Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Windows Diagnostic - Opfer - (https://www.trojaner-board.de/96815-windows-diagnostic-opfer.html)

Peter82 24.03.2011 20:55
Windows Diagnostic - Opfer -
 
Hallo zusammen,

auch ich wurde leider Opfer von Windows Diagnostic.

Neben den nervigen Fehlermeldungen, ist auch mein Dekstop leer bzw. "gelöscht" unddemnach alle privaten Dateien.

Ich habe mich auch informiert, wie ich diesen wieder los werde. Jedoch, bin ich nicht so IT erfahren, dass ich das ohne EURE Hilfe hinbekommen werde.

Ich habe bereits den Malware-Scan am Laufen und google mich durch das Thema, doch so richtig verstehen tue ich nichts. Und deswegen bitte auch für mich eine individuelle Anleitung.

Wenn der Scan durchgelaufen ist, werde ich diesen hier posten und anschließend den OTL-System-Scan durchzuführen.

Müssen für diese Scans andere Programme (z.B. Antivir, Mozilla) geschlossen/beendet sein?

Vielen Dank vorab!!!
Gruß Peter82

Peter82 24.03.2011 21:29
Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 6158

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

24.03.2011 21:26:12
mbam-log-2011-03-24 (21-26-12).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|S:\|)
Durchsuchte Objekte: 277329
Laufzeit: 58 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SSFdrVXAOXpQ (Trojan.FakeAlert) -> Value: SSFdrVXAOXpQ -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RestorPoint.exe (Trojan.SpyEyes) -> Value: RestorPoint.exe -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\restorpoint (Trojan.SpyEyes) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\programdata\ssfdrvxaoxpq.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\programdata\43310856.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\Users\InFo\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\6UJV0ZQ7\contacts[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\restorpoint\config.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.

Peter82 24.03.2011 21:31
Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes
Datenbank Version: 6158

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

24.03.2011 21:26:12
mbam-log-2011-03-24 (21-26-12).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|S:\|)
Durchsuchte Objekte: 277329
Laufzeit: 58 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SSFdrVXAOXpQ (Trojan.FakeAlert) -> Value: SSFdrVXAOXpQ -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RestorPoint.exe (Trojan.SpyEyes) -> Value: RestorPoint.exe -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\restorpoint (Trojan.SpyEyes) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\programdata\ssfdrvxaoxpq.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\programdata\43310856.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\Users\InFo\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\6UJV0ZQ7\contacts[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\restorpoint\config.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.

Peter82 24.03.2011 21:32
Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 6158

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

24.03.2011 21:26:12
mbam-log-2011-03-24 (21-26-12).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|S:\|)
Durchsuchte Objekte: 277329
Laufzeit: 58 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SSFdrVXAOXpQ (Trojan.FakeAlert) -> Value: SSFdrVXAOXpQ -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RestorPoint.exe (Trojan.SpyEyes) -> Value: RestorPoint.exe -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Peter82 24.03.2011 21:33
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6158

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

24.03.2011 21:26:12
mbam-log-2011-03-24 (21-26-12).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|S:\|)
Durchsuchte Objekte: 277329
Laufzeit: 58 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SSFdrVXAOXpQ (Trojan.FakeAlert) -> Value: SSFdrVXAOXpQ -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RestorPoint.exe (Trojan.SpyEyes) -> Value: RestorPoint.exe -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\restorpoint (Trojan.SpyEyes) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\programdata\ssfdrvxaoxpq.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\programdata\43310856.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\Users\InFo\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\6UJV0ZQ7\contacts[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\restorpoint\config.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.

Peter82 24.03.2011 21:49
OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 24.03.2011 21:39:26 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\InFo\Downloads
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 32,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 60,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137,82 Gb Total Space | 69,83 Gb Free Space | 50,67% Space Free | Partition Type: NTFS
Drive D: | 4,19 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF1.02
Drive Q: | 9,77 Gb Total Space | 3,93 Gb Free Space | 40,22% Space Free | Partition Type: NTFS
Drive S: | 1,46 Gb Total Space | 0,68 Gb Free Space | 46,35% Space Free | Partition Type: NTFS
 
