C:\Program Files\Logitech\SetPoint\mcplext.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll {0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL {00020D75-0000-0000-C000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\MLSHEXT.DLL {7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? - (File not found | COM-object registry key not found) {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll {E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll {E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll {E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll {E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" - ? - (File not found | COM-object registry key not found) <binary data> "{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_13.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab {D0C0F75C-683A-4390-A791-1ACFD5599AB8} "Oberon Flash Game Host" - "Oberon Media, Inc." - C:\Windows\Downloaded Program Files\OberonGameHost.dll / hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "@btrez.dll,-4015" - ? - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} "ClsidExtension" - "Lenovo Group Limited" - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll "ICQ6" - "ICQ, LLC." - C:\Program Files\ICQ6.5\ICQ.exe {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll {FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} "IePasswordManagerHelper Class" - "Lenovo Group Limited" - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} "Windows Live Toolbar Helper" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\SouLy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "MSSE" - "Microsoft Corporation" - "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "EPSON Stylus DX3800 Series 2KMonitor5E" - "SEIKO EPSON CORPORATION" - C:\Windows\system32\E_FLMACE.DLL [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%SystemRoot%\System32\TuneUpDefragService.exe,-1" (TuneUp.Defrag) - "TuneUp Software GmbH" - C:\Windows\System32\TuneUpDefragService.exe "@%windir%\WindowsMobile\wcescomm.dll,-40079" (WcesComm) - "Microsoft Corporation" - C:\Windows\WindowsMobile\wcescomm.dll "@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Ac Profile Manager Service" (AcPrfMgrSvc) - "Lenovo" - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe "Access Connections Main Service" (AcSvc) - "Lenovo" - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe "ASLDR Service" (ASLDRService) - ? - C:\Program Files\Lenovo\ATK Hotkey\ASLDRSrv.exe "ATKGFNEX Service" (ATKGFNEXSrv) - ? - C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe "Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe "Intel® PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe "Intel® PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe "IviRegMgr" (IviRegMgr) - "InterVideo" - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe "Microsoft SharePoint Workspace Audit Service" (Microsoft SharePoint Workspace Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\GROOVE.EXE "Nero BackItUp Scheduler 4.0" (Nero BackItUp Scheduler 4.0) - "Nero AG" - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE "Power Manager DBC Service" (Power Manager DBC Service) - "Lenovo" - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE "SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe "Service of LFKA" (LFKAS) - ? - C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe "SQL Server (MSSMLBIZ)" (MSSQL$MSSMLBIZ) - "Microsoft Corporation" - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe "SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe "SQL Server-Browser" (SQLBrowser) - "Microsoft Corporation" - c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe "SQL Server-Startdienst für Business Contact Manager" (BcmSqlStartupSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe "System Update" (SUService) - "Lenovo Group Limited" - C:\Program Files\Lenovo\System Update\SUService.exe "ThinkPad HDD APS Logging Service" (TPHDEXLGSVC) - "Lenovo." - C:\Windows\System32\TPHDEXLG.exe "ThinkVantage Registry Monitor Service" (ThinkVantage Registry Monitor Service) - "Lenovo Group Limited" - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe "TSS Core Service" (TSSCoreService) - "Lenovo" - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe "TVT Backup Protection Service" (TVT Backup Protection Service) - ? - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe "TVT Backup Service" (TVT Backup Service) - "Lenovo Group Limited" - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe "TVT Scheduler" (TVT Scheduler) - "Lenovo Group Limited" - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe "TVT Windows Update Monitor" (TVT_UpdateMonitor) - "Lenovo Group Limited" - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe "Windows Live Family Safety-Dienst" (fsssvc) - "Microsoft Corporation" - C:\Program Files\Windows Live\Family Safety\fsssvc.exe [Winlogon] -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )----- "GinaDLL" - "UPEK Inc." - C:\Windows\system32\vrlogon.dll -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "psfus" - "UPEK Inc." - C:\Windows\system32\psqlpwd.dll "ScCertProp" - ? - wlnotify.dll (File not found) ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
|
15.12.2010, 19:39
| #10 |
| | Ständiger Festplattenzugriff und Ping Peaks, Online Gaming nicht möglich GMER ist zu groß als txt für den Anhang und für das Posting auch (Der Text, den Sie eingegeben haben, besteht aus 435214 Zeichen und ist damit zu lang. Bitte kürzen Sie den Text auf die maximale Länge von 135120 Zeichen.) Soll ich es in 4 Teile splitten ? In Word ist es 485 KB groß, lediglich 112 Seiten... |
|
16.12.2010, 10:35
| #11 |
| | Ständiger Festplattenzugriff und Ping Peaks, Online Gaming nicht möglich HAb die Datei nun mal geuploaded: hxxp://www.file-upload.net/download-3053093/GMER.txt.html HOffe das ist legitim? Wenn nicht bitte link löschen. |
|
21.12.2010, 15:32
| #12 |
| | Ständiger Festplattenzugriff und Ping Peaks, Online Gaming nicht möglich Das dauert aber auch immer mit den Scans.. óÒ Hier die Ergebnisse: SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 12/21/2010 at 09:05 AM Application Version : 4.47.1000 Core Rules Database Version : 6045 Trace Rules Database Version: 3857 Scan type : Complete Scan Total Scan Time : 02:01:45 Memory items scanned : 690 Memory threats detected : 0 Registry items scanned : 9921 Registry threats detected : 0 File items scanned : 218925 File threats detected : 3 Trojan.Agent/Gen-SVC[Fake] C:\PROGRAM FILES\MYMENU\MYMENU.EXE Adware.Tracking Cookie media.stage-entertainment.de [ C:\Users\SouLy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6A4BV2RP ] Trojan.SVCHost/Fake C:\USERS\SOULY\APPDATA\ROAMING\THINSTALL\MICROSOFT OFFICE ENTERPRISE 2007\1000000800002I\SVCHOST.EXE und MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows Vista Business Edition Windows Information: Service Pack 2 (build 6002), 32-bit Logical Drives Mask: 0x00050014 Kernel Drivers (total 174): 0x8261E000 \SystemRoot\system32\ntkrnlpa.exe 0x829D7000 \SystemRoot\system32\hal.dll 0x8040E000 \SystemRoot\system32\kdcom.dll 0x80415000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x80485000 \SystemRoot\system32\PSHED.dll 0x80496000 \SystemRoot\system32\BOOTVID.dll 0x8049E000 \SystemRoot\system32\CLFS.SYS 0x804DF000 \SystemRoot\system32\CI.dll 0x80609000 \SystemRoot\system32\drivers\Wdf01000.sys 0x8067A000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x80688000 \SystemRoot\System32\Drivers\sprm.sys 0x8077B000 \SystemRoot\System32\Drivers\WMILIB.SYS 0x80784000 \SystemRoot\System32\Drivers\SCSIPORT.SYS 0x807AA000 \SystemRoot\system32\drivers\acpi.sys 0x807F0000 \SystemRoot\system32\drivers\msisadrv.sys 0x805BF000 \SystemRoot\system32\drivers\pci.sys 0x805E6000 \SystemRoot\System32\drivers\partmgr.sys 0x807F8000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x805F5000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x8A605000 \SystemRoot\system32\drivers\volmgr.sys 0x8A614000 \SystemRoot\System32\drivers\volmgrx.sys 0x8A65E000 \SystemRoot\System32\drivers\mountmgr.sys 0x8A66E000 \SystemRoot\system32\drivers\iastor.sys 0x8A73E000 \SystemRoot\system32\drivers\fltmgr.sys 0x8A770000 \SystemRoot\system32\drivers\fileinfo.sys 0x8A780000 \SystemRoot\System32\Drivers\PxHelp20.sys 0x8A78A000 \SystemRoot\System32\Drivers\ksecdd.sys 0x8A806000 \SystemRoot\system32\drivers\ndis.sys 0x8A911000 \SystemRoot\system32\drivers\msrpc.sys 0x8A93C000 \SystemRoot\system32\drivers\NETIO.SYS 0x8AA07000 \SystemRoot\System32\drivers\tcpip.sys 0x8AAF1000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8AC08000 \SystemRoot\System32\Drivers\Ntfs.sys 0x8AD18000 \SystemRoot\system32\drivers\volsnap.sys 0x8AD51000 \SystemRoot\System32\DRIVERS\ApsHM86.sys 0x8AD59000 \SystemRoot\System32\Drivers\spldr.sys 