| |
| |||||||
Log-Analyse und Auswertung: Internet Explorer startet ohne Grund automatischWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
22.03.2011, 16:04
| #1 |
 |  Internet Explorer startet ohne Grund automatisch Liebe Alle, seit heute verhält sich mein Computer merkwürdig: ohne ersichtlichen Grund startet der Internetexplorer automatisch mit Werbung als Startseite. Ca. alle Stunde. Ich verwende für gewöhnlichen Firefox. Gestern habe ich "Freemind" heruntergeladen. Allerdings war ich dabei wohl leichtsinnig und habe einer mir bis dahin nicht vertrauten Seite Vertrauen geschenkt (Details weiss ich nicht mehr).  Jedenfalls habe ich eine .exe zugelassen, wobei danach nichts für mich ersichtliches passiert ist...Ich vermute einen Trojaner. Mein Problem habe ich brav gegoogel t jedoch nichts gefunden, dass mir wirklich weiterhelfen würde. Meine Computerfähigkeiten sind nicht so. Ich habe Angst, was kaputt zu machen... Bereits jetzt bedanke ich mich ganz herzlich bei Euch! Liebe Grüße, Anja Und hier die beiden Log-Files:OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.03.2011 15:22:13 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 47,00% Memory free 4,00 Gb Paging File | 2,00 Gb Available in Paging File | 66,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 153,68 Gb Total Space | 74,72 Gb Free Space | 48,62% Space Free | Partition Type: NTFS Drive Q: | 9,77 Gb Total Space | 2,25 Gb Free Space | 23,04% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.03.22 15:12:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2011.03.21 16:24:22 | 000,143,872 | ---- | M] (Borland International) -- C:\Windows\Kbinya.exe PRC - [2011.03.17 10:25:32 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.03.08 09:05:17 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2010.11.05 13:08:59 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2010.11.05 13:08:58 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.09.01 06:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2010.05.28 11:08:50 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\HSPA USB MODEM\ModemListener.exe PRC - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe PRC - [2010.03.01 09:31:32 | 000,402,792 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe PRC - [2010.03.01 09:29:12 | 000,259,432 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe PRC - [2010.03.01 09:29:10 | 000,124,264 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe PRC - [2010.03.01 09:17:52 | 000,344,064 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe PRC - [2010.02.10 13:40:56 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program Files (x86)\Lenovo\System Update\SUService.exe PRC - [2009.11.17 10:44:54 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Common Files\DeviceHelper\DeviceManager.exe PRC - [2009.09.28 07:27:20 | 000,144,752 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe PRC - [2009.08.31 08:43:46 | 000,241,664 | ---- | M] () -- C:\Program Files (x86)\Join Air\AssistantServices.exe PRC - [2009.08.28 12:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe PRC - [2009.08.20 00:38:30 | 000,062,752 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\tpfnf6r.exe PRC - [2009.08.07 03:29:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.08.07 03:29:36 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2009.07.15 01:18:02 | 000,062,320 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe PRC - [2009.07.03 09:47:10 | 000,045,424 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\micmute.exe PRC - [2009.04.20 16:20:30 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe PRC - [2009.03.13 08:32:48 | 000,068,976 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe PRC - [2009.03.05 08:23:28 | 000,052,600 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\tpnumlkd.exe PRC - [2009.03.05 07:28:28 | 000,059,760 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\tpnumlk.exe PRC - [2009.02.02 09:04:10 | 000,067,432 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe PRC - [2007.01.04 17:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe ========== Modules (SafeList) ========== MOD - [2011.03.22 15:12:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe MOD - [2010.08.21 05:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.03.22 14:40:22 | 000,009,728 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Program Files\T-Online\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service) SRV:64bit: - [2009.08.18 12:05:18 | 000,045,856 | ---- | M] (Lenovo) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC) SRV:64bit: - [2009.06.29 11:51:04 | 000,047,656 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC) SRV - [2011.03.17 10:25:32 