Computer Name: INFO-PC | User Name: InFo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Platte\Programme\Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Platte\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Platte\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3DF2F71D-24A1-45B8-AD4F-812A936D11B2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{46F6892A-A410-4216-9176-64265B6B91D0}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{667867AB-0960-4824-934C-AC68E303EFA1}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A19FA8CC-B0C6-4D2E-9FA2-8A08215A8CF3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B053695E-E148-447E-8F08-26DFE0B5D9D2}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B1D476F0-7DB7-4238-A7CB-2D495134143A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D8C49683-F7D9-4A95-BF6D-BB0386FAA32F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DC40B384-7632-42FF-B0E5-0F522DE9123F}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E2550FE6-283A-47F4-9483-909C9F39EA24}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AD9BF03-D668-42F3-9EB9-8D12F04953E4}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxditime.exe |
"{23BD4D33-2E06-490C-AF91-F750EA635199}" = protocol=6 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdimon.exe |
"{2FEA0712-1E25-408A-B24B-35B4ABB5BAD1}" = protocol=17 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdiamon.exe |
"{3D0510DD-9100-4089-915B-A87D7265A0D4}" = protocol=6 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdiamon.exe |
"{52ACADBF-3B48-4D12-8A3C-DB97FADF1F99}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{530E5EF2-EF0D-4A30-8C4F-DA767CC72FD5}" = protocol=6 | dir=in | app=c:\windows\system32\lxdicoms.exe |
"{5B6D1134-A66C-4E70-B35C-BBA10AE7327C}" = protocol=17 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdimon.exe |
"{6EC36D40-907F-47E3-9766-3D247BB6BC50}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdipswx.exe |
"{6FB6C32D-A8FD-4D96-837E-D4F3C85A4838}" = protocol=17 | dir=in | app=c:\program files\lexmark 3500-4500 series\app4r.exe |
"{80AC7ABE-A826-4F31-8702-BCC648F6A259}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9D6C3D93-B673-43E7-9426-0D5B41009452}" = protocol=6 | dir=in | app=c:\program files\lexmark 3500-4500 series\app4r.exe |
"{D5270E69-35DD-4A3E-9B82-0BC4034FF6A1}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxditime.exe |
"{E7815F57-19CD-4FC8-86B7-A33F72B33406}" = protocol=17 | dir=in | app=c:\windows\system32\lxdicoms.exe |
"{EC338C79-6532-45CE-A207-0EBC425BE8DB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F69DDB9E-64C9-470E-87FB-EC30C72BD061}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdipswx.exe |
"TCP Query User{19BB69A5-86EE-49F2-AB58-B72DF3EC9F32}C:\program files\lexmark 3500-4500 series\lxdimon.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdimon.exe |
"TCP Query User{29D34CE9-D8BA-4482-A293-BB2AF0FAD921}C:\platte\spiele\gp3\gp3.exe" = protocol=6 | dir=in | app=c:\platte\spiele\gp3\gp3.exe |
"TCP Query User{8C6E7E55-203E-415B-B979-0D188B9C7AF5}C:\platte\spiele\kart\game\moorhuhn_kart3.exe" = protocol=6 | dir=in | app=c:\platte\spiele\kart\game\moorhuhn_kart3.exe |
"TCP Query User{996E71A8-F27C-4FDE-A1B0-94F7679F8108}C:\program files\lexmark 3500-4500 series\lxdiamon.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdiamon.exe |
"TCP Query User{AB456425-18B0-4733-9893-1E1E29F7581E}C:\platte\programme\icq\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\platte\programme\icq\icq6.5\icq.exe |
"TCP Query User{B8813E54-259C-442F-9F52-254A6E2C8C2E}C:\platte\programme\icq\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\platte\programme\icq\icq6.5\icq.exe |
"TCP Query User{D424A494-6BE4-4305-986C-ADAC1D74C3F7}D:\d-link.exe" = protocol=6 | dir=in | app=d:\d-link.exe |
"UDP Query User{25CD73FB-24BA-4ABA-AD99-BF7F08B38C0B}C:\platte\programme\icq\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\platte\programme\icq\icq6.5\icq.exe |
"UDP Query User{29718E64-F280-458E-A944-4888AF101CC0}C:\platte\spiele\gp3\gp3.exe" = protocol=17 | dir=in | app=c:\platte\spiele\gp3\gp3.exe |
"UDP Query User{9050DB3B-E36E-48BF-AC92-A4A4AC2AE44F}C:\platte\programme\icq\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\platte\programme\icq\icq6.5\icq.exe |
"UDP Query User{91BE120C-25B2-45C4-A0C3-8DF25E33F340}C:\program files\lexmark 3500-4500 series\lxdiamon.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdiamon.exe |
"UDP Query User{BB1223E7-88CE-404A-BA75-3FE5F4528E22}D:\d-link.exe" = protocol=17 | dir=in | app=d:\d-link.exe |
"UDP Query User{D0B0F59D-DC63-4A22-93EE-8D272F51648D}C:\program files\lexmark 3500-4500 series\lxdimon.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdimon.exe |
"UDP Query User{DB8D5685-9A58-4B95-9C95-392FB1A9AAEE}C:\platte\spiele\kart\game\moorhuhn_kart3.exe" = protocol=17 | dir=in | app=c:\platte\spiele\kart\game\moorhuhn_kart3.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = ThinkPad Bluetooth with Enhanced Data Rate Software 6.1.0.4500
"{055B9AD2-48E1-462E-9992-814123063C46}" = Lenovo_ATK_Package
"{05860BD6-2B3C-4B16-A300-964403ACF13C}" = ThinkVantage GPS
"{061A431C-86E7-4DB4-92B8-36DE783865CF}" = Integrated Camera