0x8AD61000 \SystemRoot\System32\DRIVERS\Apsx86.sys 0x8AD7F000 \SystemRoot\System32\Drivers\mup.sys 0x8AD8E000 \SystemRoot\System32\drivers\ecache.sys 0x8ADB5000 \SystemRoot\system32\drivers\disk.sys 0x8ADC6000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x8ADE7000 \SystemRoot\system32\drivers\crcdisk.sys 0x8ABE7000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x8ABF2000 \SystemRoot\system32\DRIVERS\tunmp.sys 0x8A977000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x8E602000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x8ED2F000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x8EDD0000 \SystemRoot\System32\drivers\watchdog.sys 0x8EDDC000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x8A986000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x8EDE7000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x8EE0C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x8F000000 \SystemRoot\system32\DRIVERS\NETw5v32.sys 0x8F388000 \SystemRoot\system32\DRIVERS\Rtlh86.sys 0x8F3C9000 \SystemRoot\system32\DRIVERS\ohci1394.sys 0x8F3D9000 \SystemRoot\system32\DRIVERS\1394BUS.SYS 0x8EE99000 \SystemRoot\system32\DRIVERS\sdbus.sys 0x8F3E7000 \SystemRoot\system32\DRIVERS\rimmptsk.sys 0x8EEB3000 \SystemRoot\system32\DRIVERS\rimsptsk.sys 0x8EEC7000 \SystemRoot\system32\DRIVERS\rixdptsk.sys 0x8EF19000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x8EF2C000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x8EF37000 \SystemRoot\system32\DRIVERS\SynTP.sys 0x8F3F8000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x8EF72000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x8F3FA000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys 0x8EF7D000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x8EF95000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x8EF9B000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x8EF9F000 \SystemRoot\system32\DRIVERS\A0101V32.sys 0x8EFA7000 \SystemRoot\system32\DRIVERS\dne2000.sys 0x8EFC5000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x8F600000 \SystemRoot\system32\DRIVERS\storport.sys 0x8F641000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x8F64C000 \SystemRoot\system32\drivers\tbhsd.sys 0x8F651000 \SystemRoot\system32\drivers\portcls.sys 0x8F67E000 \SystemRoot\system32\drivers\drmk.sys 0x8F6A3000 \SystemRoot\system32\drivers\ks.sys 0x8F6CD000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x8F6E4000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x8F6EF000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x8F712000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x8F721000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x8F735000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x8F74A000 \SystemRoot\system32\DRIVERS\rdpdr.sys 0x8F7D3000 \SystemRoot\system32\DRIVERS\termdd.sys 0x8F7E3000 \SystemRoot\system32\DRIVERS\psadd.sys 0x8F7E9000 \SystemRoot\system32\DRIVERS\swenum.sys 0x8F7EB000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x8A9C4000 \SystemRoot\system32\DRIVERS\umbus.sys 0x8FA07000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x8FA3C000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x8FA4D000 \SystemRoot\system32\drivers\CHDRT32.sys 0x8FA83000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys 0x8FAC0000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys 0x9260B000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys 0x926C0000 \SystemRoot\system32\drivers\modem.sys 0x926CD000 \SystemRoot\system32\drivers\nvhda32v.sys 0x926DB000 \SystemRoot\system32\DRIVERS\MpFilter.sys 0x9270D000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x92716000 \SystemRoot\System32\Drivers\Null.SYS 0x9271D000 \SystemRoot\System32\Drivers\Beep.SYS 0x9272D000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x92734000 \SystemRoot\System32\drivers\vga.sys 0x92740000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x92761000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x92769000 \SystemRoot\system32\drivers\rdpencdd.sys 0x92771000 \SystemRoot\System32\Drivers\Msfs.SYS 0x9277C000 \SystemRoot\System32\Drivers\Npfs.SYS 0x9278A000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x92793000 \SystemRoot\system32\DRIVERS\tdx.sys 0x927A9000 \SystemRoot\system32\DRIVERS\smb.sys 0x92802000 \SystemRoot\system32\drivers\afd.sys 0x9284A000 \SystemRoot\System32\DRIVERS\netbt.sys 0x9287C000 \SystemRoot\System32\Drivers\BTHUSB.sys 