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.11.05 13:08:59 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.02 18:20:00 | 000,075,112 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service) SRV - [2010.03.01 09:29:12 | 000,259,432 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc) SRV - [2010.03.01 09:29:10 | 000,124,264 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc) SRV - [2010.02.10 13:40:56 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService) SRV - [2009.11.17 10:44:54 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\DeviceHelper\DeviceManager.exe -- (DeviceManager) SRV - [2009.09.21 14:24:40 | 001,420,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R) SRV - [2009.09.21 14:00:44 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R) SRV - [2009.08.31 08:43:46 | 000,241,664 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Join Air\AssistantServices.exe -- (UI Assistant Service) SRV - [2009.08.28 12:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service) SRV - [2009.08.07 03:29:36 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R) SRV - [2009.08.04 19:36:56 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10) SRV - [2009.08.04 19:36:46 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10) SRV - [2009.08.04 19:33:46 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10) SRV - [2009.08.04 19:33:34 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10) SRV - [2009.08.04 19:32:42 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10) SRV - [2009.07.15 01:18:02 | 000,062,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC) SRV - [2009.07.03 09:47:10 | 000,045,424 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE) SRV - [2009.07.01 16:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009.06.10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.04.20 16:20:30 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService) SRV - [2007.01.04 17:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.02.18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2010.11.22 22:26:51 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2010.08.12 04:07:46 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2010.06.11 06:55:12 | 000,040,512 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd) DRV:64bit: - [2010.03.23 12:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV:64bit: - [2010.03.02 18:20:00 | 000,013,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF) DRV:64bit: - [2010.03.02 11:35:02 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2010.02.08 06:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA) DRV:64bit: - [2009.11.25 07:37:12 | 000,299,568 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.09.15 10:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R) DRV:64bit: - [2009.08.27 13:18:30 | 000,118,016 | ---- | M] (TCT International Mobile Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qcusbser.sys -- (qcusbser) DRV:64bit: - [2009.08.18 12:04:56 | 000,030,760 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV) DRV:64bit: - [2009.08.13 05:53:50 | 007,370,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.08.07 03:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.07.14 01:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.07.14 01:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 01:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.13 23:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2009.07.13 23:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009.07.09 21:45:12 | 000,139,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R) DRV:64bit: - [2009.07.01 03:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2009.07.01 03:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2009.07.01 03:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2009.06.29 11:51:02 | 000,133,672 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf) DRV:64bit: - [2009.06.29 11:51:00 | 000,023,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN) DRV:64bit: - [2009.06.10 21:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009.06.10 21:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009.06.10 21:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009.06.10 20:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009.06.10 20:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R) DRV:64bit: - [2009.06.10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.22 13:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.05.18 11:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.05.18 05:23:42 | 000,143,320 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) DRV:64bit: - [2009.04.22 14:35:04 | 000,012,800 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter) DRV:64bit: - [2009.04.09 12:38:26 | 000,116,864 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2009.04.07 06:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2009.02.02 16:14:20 | 000,150,784 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV:64bit: - [2009.02.02 16:14:20 | 000,150,656 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV:64bit: - [2009.02.02 16:14:20 | 000,150,656 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV:64bit: - [2008.11.16 16:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE) DRV:64bit: - [2008.05.12 09:04:26 | 000,015,400 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi) DRV - [2010.12.09 22:52:42 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Programme\PC-Doctor\pcdsrvc_x64.pkms -- (PCDSRVC{127174DC-C366ED8B-06020101}_0) DRV - [2010.11.13 11:30:10 | 000,006,860 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWow64\NULL -- (Null) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {5B52016C-D097-4aec-BE61-9F129D8FDDBA}:2.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..network.proxy.http: "localhost" FF - prefs.js..network.proxy.http_port: 9666 FF - prefs.js..network.proxy.socks: "localhost" FF - prefs.js..network.proxy.socks_port: 9050 FF - prefs.js..network.proxy.socks_remote_dns: true FF - prefs.js..network.proxy.ssl: "localhost" FF - prefs.js..network.proxy.ssl_port: 9666 FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.03.08 09:05:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.08 09:05:18 | 000,000,000 | ---D | M] [2010.08.18 10:31:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2011.03.21 16:11:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\9v03o173.default\extensions [2010.09.17 13:50:51 | 000,000,000 | ---D | M] ("UltraSurf Firefox Tool") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\9v03o173.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA} [2010.12.26 20:39:37 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\9v03o173.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011.03.11 11:20:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.02.13 22:54:42 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.08.18 10:45:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.14 07:42:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.03.11 11:20:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.07.23 00:48:56 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.07.23 00:48:56 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.07.23 00:48:56 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.07.23 00:48:56 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.07.23 00:48:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [LENOVO.TPFNF6R] C:\Programme\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [ModemListener] C:\Program Files (x86)\HSPA USB MODEM\ModemListener.exe () O4 - HKLM..\Run: [PWMTRV] File not found O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe (Sonic Solutions) O4 - HKCU..\Run: [A9YA3MI1CF] File not found O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.06.10 16:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ] O33 - MountPoints2\{223c735b-168e-11e0-8261-c80aa9af880e}\Shell - "" = AutoRun O33 - MountPoints2\{223c735b-168e-11e0-8261-c80aa9af880e}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{223c735f-168e-11e0-8261-c80aa9af880e}\Shell - "" = AutoRun O33 - MountPoints2\{223c735f-168e-11e0-8261-c80aa9af880e}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{6dcc5a76-15b9-11e0-9ffe-c80aa9af880e}\Shell - "" = AutoRun O33 - MountPoints2\{6dcc5a76-15b9-11e0-9ffe-c80aa9af880e}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{6dcc5a79-15b9-11e0-9ffe-c80aa9af880e}\Shell - "" = AutoRun O33 - MountPoints2\{6dcc5a79-15b9-11e0-9ffe-c80aa9af880e}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{7e6af318-2e08-11e0-a4f8-c80aa9af880e}\Shell - "" = AutoRun O33 - MountPoints2\{7e6af318-2e08-11e0-a4f8-c80aa9af880e}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O33 - MountPoints2\{84707787-15ab-11e0-a4dc-c80aa9af880e}\Shell - "" = AutoRun O33 - MountPoints2\{84707787-15ab-11e0-a4dc-c80aa9af880e}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{aa7e03f0-7521-11df-92cf-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{aa7e03f0-7521-11df-92cf-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009.08.10 21:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited) O33 - MountPoints2\{cbfeb730-12be-11e0-b338-c80aa9af880e}\Shell - "" = AutoRun O33 - MountPoints2\{cbfeb730-12be-11e0-b338-c80aa9af880e}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{cbfeb737-12be-11e0-b338-c80aa9af880e}\Shell - "" = AutoRun O33 - MountPoints2\{cbfeb737-12be-11e0-b338-c80aa9af880e}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk - - File not found MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^vpngui.exe.lnk - C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe - () MsConfig:64bit - StartUpReg: AcWin7Hlpr - hkey= - key= - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe () MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: CanonMyPrinter - hkey= - key= - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig:64bit - StartUpReg: Message Center Plus - hkey= - key= - C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe () MsConfig:64bit - StartUpReg: MobileConnect - hkey= - key= - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) MsConfig:64bit - StartUpReg: UIExec - hkey= - key= - C:\Program Files (x86)\Join Air\UIExec.exe () MsConfig:64bit - State: "startup" - Reg Error: Key error. CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2011.03.22 15:21:13 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.03.22 15:20:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2011.03.22 15:20:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT [2011.03.22 15:12:40 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\***\Desktop\Erunt-setup.exe [2011.03.22 15:12:40 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011.03.22 15:12:40 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\TFC.exe [2011.03.21 16:18:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Mindjet [2011.03.21 16:17:16 | 000,006,656 | ---- | C] (Tracker Software) -- C:\Windows\SysNative\pxc35pm.dll [2011.03.21 16:17:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange 3 [2011.03.21 16:16:57 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Eigene Maps [2011.03.21 16:16:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mindjet MindManager 9 [2011.03.21 16:16:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Mindjet [2011.03.21 16:16:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mindjet [2011.03.21 16:14:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{6936B99C-2538-4542-95DA-67066DD6D440} [2011.03.21 16:11:10 | 000,000,000 | ---D | C] -- C:\Users\***\.freemind [2011.03.21 16:10:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeMind [2011.03.21 16:10:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeMind [2011.03.15 20:21:40 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Fotos Sana [2011.03.11 11:20:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2011.03.11 09:58:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.03.11 09:58:21 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2011.03.11 09:58:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2011.03.11 09:58:21 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2011.03.09 11:21:00 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\bilder [2011.03.04 09:07:56 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour [2011.03.04 09:07:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2011.02.24 10:38:01 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan [2011.02.24 10:38:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Canon [2011.02.23 08:47:29 | 000,000,000 | ---D | C] -- C:\ProgramData\PC-Doctor for Windows [2011.02.22 15:16:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Update [2011.02.22 15:00:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJSolutionMenu [2011.02.22 14:53:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP250 series Benutzerregistrierung [2011.02.22 14:50:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP250 series [2011.02.22 14:45:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEGV [2011.02.21 22:07:16 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\CANON [2011.02.21 22:04:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP250 series Manual [2 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.03.22 15:23:58 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.03.22 15:23:58 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.03.22 15:23:03 | 000,000,308 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2011.03.22 15:20:21 | 000,001,115 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2011.03.22 15:20:16 | 000,000,935 | ---- | M] () -- C:\Users\***\Desktop\NTREGOPT.lnk [2011.03.22 15:20:16 | 000,000,916 | ---- | M] () -- C:\Users\***\Desktop\ERUNT.lnk [2011.03.22 15:17:10 | 000,000,262 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2011.03.22 15:16:22 | 000,000,316 | -HS- | M] () -- C:\Windows\tasks\sdqxeht.job [2011.03.22 15:16:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.03.22 15:16:04 | 1504,333,824 | -HS- | M] () -- C:\hiberfil.sys [2011.03.22 15:12:59 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\***\Desktop\Erunt-setup.exe [2011.03.22 15:12:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011.03.22 