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{08163A7B-A683-4201-9166-BA4E65D263ED}" = Mobile Broadband Connect
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{10DDCDDD-9A59-4496-9371-C17F1668D433}" = Windows Live Toolbar
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP540_series" = Canon MP540 series MP Drivers
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad-Dienstprogramm 'EasyEject'
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1D1D8ADC-BF08-4E61-9393-5FA305B16864}" = Microsoft SQL Server Native Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Drag-to-Disc
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3F963A06-7C18-4039-9789-9644B3266AE7}" = Verizon Wireless BroadbandAccess Self Activation
"{42B49E02-8422-4B41-BABA-2B282E997462}" = Moorhuhn Kart 3 Demo
"{44E9D4C2-946C-4378-9354-558803C47A68}" = Client Security - Password Manager
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{4AB5764A-3894-49A2-BAA8-C4665F74CD4C}" = Registry patch to improve USB device detection on resume from sleep for Windows Vista
"{4BD295B9-0190-4C54-B08E-33A6ECA922DF}" = ThinkVantage Access Connections
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP1
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Small Business Edition
"{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}" = Adobe Flash Player 9 ActiveX
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01
"{5C759B74-34F4-43C6-A5D9-039CB754C5E9}" = Microsoft SQL Server VSS Writer
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6280149E-EFF3-4F1B-BD43-5B7EDD6F620A}" = Ergänzung zu Lenovo Care
"{64211D43-D195-413C-A7E7-666C10B53E1F}" = Ericsson Wireless Module Core
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Präsentationsdirektor
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{668ACF05-E455-4932-A2D2-5822A8206FEB}" = Camera Center
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}" = Vodafone Mobile Connect Lite
"{7A36FE6E-66C2-11D4-BE67-0000B4A81FCD}" = Grand Prix 3-Demo
"{7E4C16B8-8F76-4940-8505-98E93C00BF19}" = Rescue and Recovery
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{852AFD2D-07CC-46FD-A159-671102782771}" = Intel(R) PROSet/Wireless WiFi-Software
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{90FABD40-E741-446F-839D-CEAE905D63BE}" = ThinkPad Mobility Center Customization
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{939740B5-0064-4779-854A-8C1086181C05}" = Macromedia FreeHand MXa
"{959282E3-55A9-49D8-B885-D27CF8A2FD82}" = PHOTOfunSTUDIO 5.1 HD Edition
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CECB23C-F4BC-4FDA-A306-E544A216176A}" = ThinkVantage Status Gadget
"{9F98C9F8-9B49-411C-AFB9-AF633249FA7C}" = ThinkVantage Fingerprint Software 5.8
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AB7B2324-1C73-4FC0-B766-4EEB0A3753AF}" = Airfix Dogfighter DEMO
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CF52099A-3BEA-4C41-AEA8-1E190F04D737}" = Lenovo Care
"{D9F50DFC-5894-460A-9B14-44889BF42DFB}" = Cisco AnyConnect VPN Client
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Energie-Manager
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{E8A54984-9776-4283-ACE2-782BA850A1C0}" = Roxio Creator Small Business Edition
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{FA62B4C2-6CFD-462F-9B59-68A730001AB3}" = Product Recovery Disc Burning Utility
"414DA9DB2E84AAFAD2D2715FD9BABFAB2D209FFD" = Windows Driver Package - Lenovo 1.44 (05/14/2008 1.44)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP1
"CheckerBoard_is1" = CheckerBoard 1.65
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Dipmon" = Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista
"ElsterFormular 11.5.1.4843" = ElsterFormular
"FPIRPOn" = Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista
"FreePDF_XP" = FreePDF XP (Remove only)
"FUSSBALL MANAGER 08" = FUSSBALL MANAGER 08
"GPL Ghostscript 8.64" = GPL Ghostscript 8.64
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Lenovo Registration" = Lenovo Registration
"Lenovo Welcome_is1" = Lenovo Welcome v1.0.23.3
"LENOVO.SMIIF" = Lenovo System Interface Driver
"Lexmark 3500-4500 Series" = Lexmark 3500-4500 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (3.0.8)" = Mozilla Firefox (3.0.8)
"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)
"OnScreenDisplay" = Anzeige am Bildschirm
"PC-Doctor 5 for Windows" = PC-Doctor 5 für Windows
"PDF Blender" = PDF Blender
"Power Management Driver" = ThinkPad Power Management Driver for SL Series
"PROHYBRIDR" = 2007 Microsoft Office system
"ProInst" = Intel PROSet Wireless
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"USBPMon" = Registry patch for Windows Vista USB S3 PM Enablement
"VLC media player" = VLC media player 0.9.9
"Windows Live Toolbar" = Windows Live Toolbar
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 21.03.2011 16:38:00 | Computer Name = InFo-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 21.03.2011 16:38:01 | Computer Name = InFo-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 21.03.2011 16:57:57 | Computer Name = InFo-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 21.03.2011 17:00:29 | Computer Name = InFo-PC | Source = EventSystem | ID = 4609
Description =
 