0x92889000 \SystemRoot\System32\Drivers\bthport.sys 0x92909000 \SystemRoot\system32\DRIVERS\pacer.sys 0x9291F000 \SystemRoot\system32\DRIVERS\netbios.sys 0x9292D000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x92940000 \SystemRoot\System32\drivers\Tppwr32v.sys 0x92946000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x92982000 \SystemRoot\system32\drivers\nsiproxy.sys 0x9298C000 \SystemRoot\system32\DRIVERS\smiif32.sys 0x9298E000 \SystemRoot\system32\drivers\csc.sys 0x929E9000 \SystemRoot\System32\Drivers\dfsc.sys 0x927BD000 \SystemRoot\System32\Drivers\tcusb.sys 0x927C8000 \SystemRoot\system32\DRIVERS\rfcomm.sys 0x927F1000 \SystemRoot\system32\DRIVERS\BthEnum.sys 0x8FBC2000 \SystemRoot\system32\DRIVERS\bthpan.sys 0x8A9D1000 \SystemRoot\system32\DRIVERS\usbstk.sys 0x926FE000 \SystemRoot\system32\DRIVERS\STREAM.SYS 0x92724000 \SystemRoot\system32\DRIVERS\USBCAMD2.SYS 0x9380D000 \SystemRoot\system32\DRIVERS\USBSTK0.SYS 0x93855000 \SystemRoot\system32\DRIVERS\USBSTK1.SYS 0x938D3000 \SystemRoot\system32\DRIVERS\USBSTK2.SYS 0x938F5000 \SystemRoot\system32\DRIVERS\USBSTK3.SYS 0x938FA000 \SystemRoot\system32\drivers\btwavdt.sys 0x9396B000 \SystemRoot\system32\drivers\btwaudio.sys 0x939EB000 \SystemRoot\system32\DRIVERS\btwrchid.sys 0x939EE000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x93800000 \SystemRoot\System32\Drivers\crashdmp.sys 0x8AB0C000 \SystemRoot\System32\Drivers\dump_iaStor.sys 0x9E2D0000 \SystemRoot\System32\win32k.sys 0x92600000 \SystemRoot\System32\drivers\Dxapi.sys 0x8FBDC000 \SystemRoot\system32\DRIVERS\monitor.sys 0x9E4F0000 \SystemRoot\System32\TSDDD.dll 0x9E510000 \SystemRoot\System32\cdd.dll 0xA280E000 \SystemRoot\system32\drivers\luafv.sys 0xA2829000 \SystemRoot\system32\DRIVERS\tvtfilter.sys 0xA2832000 \??\C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys 0xA2834000 \SystemRoot\system32\drivers\spsys.sys 0xA28E4000 \SystemRoot\system32\DRIVERS\lltdio.sys 0xA28F4000 \SystemRoot\system32\DRIVERS\nwifi.sys 0xA291E000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xA2928000 \SystemRoot\system32\DRIVERS\rspndr.sys 0xA293B000 \??\C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys 0xA2942000 \SystemRoot\system32\drivers\HTTP.sys 0xA29AF000 \SystemRoot\System32\DRIVERS\srvnet.sys 0xA29CC000 \SystemRoot\system32\DRIVERS\bowser.sys 0xA29E5000 \SystemRoot\System32\drivers\mpsdrv.sys 0xA5C03000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xA5C22000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0xA5C5B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0xA5C73000 \SystemRoot\System32\DRIVERS\srv2.sys 0xA5C9B000 \SystemRoot\System32\DRIVERS\srv.sys 0xA5CE9000 \??\C:\Windows\system32\Drivers\CVPNDRVA.sys 0xA5D79000 \SystemRoot\system32\DRIVERS\MpNWMon.sys 0xA5D82000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys 0xA800E000 \SystemRoot\system32\drivers\peauth.sys 0xA80EC000 \SystemRoot\System32\Drivers\secdrv.SYS 0xA80F6000 \SystemRoot\System32\drivers\tcpipreg.sys 0xA8102000 \SystemRoot\system32\DRIVERS\xaudio.sys 0xA810A000 \SystemRoot\system32\DRIVERS\cdfs.sys 0x77100000 \Windows\System32\ntdll.dll Processes (total 73): 0 System Idle Process 4 System 612 C:\Windows\System32\smss.exe 724 csrss.exe 776 C:\Windows\System32\wininit.exe 788 csrss.exe 820 C:\Windows\System32\services.exe 832 C:\Windows\System32\lsass.exe 840 C:\Windows\System32\lsm.exe 988 C:\Windows\System32\svchost.exe 1036 C:\Windows\System32\ibmpmsvc.exe 1068 C:\Windows\System32\nvvsvc.exe 1096 C:\Windows\System32\svchost.exe 1132 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe 1192 C:\Windows\System32\svchost.exe 1248 C:\Windows\System32\svchost.exe 1264 C:\Windows\System32\svchost.exe 1356 C:\Windows\System32\audiodg.exe 1388 C:\Windows\System32\winlogon.exe 1428 C:\Windows\System32\svchost.exe 1472 C:\Windows\System32\SLsvc.exe 1528 C:\Windows\System32\svchost.exe 1712 C:\Windows\System32\svchost.exe 1776 C:\Windows\System32\rundll32.exe 1888 C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe 2032 C:\Program Files\Lenovo\ATK Hotkey\ASLDRSrv.exe 124 C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe 480 C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe 680 C:\Windows\System32\wlanext.exe 792 C:\Windows\System32\taskeng.exe 768 C:\Windows\System32\spoolsv.exe 1704 C:\Windows\System32\svchost.exe 388 C:\Windows\System32\lpksetup.exe 2308 C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe 2348 C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe 2388 C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe 2420 C:\Program Files\Intel\WiFi\bin\EvtEng.exe 2556 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe 2784 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe 2868 C:\Windows\System32\svchost.exe 2880 C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe 2932 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe 2944 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 2980 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe 3020 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 3052 C:\Windows\System32\svchost.exe 3076 C:\Windows\System32\TPHDEXLG.exe 3104 C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe 3160 C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe 3208 C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe 3372 C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe 3436 C:\Windows\System32\svchost.exe 3464 C:\Windows\System32\drivers\XAudio.exe 3504 C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe 3560 C:\Program Files\Lenovo\System Update\SUService.exe 2108 C:\Windows\servicing\TrustedInstaller.exe 976 C:\Windows\System32\taskeng.exe 2588 C:\Program Files\Google\Update\GoogleUpdate.exe 624 C:\Windows\System32\dwm.exe 2780 WmiPrvSE.exe 1488 C:\Windows\explorer.exe 3964 WmiPrvSE.exe 3420 C:\Program Files\Microsoft Security Essentials\msseces.exe 3444 C:\Program Files\Lenovo\ATK Hotkey\LControl.exe 4100 C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe 4220 C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe 4776 C:\Program Files\Windows Media Player\wmpnscfg.exe 5200 C:\Program Files\Lenovo\Rescue and Recovery\br_funcs.exe 5244 <unknown> 5276 C:\Windows\System32\VSSVC.exe 5316 C:\Windows\System32\svchost.exe 5892 C:\Users\SouLy\Desktop\MBRCheck.exe 5912 C:\Windows\System32\conime.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS) \\.\Q: --> \\.\PhysicalDrive0 at offset 0x00000037`c7a00000 (NTFS) \\.\S: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS) PhysicalDrive0 Model Number: HITACHIHTS542525K9SA00, Rev: BBFZC3HP Size Device Name MBR Status -------------------------------------------- 232 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979 Done! |
|
16.12.2010, 15:31
| #13 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ständiger Festplattenzugriff und Ping Peaks, Online Gaming nicht möglichZitat:
Wenn nicht: Schau mal hier => Vista Notfall/Recovery-CD 32-Bit - Dr. Windows Lad das iso runter, brenn es zB mit ImgBurn per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten). Falls Du eine normale Vista-Installations-DVD hast, brauchst Du das o.g. Image nicht sondern kannst einfach von der Vista-DVD booten. Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.12.2010, 12:45
| #14 |
| | Ständiger Festplattenzugriff und Ping Peaks, Online Gaming nicht möglich Ich habe eine Partition die laut systemmelsung zum Booten benötigt wird und nicht verändert werden darf. Zudem habe ich eine Partition auf der die werkseitogen Einstellungen gespeichert sind. Von der habe ich mir einst eine image erstellt. Quasi ne Recovery Partition. Beides war werkseitig vorhanden. Ich habe dem Grunde nach aber nur 1 OS, nämlich Vista. Demnach werde ich deine Anleitung mal durchfuhren??! |
|
17.12.2010, 13:36
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ständiger Festplattenzugriff und Ping Peaks, Online Gaming nicht möglich Ja bitte ausführen! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Ständiger Festplattenzugriff und Ping Peaks, Online Gaming nicht möglich |
| adblock, alternate, anhang, corp./icp, counter-strike source, deaktivieren, dienste, document, excel.exe, explorer, festplatte, firefox.exe, frage, gfnexsrv.exe, gmx.de, google chrome, hijack, hijackthis, hijackthis logfile, iastor.sys, install.exe, lenovo, location, logfile, malwarebytes, microsoft, microsoft office 2003, microsoft office word, microsoft security, nicht möglich, nichts, nvlddmkm.sys, nvstor.sys, office 2007, oldtimer, online, online games, otl.exe, otl.txt, platte, plug-in, problem, process, programdata, saver, scan, sched.exe, searchplugins, shell32.dll, sierra, skype.exe, spiele, spielen, sptd.sys, ständiger, thinkvantage registry monitor service, vista, vista 32bit, vlc media player, windows, windows vista, wsearch, zugriff |
Hybrid-Darstellung