15:12:45 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\TFC.exe [2011.03.22 15:09:53 | 000,742,874 | ---- | M] () -- C:\Users\***\Desktop\Load.exe [2011.03.22 14:45:12 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE [2011.03.22 14:03:35 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2011.03.21 16:24:16 | 000,139,776 | RHS- | M] () -- C:\Windows\SysWow64\msdtd.dll [2011.03.21 16:16:38 | 000,002,886 | ---- | M] () -- C:\Users\Public\Desktop\Mindjet MindManager 9.lnk [2011.03.21 16:10:56 | 000,001,896 | ---- | M] () -- C:\Users\***\Desktop\FreeMind.lnk [2011.03.21 16:10:37 | 010,900,992 | ---- | M] () -- C:\Users\***\Desktop\FreeMind-Windows-Installer-0.8.1-max_De.exe [2011.03.21 12:21:45 | 001,507,170 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.03.21 12:21:45 | 000,657,676 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.03.21 12:21:45 | 000,618,912 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.03.21 12:21:45 | 000,131,016 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.03.21 12:21:45 | 000,107,232 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.03.20 19:39:06 | 001,461,001 | ---- | M] () -- C:\Users\***\Desktop\http___www.giga-hamburg.de_dl_download.php_d=_content_imes_menastabilisierung_pdf_faath_studieKontrolle_2008_volltext.pdf [2011.03.17 12:31:35 | 001,866,773 | ---- | M] () -- C:\Users\***\Desktop\***.pdf [2011.03.13 11:40:23 | 000,005,701 | ---- | M] () -- C:\Users\***\Desktop\Anleitung.html [2011.03.11 19:11:41 | 000,001,732 | ---- | M] () -- C:\tvtpktfilter.dat [2011.03.11 09:58:48 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.03.08 11:24:39 | 000,358,521 | ---- | M] () -- C:\Users\***Desktop\***.pdf [2011.03.03 15:18:20 | 000,381,711 | ---- | M] () -- C:\Users\***\Desktop\***l.pdf [2011.03.03 12:52:01 | 000,021,765 | ---- | M] () -- C:\Users\***\Desktop\***.pdf [2011.03.03 12:50:40 | 000,020,391 | ---- | M] () -- C:\Users\***\Desktop\daily star.pdf [2011.03.03 12:16:17 | 000,171,116 | ---- | M] () -- C:\Users\***Desktop\Albrecht 2006 Autocrats and islamists (2).pdf [2011.03.03 12:04:18 | 000,020,103 | ---- | M] () -- C:\Users\A***\Desktop\TAZ-Artikel.pdf [2011.03.03 11:15:58 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job [2011.02.23 16:36:33 | 000,034,534 | ---- | M] () -- C:\Users\***\Desktop\20110406_HOFFMANN_Florenz.pdf [2011.02.21 15:06:08 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.03.22 15:20:21 | 000,001,115 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2011.03.22 15:20:16 | 000,000,935 | ---- | C] () -- C:\Users\***\Desktop\NTREGOPT.lnk [2011.03.22 15:20:16 | 000,000,916 | ---- | C] () -- C:\Users\***\Desktop\ERUNT.lnk [2011.03.22 15:10:54 | 000,742,874 | ---- | C] () -- C:\Users\***\Desktop\Load.exe [2011.03.22 14:45:10 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE [2011.03.21 16:24:32 | 000,000,308 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2011.03.21 16:24:24 | 000,000,262 | -H-- | C] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2011.03.21 16:24:17 | 000,000,316 | -HS- | C] () -- C:\Windows\tasks\sdqxeht.job [2011.03.21 16:24:16 | 000,139,776 | RHS- | C] () -- C:\Windows\SysWow64\msdtd.dll [2011.03.21 16:16:38 | 000,002,886 | ---- | C] () -- C:\Users\Public\Desktop\Mindjet MindManager 9.lnk [2011.03.21 16:10:56 | 000,001,896 | ---- | C] () -- C:\Users\***\Desktop\FreeMind.lnk [2011.03.21 16:09:30 | 010,900,992 | ---- | C] () -- C:\Users\***\Desktop\FreeMind-Windows-Installer-0.8.1-max_De.exe [2011.03.20 19:39:06 | 001,461,001 | ---- | C] () -- C:\Users***\Desktop\http___www.giga-hamburg.de_dl_download.php_d=_content_imes_menastabilisierung_pdf_faath_studieKontrolle_2008_volltext.pdf [2011.03.17 12:31:34 | 001,866,773 | ---- | C] () -- C:\Users\***\Desktop\Contrat_Bouziane_Hoffmann.pdf [2011.03.13 11:41:14 | 000,005,701 | ---- | C] () -- C:\Users\***\Desktop\Anleitung.html [2011.03.11 19:11:41 | 000,001,732 | ---- | C] () -- C:\tvtpktfilter.dat [2011.03.11 09:58:48 | 000,001,794 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.03.08 11:24:39 | 000,358,521 | ---- | C] () -- C:\Users\***\Desktop\Reiseunterlagen Kunde Hoffmann.pdf [2011.03.03 15:18:20 | 000,381,711 | ---- | C] () -- C:\Users***\Desktop\*** Artikel.pdf [2011.03.03 12:52:01 | 000,021,765 | ---- | C] () -- C:\Users\***\Desktop\wasington post morocco protest.pdf [2011.03.03 12:50:40 | 000,020,391 | ---- | C] () -- C:\Users\***\Desktop\daily star.pdf [2011.03.03 12:16:17 | 000,171,116 | ---- | C] () -- C:\Users\***\Desktop\Albrecht 2006 Autocrats and islamists (2).pdf [2011.03.03 12:04:18 | 000,020,103 | ---- | C] () -- C:\Users\***\Desktop\TAZ-Artikel.pdf [2011.02.23 16:36:33 | 000,034,534 | ---- | C] () -- C:\Users\***\Desktop\20110406_HOFFMANN_Florenz.pdf [2011.02.23 