Error - 21.03.2011 17:02:30 | Computer Name = InFo-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 21.03.2011 17:03:42 | Computer Name = InFo-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 24.03.2011 14:52:03 | Computer Name = InFo-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 24.03.2011 14:52:29 | Computer Name = InFo-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 24.03.2011 15:16:38 | Computer Name = InFo-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 24.03.2011 15:17:57 | Computer Name = InFo-PC | Source = WinMgmt | ID = 10
Description =
 
[ Cisco AnyConnect VPN Client Events ]
Error - 24.10.2010 15:47:30 | Computer Name = InFo-PC | Source = vpnagent | ID = 50331649
Description =  Function: WaitForSingleObject  Return code: 6  File: .\Agent.cpp  Line:
677  Description: Das Handle ist ungültig.   
 
Error - 28.10.2010 02:28:21 | Computer Name = InFo-PC | Source = vpnagent | ID = 50331649
Description =  Function: WaitForSingleObject  Return code: 6  File: .\Agent.cpp  Line:
677  Description: Das Handle ist ungültig.   
 
Error - 05.11.2010 02:30:52 | Computer Name = InFo-PC | Source = vpnagent | ID = 50331649
Description =  Function: WaitForSingleObject  Return code: 6  File: .\Agent.cpp  Line:
677  Description: Das Handle ist ungültig.   
 
Error - 04.12.2010 18:42:33 | Computer Name = InFo-PC | Source = vpnagent | ID = 50331649
Description =  Function: WaitForSingleObject  Return code: 6  File: .\Agent.cpp  Line:
677  Description: Das Handle ist ungültig.   
 
Error - 05.12.2010 17:04:51 | Computer Name = InFo-PC | Source = vpnagent | ID = 50331649
Description =  Function: WaitForSingleObject  Return code: 258  File: .\Agent.cpp  Line:
 677  Description: Der Wartevorgang wurde abgebrochen.   
 
Error - 06.12.2010 17:36:28 | Computer Name = InFo-PC | Source = vpnagent | ID = 50331649
Description =  Function: WaitForSingleObject  Return code: 6  File: .\Agent.cpp  Line:
677  Description: Das Handle ist ungültig.   
 
Error - 23.12.2010 17:00:10 | Computer Name = InFo-PC | Source = vpnagent | ID = 50331649
Description =  Function: WaitForSingleObject  Return code: 6  File: .\Agent.cpp  Line:
677  Description: Das Handle ist ungültig.   
 
Error - 24.01.2011 03:40:58 | Computer Name = InFo-PC | Source = vpnagent | ID = 50331649
Description =  Function: WaitForSingleObject  Return code: 6  File: .\Agent.cpp  Line:
677  Description: Das Handle ist ungültig.   
 
Error - 17.03.2011 17:58:25 | Computer Name = InFo-PC | Source = vpnagent | ID = 50331649
Description =  Function: WaitForSingleObject  Return code: 6  File: .\Agent.cpp  Line:
677  Description: Das Handle ist ungültig.   
 
Error - 18.03.2011 16:54:16 | Computer Name = INFO-PC | Source = vpnagent | ID = 50331649
Description =  Function: WaitForSingleObject  Return code: 6  File: .\Agent.cpp  Line:
677  Description: Das Handle ist ungültig.   
 
[ System Events ]
Error - 24.03.2011 15:01:14 | Computer Name = InFo-PC | Source = Service Control Manager | ID = 7011
Description =
 
Error - 24.03.2011 15:01:44 | Computer Name = InFo-PC | Source = Service Control Manager | ID = 7011
Description =
 
Error - 24.03.2011 15:02:14 | Computer Name = InFo-PC | Source = Service Control Manager | ID = 7011
Description =
 
Error - 24.03.2011 15:02:44 | Computer Name = InFo-PC | Source = Service Control Manager | ID = 7011
Description =
 
Error - 24.03.2011 15:16:33 | Computer Name = InFo-PC | Source = HTTP | ID = 15016
Description =
 
Error - 24.03.2011 15:16:54 | Computer Name = InFo-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
 
Error - 24.03.2011 15:17:58 | Computer Name = InFo-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 24.03.2011 15:17:58 | Computer Name = InFo-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 24.03.2011 15:17:58 | Computer Name = InFo-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 24.03.2011 15:17:58 | Computer Name = InFo-PC | Source = Service Control Manager | ID = 7026
Description =
 
 
< End of report >
--- --- ---

Peter82 24.03.2011 21:51
OTL Logfile:
Code:
OTL logfile created on: 24.03.2011 21:39:26 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\InFo\Downloads
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 32,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 60,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137,82 Gb Total Space | 69,83 Gb Free Space | 50,67% Space Free | Partition Type: NTFS
Drive D: | 4,19 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF1.02
Drive Q: | 9,77 Gb Total Space | 3,93 Gb Free Space | 40,22% Space Free | Partition Type: NTFS
Drive S: | 1,46 Gb Total Space | 0,68 Gb Free Space | 46,35% Space Free | Partition Type: NTFS
 
Computer Name: INFO-PC | User Name: InFo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\InFo\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Platte\Programme\Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Platte\Programme\Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Platte\Programme\ICQ\ICQ6.5\ICQ.exe (ICQ, LLC.)
PRC - C:\ProgramData\DatacardService\DCService.exe ()
PRC - C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.)
PRC - C:\Programme\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)
PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
PRC - C:\Platte\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Platte\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe (Bytemobile, Inc.)
PRC - C:\Platte\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Platte\Programme\Neuer Ordner\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
PRC - C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo)
PRC - C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
PRC - C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
PRC - C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo)
PRC - C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo)
PRC - C:\Programme\ThinkPad\ConnectUtilities\ACGadgetWrapper.exe (Lenovo)
PRC - C:\Programme\Lenovo\Camera Center\bin\LenovoCameraCenter.exe (Lenovo)
PRC - C:\Programme\ThinkVantage Fingerprint Software\upeksvr.exe (UPEK Inc.)
PRC - C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe (Lenovo)
PRC - c:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\Programme\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\LenovoCare\LPMGR.EXE (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\LenovoCare\LPMLCHK.EXE (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe ()
PRC - c:\Programme\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Programme\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\ATK Hotkey\LFKA.exe (Lenovo)
PRC - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\LVOSDSVC.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\ATK Hotkey\LControl.exe (ATK0101)
PRC - C:\Programme\Lenovo\ATK Hotkey\LFKAS.exe ()
PRC - C:\Programme\ThinkPad\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Programme\Lenovo\ATK Hotkey\GFNEXSrv.exe ()
PRC - C:\Programme\Lenovo\ATK Hotkey\ASLDRSrv.exe ()
PRC - C:\Programme\Lexmark 3500-4500 Series\lxdiamon.exe ()
PRC - C:\Programme\Lexmark 3500-4500 Series\lxdimon.exe ()
PRC - C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation)
PRC - C:\Windows\System32\lxdicoms.exe ( )
PRC - C:\Programme\Lenovo\Drag-to-Disc\DrgToDsc.exe (Roxio)
PRC - c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\InFo\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (SessionLauncher) --  File not found
SRV - (DCService.exe) -- C:\ProgramData\DatacardService\DCService.exe ()
SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (Macromedia Licensing Service) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe ()
SRV - (AntiVirService) -- C:\Platte\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Platte\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (vpnagent) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (AcSvc) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo)
SRV - (AcPrfMgrSvc) -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo)
SRV - (Power Manager DBC Service) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo)
SRV - (ThinkVantage Registry Monitor Service) -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (TVT Backup Protection Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()
SRV - (SUService) -- c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (TVT_UpdateMonitor) -- C:\Programme\Lenovo\Rescue and Recovery\UpdateMonitor.exe (Lenovo Group Limited)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (Roxio Upnp Server 10) -- C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe (Sonic Solutions)
SRV - (Roxio UPnP Renderer 10) -- C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe (Sonic Solutions)
SRV - (RoxLiveShare10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (Sonic Solutions)
SRV - (RoxWatch10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe (Sonic Solutions)
SRV - (RoxMediaDB10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (LFKAS) -- C:\Programme\Lenovo\ATK Hotkey\LFKAS.exe ()
SRV - (btwdins) -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (ATKGFNEXSrv) -- C:\Programme\Lenovo\ATK Hotkey\GFNEXSrv.exe ()
SRV - (ASLDRService) -- C:\Programme\Lenovo\ATK Hotkey\ASLDRSrv.exe ()
SRV - (bgsvcgen) -- C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation)
SRV - (lxdi_device) -- C:\Windows\System32\lxdicoms.exe ( )
SRV - (lxdiCATSCustConnectService) -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe ()
SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (huawei_enumerator) -- C:\Windows\System32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (avgio) -- C:\Platte\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.)
DRV - (lnvomdm2) -- C:\Windows\System32\drivers\lnvomdm2.sys (MCCI Corporation)
DRV - (lnvounic) Ericsson F3507g Mobile Broadband Minicard Network Adapter (WDM) -- C:\Windows\System32\drivers\lnvounic.sys (MCCI Corporation)
DRV - (lnvomdm) -- C:\Windows\System32\drivers\lnvomdm.sys (MCCI Corporation)
DRV - (lnvond5) Ericsson F3507g Mobile Broadband Minicard Network Adapter (NDIS) -- C:\Windows\System32\drivers\lnvond5.sys (MCCI Corporation)
DRV - (lnvomdfl2) -- C:\Windows\System32\drivers\lnvomdfl2.sys (MCCI Corporation)
DRV - (lnvocard) -- C:\Windows\System32\drivers\lnvocard.sys (MCCI Corporation)
DRV - (lnvobus) Ericsson F3507g Mobile Broadband Minicard Composite Device driver (WDM) -- C:\Windows\System32\drivers\lnvobus.sys (MCCI Corporation)
DRV - (lnvomdfl) -- C:\Windows\System32\drivers\lnvomdfl.sys (MCCI Corporation)
DRV - (Sony_EricssonWWSC) -- C:\Windows\System32\drivers\lnvoscard.sys (Sony Ericsson)
DRV - (smihlp) SMI Helper Driver (smihlp) -- C:\Programme\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys (UPEK Inc.)
DRV - (TPPWRIF) -- C:\Windows\System32\drivers\TPPWR32V.SYS ()
DRV - (lnvogps) -- C:\Windows\System32\drivers\lnvogps.sys (Ericsson AB)
DRV - (IntcHdmiAddService) Intel(R) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (tvtumon) -- C:\Windows\System32\drivers\tvtumon.sys (Lenovo)
DRV - (Shockprf) -- C:\Windows\System32\DRIVERS\Apsx86.sys (Lenovo.)
DRV - (TPDIGIMN) -- C:\Windows\System32\DRIVERS\ApsHM86.sys (Lenovo.)
DRV - (lenovo.smi) -- C:\Windows\System32\drivers\smiif32.sys (Lenovo Group Limited)
DRV - (PCD5SRVC{DF187064-5DA14001-05040000}) -- C:\Programme\PCDR5\pcd5srvc.pkms (PC-Doctor, Inc.)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (DCamUSBGene) -- C:\Windows\System32\drivers\USBSTK.sys ()
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (ASMMAP) -- C:\Programme\Lenovo\ATK Hotkey\ASMMAP.sys ()
DRV - (DLADResM) -- C:\Windows\System32\DLA\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\Windows\System32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\Windows\System32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\Windows\System32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\Windows\System32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\Windows\System32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\Windows\System32\DLA\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\Windows\System32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (DLARTL_M) -- C:\Windows\System32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\Windows\System32\drivers\DLACDBHM.SYS (Roxio)
DRV - (MTsensor) -- C:\Windows\System32\drivers\A0101V32.sys (ATK0100)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
 