08:47:35 | 000,000,528 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job [2011.02.23 08:47:35 | 000,000,382 | ---- | C] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2011.02.22 14:45:58 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\CNC173AD.TBL [2011.02.22 14:45:58 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\CNC173AD.TBL [2011.02.21 15:06:08 | 000,002,025 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.08.29 18:09:16 | 000,017,408 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db [2010.08.18 10:38:14 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.06.11 07:16:04 | 001,647,884 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2009.09.10 07:34:15 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin [2009.09.10 07:34:13 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin [2009.09.10 07:34:13 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin [2009.09.10 07:34:12 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin [2009.07.14 05:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 02:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 02:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 00:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 21:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2009.04.09 12:44:42 | 000,108,066 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 ========== LOP Check ========== [2011.02.24 10:38:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon [2010.11.20 13:45:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Cornelsen [2010.12.12 19:53:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EndNote [2010.11.12 07:55:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InterVideo [2010.11.13 11:30:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\T-Online [2011.02.23 08:47:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Update [2010.12.30 14:30:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vodafone [2011.03.03 11:15:58 | 000,000,528 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job [2011.01.01 15:12:09 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.03.22 15:16:22 | 000,000,316 | -HS- | M] () -- C:\Windows\Tasks\sdqxeht.job [2011.03.22 14:03:35 | 000,000,382 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job [2011.03.22 15:23:03 | 000,000,308 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2011.03.22 15:17:10 | 000,000,262 | -H-- | M] () -- C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.11.12 07:50:48 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2009.07.24 17:28:56 | 000,000,000 | -HSD | M] -- C:\Boot [2009.07.14 05:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010.08.18 09:49:45 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2010.06.11 06:32:58 | 000,000,000 | ---D | M] -- C:\Intel [2010.06.11 15:59:34 | 000,000,000 | ---D | M] -- C:\mfg [2010.08.18 13:45:15 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009.07.14 03:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.03.11 09:58:21 | 000,000,000 | R--D | M] -- C:\Programme [2011.03.22 15:20:16 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2011.03.21 16:16:26 | 000,000,000 | -H-D | M] -- C:\ProgramData [2010.08.18 09:49:45 | 000,000,000 | -HSD | M] -- C:\Programme [2010.08.18 09:50:38 | 000,000,000 | RHSD | M] -- C:\RRbackups [2011.03.11 19:24:35 | 000,000,000 | ---D | M] -- C:\swshare [2010.08.18 10:24:22 | 000,000,000 | ---D | M] -- C:\SWTOOLS [2011.03.21 17:21:42 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.03.21 16:11:42 | 000,000,000 | R--D | M] -- C:\Users [2011.03.22 15:21:13 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2010.06.11 16:15:11 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe [2009.07.14 01:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2010.06.11 16:18:06 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe [2010.06.11 16:18:06 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2010.06.11 16:15:11 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe [2010.06.11 16:16:19 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2010.06.11 16:18:06 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe [2010.06.11 16:18:06 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2010.06.11 16:16:19 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.06.11 16:18:06 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2010.06.11 16:16:19 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 01:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2010.06.11 16:18:06 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2010.06.11 16:15:11 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe [2010.06.11 16:16:19 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe [2010.06.11 16:15:11 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe < MD5 for: USERINIT.EXE > [2009.07.14 01:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 01:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 01:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe [2009.07.14 01:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 01:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 01:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 01:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 01:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.07.14 01:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2010.06.11 16:17:52 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=9ED521C0B287D4A396E1456B3D1556C9 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16440_none_cbde32e1ee86914c\winlogon.exe [2010.06.11 16:18:06 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2010.06.11 16:18:06 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe [2010.06.11 16:18:06 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe [2010.06.11 16:17:52 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=FEFF314FF78051201309E47D90554BE8 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20548_none_cc6fd1fd079cfbce\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < End of report > Und der Extras:OTL EXTRAS Logfile: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 22.03.2011 15:22:13 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\***\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 47,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 153,68 Gb Total Space | 74,72 Gb Free Space | 48,62% Space Free | Partition Type: NTFS
Drive Q: | 9,77 Gb Total Space | 2,25 Gb Free Space | 23,04% Space Free | Partition Type: NTFS
Computer Name: ***| User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" File not found
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series" = Canon MP250 series MP Drivers
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series" = Canon MP550 series MP Drivers
"{26A24AE4-039D-4CA4-87B4-2F86416016FF}" = Java(TM) 6 Update 16 (64-bit)
"{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9545E9DB-6F4C-4404-BF25-E221BE8B44C5}" = iTunes
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel(R) PROSet/Wireless WiFi-Software
"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F68310EC-B615-4044-B7D7-1A6349758D42}" = Microsoft SQL Server VSS Writer
"{F90F5A11-53E6-4045-ACB1-BC03D71FB06C}" = Microsoft SQL Server Native Client
"0D12EED917642F81501AB8731CEFC39641FB12CF" = Windows-Treiberpaket - Realtek Semiconductor Corp. HD Audio Driver (07/10/2009 6.0.1.5892)
"112AA64E0C8CC704E307FE914F7DEC1C0035598E" = Windows-Treiberpaket - Lenovo 1.55 (08/18/2009 1.55)
"1AE98C75AE2DD1284F66876FA76F46BFDF6B9D31" = Windows-Treiberpaket - Intel hdc (06/04/2009 7.0.0.1013)
"E7B58217635B8F723D4744A328A4B3237DB35FA9" = Windows-Treiberpaket - Intel System (06/04/2009 1.0.0.0002)
"EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"LENOVO.SMIIF" = Lenovo System Interface Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"OnScreenDisplay" = Anzeige am Bildschirm
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"PDF-XChange 3_is1" = PDF-XChange 3
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"W7DevOR" = Registry Patch to arrange icons in Device and Printers folder of Windows 7
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{1F8DA253-3C27-4B01-A63A-BA3533120833}" = Microsoft Research AutoCollage Touch 2009
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 24
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Small Business Edition
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{651CA61C-6803-4E74-8CA6-9DA721F1D24E}" = iDumpPod2iTunes
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6A77FE0A-6A36-44F0-A503-A4BC49EFD6BC}" = OLYMPUS DSS Player-Lite
"{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86B3F2D6-AC2B-4E88-8AE1-F2F77F781B0C}" = EndNote X3
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_PROPLUS_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUS_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{986AB50A-A527-4F6D-8E8B-87FC3F0C2DBA}" = Mobile Broadband
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Join Air
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.2 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B383F243-0ABC-4E56-AA30-923B8D85076E}" = Rescue and Recovery
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C64A877E-DF8D-4017-AA82-000A77C6D809}" = Verizon Wireless Mobile Broadband Self Activation
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Energie-Manager
"{DB44F479-789A-4D76-A31E-663C5658F576}" = Mindjet MindManager 9