FF - HKLM\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ [2010.06.19 08:00:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\Platte\Programme\Firefox\components [2011.03.21 18:37:10 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\Platte\Programme\Firefox\plugins [2011.03.21 18:37:10 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.04.05 15:21:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010.03.26 21:29:39 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\InFo\AppData\Roaming\mozilla\Extensions
[2010.03.26 21:29:39 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\InFo\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.03.24 20:31:11 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\InFo\AppData\Roaming\mozilla\Firefox\Profiles\k6sivo2g.default\extensions
[2011.03.14 20:24:54 | 000,000,000 | -H-D | M] (Greasemonkey) -- C:\Users\InFo\AppData\Roaming\mozilla\Firefox\Profiles\k6sivo2g.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [ACWlIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
O4 - HKLM..\Run: [avgnt] C:\Platte\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BLOG] C:\Programme\ThinkPad\Utilities\BTVLOGEX.DLL ()
O4 - HKLM..\Run: [CameraApplicationLauncher] C:\Programme\Lenovo\Camera Center\bin\CameraApplicationLaunchPadLauncher.exe ()
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [LPMailChecker] C:\Programme\Lenovo\LenovoCare\LPMLCHK.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [LPManager] C:\Programme\Lenovo\LenovoCare\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [lxdiamon] C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe ()
O4 - HKLM..\Run: [lxdimon.exe] C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [PWMTRV] C:\Programme\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe (Sonic Solutions)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\LVOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Platte\Programme\Neuer Ordner\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [ICQ] C:\Platte\Programme\ICQ\ICQ6.5\ICQ.exe (ICQ, LLC.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Platte\Programme\ICQ\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Platte\Programme\ICQ\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\SWTOOLS\Wallpaper\BlackMap1680X1050.jpg
O24 - Desktop BackupWallPaper: C:\SWTOOLS\Wallpaper\BlackMap1680X1050.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.03.27 13:47:22 | 000,000,000 | R--D | M] - D:\AutoRun -- [ UDF1.02 ]
O32 - AutoRun File - [2007.10.03 23:36:21 | 001,528,743 | R--- | M] () - D:\Autorun.exe -- [ UDF1.02 ]
O32 - AutoRun File - [2007.08.01 14:00:31 | 000,000,049 | R--- | M] () - D:\Autorun.inf -- [ UDF1.02 ]
O32 - AutoRun File - [2008.06.10 13:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O32 - AutoRun File - [2008.06.02 19:46:54 | 000,000,049 | -HS- | M] () - S:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{22b23728-f9fb-11df-916a-001e101f7f74}\Shell - "" = AutoRun
O33 - MountPoints2\{22b23728-f9fb-11df-916a-001e101f7f74}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{22b23761-f9fb-11df-916a-001e101f50a4}\Shell - "" = AutoRun
O33 - MountPoints2\{22b23761-f9fb-11df-916a-001e101f50a4}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{585a513b-7b6f-11df-9ffa-028037ec0200}\Shell - "" = AutoRun
O33 - MountPoints2\{585a513b-7b6f-11df-9ffa-028037ec0200}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{585a51d8-7b6f-11df-9ffa-001e101f8aaa}\Shell - "" = AutoRun
O33 - MountPoints2\{585a51d8-7b6f-11df-9ffa-001e101f8aaa}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{80ce8457-d3a7-11dd-8155-00248c058049}\Shell - "" = AutoRun
O33 - MountPoints2\{80ce8457-d3a7-11dd-8155-00248c058049}\Shell\AutoRun\command - "" = S:\LenovoSDrive.exe -- [2008.06.06 16:59:28 | 000,163,840 | -HS- | M] ()
O33 - MountPoints2\{8cc795ae-25f9-11de-887c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8cc795ae-25f9-11de-887c-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2008.06.10 02:34:18 | 000,221,184 | -HS- | M] (Lenovo Group Limited)
O33 - MountPoints2\{8ecbbb12-d366-11dd-ab15-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8ecbbb12-d366-11dd-ab15-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2007.10.03 23:36:21 | 001,528,743 | R--- | M] ()
O33 - MountPoints2\{921501a0-9d48-11df-98c6-001e101f50a4}\Shell - "" = AutoRun
O33 - MountPoints2\{921501a0-9d48-11df-98c6-001e101f50a4}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.03.24 20:25:03 | 000,000,000 | ---D | C] -- C:\Users\InFo\AppData\Roaming\Malwarebytes
[2011.03.24 20:24:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.03.24 20:24:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.03.24 20:24:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.03.24 20:24:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.03.24 20:24:50 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.03.21 22:03:59 | 000,000,000 | -H-D | C] -- C:\Users\InFo\Desktop\Neuer Ordner (2)
[2011.03.21 21:09:40 | 000,000,000 | -H-D | C] -- C:\Users\InFo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Diagnostic
[2011.03.20 10:51:52 | 000,000,000 | -H-D | C] -- C:\Users\InFo\Desktop\USA
[2011.03.14 17:55:39 | 000,000,000 | -H-D | C] -- C:\Users\InFo\Documents\Bluetooth-Exchange-Ordner
[2011.03.14 17:55:38 | 000,000,000 | -H-D | C] -- C:\Users\InFo\Bluetooth Software
[2009.06.28 14:28:57 | 001,187,840 | ---- | C] ( ) -- C:\Windows\System32\lxdiserv.dll
[2009.06.28 14:28:57 | 000,942,080 | ---- | C] ( ) -- C:\Windows\System32\lxdiusb1.dll
[2009.06.28 14:28:57 | 000,671,744 | ---- | C] ( ) -- C:\Windows\System32\lxdihbn3.dll
[2009.06.28 14:28:57 | 000,614,400 | ---- | C] ( ) -- C:\Windows\System32\lxdipmui.dll
[2009.06.28 14:28:57 | 000,532,480 | ---- | C] ( ) -- C:\Windows\System32\lxdilmpm.dll
[2009.06.28 14:28:57 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\lxdiinpa.dll
[2009.06.28 14:28:57 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdiiesc.dll
[2009.06.28 14:28:57 | 000,320,432 | ---- | C] ( ) -- C:\Windows\System32\lxdiih.exe
[2009.06.28 14:28:57 | 000,311,296 | ---- | C] ( ) -- C:\Windows\System32\lxdihcp.dll
[2009.06.28 14:28:57 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdiprox.dll
[2009.06.28 14:28:57 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdipplc.dll
[2009.06.28 14:28:56 | 000,765,952 | ---- | C] ( ) -- C:\Windows\System32\lxdicomc.dll
[2009.06.28 14:28:56 | 000,517,040 | ---- | C] ( ) -- C:\Windows\System32\lxdicoms.exe
[2009.06.28 14:28:56 | 000,360,448 | ---- | C] ( ) -- C:\Windows\System32\lxdicomm.dll
[2009.06.28 14:28:56 | 000,340,912 | ---- | C] ( ) -- C:\Windows\System32\lxdicfg.exe
[1 C:\Users\InFo\Desktop\*.tmp files -> C:\Users\InFo\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.03.24 21:37:38 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.03.24 21:37:38 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.03.24 21:34:00 | 000,000,252 | ---- | M] () -- C:\Windows\tasks\Auf Updates für Windows Live Toolbar prüfen.job
[2011.03.24 21:26:25 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\cuidxll.sys
[2011.03.24 20:24:55 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.24 20:16:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.03.24 20:16:27 | 2111,098,880 | -HS- | M] () -- C:\hiberfil.sys
[2011.03.24 20:15:12 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.03.24 19:56:12 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D93FDFF5-A721-4482-B7E8-ACA72C7C98A8}.job
[2011.03.21 21:09:43 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~43310856r
[2011.03.21 21:09:43 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~43310856
[2011.03.21 21:09:40 | 000,000,597 | -H-- | M] () -- C:\Users\InFo\Desktop\Windows Diagnostic.lnk
[2011.03.21 21:09:38 | 000,000,344 | -H-- | M] () -- C:\ProgramData\43310856
[2011.03.20 12:47:09 | 000,093,329 | -H-- | M] () -- C:\Users\InFo\Desktop\ESTA-Antrag_Jasmin.pdf
[2011.03.20 12:30:13 | 000,093,184 | -H-- | M] () -- C:\Users\InFo\Desktop\ESTA-Antrag_Bernard.pdf
[2011.03.14 18:07:11 | 000,000,194 | -H-- | M] () -- C:\Users\Public\Documents\BluetoothLog.html
[2011.03.14 17:59:40 | 000,685,868 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.03.14 17:59:40 | 000,642,654 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.03.14 17:59:40 | 000,151,132 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.03.14 17:59:40 | 000,122,798 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[1 C:\Users\InFo\Desktop\*.tmp files -> C:\Users\InFo\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.03.24 21:26:25 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\cuidxll.sys
[2011.03.24 20:24:55 | 000,000,916 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.21 22:02:11 | 2111,098,880 | -HS- | C] () -- C:\hiberfil.sys
[2011.03.21 21:09:43 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~43310856r
[2011.03.21 21:09:43 | 000,000,104 | -H-- | C] () -- C:\ProgramData\~43310856
[2011.03.21 21:09:40 | 000,000,597 | -H-- | C] () -- C:\Users\InFo\Desktop\Windows Diagnostic.lnk
[2011.03.21 21:09:38 | 000,000,344 | -H-- | C] () -- C:\ProgramData\43310856
[2011.03.20 12:47:08 | 000,093,329 | -H-- | C] () -- C:\Users\InFo\Desktop\ESTA-Antrag_Jasmin.pdf
[2011.03.20 12:30:12 | 000,093,184 | -H-- | C] () -- C:\Users\InFo\Desktop\ESTA-Antrag_Bernard.pdf
[2010.08.06 17:18:58 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010.08.06 17:18:58 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010.08.06 17:18:57 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010.08.06 17:18:57 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010.08.06 17:18:57 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010.08.06 17:18:57 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010.08.06 17:18:57 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010.08.06 17:18:57 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010.08.06 17:18:57 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010.08.06 17:18:57 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010.08.06 17:18:57 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2010.08.06 17:18:57 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010.08.06 17:18:57 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010.08.06 17:18:57 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010.08.06 17:18:57 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2010.08.06 17:18:57 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010.08.06 17:18:57 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2010.08.06 17:18:57 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2010.08.06 17:18:57 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2009.08.28 19:04:53 | 000,000,680 | -H-- | C] () -- C:\Users\InFo\AppData\Local\d3d9caps.dat