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E3B99F3D-9856-482A-9048-305E28E2510C}" = Vodafone Mobile Connect Lite
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E8A54984-9776-4283-ACE2-782BA850A1C0}" = Roxio Creator Small Business Edition
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AudibleDownloadManager" = Audible Download Manager
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Canon MP250 series Benutzerregistrierung" = Canon MP250 series Benutzerregistrierung
"Canon MP550 series Benutzerregistrierung" = Canon MP550 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"DivX Setup.divx.com" = DivX-Setup
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ERUNT_is1" = ERUNT 1.1j
"HSPA USB MODEM ALCATEL_is1" = HSPA USB MODEM
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"Lenovo Welcome_is1" = Lenovo Welcome
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"Netzmanager" = Netzmanager
"PROPLUS" = Microsoft Office Professional Plus 2007
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"WinLiveSuite_Wave3" = Windows Live Essentials
"Zattoo4" = Zattoo4 4.0.5
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 11.03.2011 06:42:27 | Computer Name = ***| Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 11.03.2011 07:08:18 | Computer Name = *** | Source = VMCService | ID = 0
Description = GetProcessOwner
Error - 11.03.2011 07:13:51 | Computer Name = *** | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 11.03.2011 07:25:59 | Computer Name = ***| Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 11.03.2011 07:28:10 | Computer Name = ***| Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 11.03.2011 07:41:51 | Computer Name = *** | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 11.03.2011 08:44:28 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 11.03.2011 08:44:30 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1060
Error - 11.03.2011 08:44:30 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1060
Error - 11.03.2011 11:34:48 | Computer Name =*** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
[ OSession Events ]
Error - 04.10.2010 11:26:50 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 347
seconds with 180 seconds of active time. This session ended with a crash.
Error - 19.10.2010 17:56:36 | Computer Name =*** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 776
seconds with 360 seconds of active time. This session ended with a crash.
Error - 13.02.2011 14:53:01 | Computer Name =*** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 286
seconds with 120 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 09.03.2011 13:57:31 | Computer Name = *** | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst lmhosts erreicht.
Error - 09.03.2011 13:58:40 | Computer Name =*** | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Netzmanager Service erreicht.
Error - 09.03.2011 19:42:52 | Computer Name = *** | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
Error - 10.03.2011 18:39:08 | Computer Name = *** | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst lmhosts erreicht.
Error - 11.03.2011 06:48:15 | Computer Name = ***| Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse
des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
-n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
Error - 11.03.2011 06:57:18 | Computer Name = *** | Source = bowser | ID = 8003
Description =
Error - 11.03.2011 07:28:34 | Computer Name = *** | Source = bowser | ID = 8003
Description =
Error - 11.03.2011 07:41:15 | Computer Name = ***| Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Presentation Foundation-Schriftartcache 3.0.0.0 erreicht.
Error - 11.03.2011 07:41:15 | Computer Name =***| Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0"
wurde aufgrund folgenden Fehlers nicht gestartet: %%1053
Error - 11.03.2011 07:41:45 | Computer Name = ***| Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Netzmanager Infrastruktur Informationssystem Dienst erreicht.
< End of report >
--- --- --- Geändert von LolaLo (22.03.2011 um 16:42 Uhr) Grund: Log-Files wurden hinzugefügt |
| Themen zu Internet Explorer startet ohne Grund automatisch |
| 64-bit, adblock, alcatel, angst, automatisch, avgntflt.sys, c:\windows\system32\rundll32.exe, canon, computer, explorer, gefunde, geschenkt, gestern, grund, heute, iastor.sys, install.exe, interne, internet, internet explorer, internetexplorer, ip-adresse, kaputt, kunde, lenovo, liebe, location, merkwürdig, microsoft office word, nicht mehr, nichts, office 2007, oldtimer, olympus, plug-in, problem, programdata, saver, saving, searchplugins, security update, shell32.dll, shortcut, start menu, starte, startet, syswow64, tracker, troja, uiexec.exe, vodafone, webcheck, weiterhelfen, werbung, wirklich |
Baum-Darstellung