[2009.06.28 14:57:57 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2009.06.28 14:57:57 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2009.06.28 14:28:57 | 000,294,912 | ---- | C] () -- C:\Windows\System32\lxdiinst.dll
[2009.06.28 14:28:57 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdigrd.dll
[2009.06.16 12:25:02 | 000,121,512 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2009.05.09 19:01:56 | 000,006,144 | -H-- | C] () -- C:\Users\InFo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.15 14:47:11 | 000,000,092 | -H-- | C] () -- C:\Users\InFo\AppData\Local\fusioncache.dat
[2008.12.27 01:36:25 | 000,016,896 | ---- | C] () -- C:\Windows\Eventclr.exe
[2008.12.26 17:20:14 | 000,012,080 | ---- | C] () -- C:\Windows\System32\drivers\TPPWR32V.SYS
[2008.12.26 17:19:25 | 000,061,440 | R--- | C] () -- C:\Windows\System32\AABATT.dll
[2008.12.26 17:15:15 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008.12.26 17:15:15 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008.12.26 17:15:15 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008.12.26 17:15:15 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008.12.26 17:15:15 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008.12.26 17:15:15 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008.12.26 17:12:49 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2008.12.26 17:12:49 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2008.12.26 17:00:44 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008.12.26 17:00:44 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008.12.26 17:00:43 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2008.12.26 17:00:43 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008.12.26 17:00:42 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2008.12.26 16:57:19 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.12.26 16:55:10 | 000,522,256 | ---- | C] () -- C:\Windows\System32\drivers\USBSTK1.sys
[2008.12.26 16:55:10 | 000,278,288 | ---- | C] () -- C:\Windows\System32\drivers\USBSTK0.sys
[2008.12.26 16:55:10 | 000,176,528 | ---- | C] () -- C:\Windows\System32\drivers\USBSTK.sys
[2008.12.26 16:55:10 | 000,145,424 | ---- | C] () -- C:\Windows\System32\drivers\USBSTK2.sys
[2008.12.26 16:55:10 | 000,017,424 | ---- | C] () -- C:\Windows\System32\drivers\USBSTK3.sys
[2008.12.26 16:55:09 | 000,055,824 | ---- | C] () -- C:\Windows\CamUnist.exe
[2008.12.26 16:49:19 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008.04.16 18:59:47 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.04.16 18:59:46 | 000,685,868 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.04.16 18:59:46 | 000,151,132 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.04.16 18:59:46 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.01.21 03:25:51 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2008.01.21 03:24:41 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2007.04.16 03:24:16 | 000,023,752 | ---- | C] () -- C:\Windows\System32\providers.bin
[2007.03.30 09:13:24 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxdicoin.dll
[2007.03.23 14:44:46 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxdidrs.dll
[2007.02.09 13:07:06 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdicnv4.dll
[2007.01.23 18:40:16 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxdicaps.dll
[2006.11.02 13:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:43 | 000,413,864 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 11:33:01 | 000,642,654 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,122,798 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.11.02 08:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006.08.01 00:53:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdivs.dll
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
 
========== LOP Check ==========
 
[2010.06.19 08:01:20 | 000,000,000 | -H-D | M] -- C:\Users\InFo\AppData\Roaming\Bytemobile
[2009.08.19 14:49:30 | 000,000,000 | -H-D | M] -- C:\Users\InFo\AppData\Roaming\Cisco
[2009.04.18 19:25:38 | 000,000,000 | -H-D | M] -- C:\Users\InFo\AppData\Roaming\DAEMON Tools
[2009.04.18 19:26:02 | 000,000,000 | -H-D | M] -- C:\Users\InFo\AppData\Roaming\DAEMON Tools Lite
[2009.04.18 19:25:38 | 000,000,000 | -H-D | M] -- C:\Users\InFo\AppData\Roaming\DAEMON Tools Pro
[2010.11.28 10:50:21 | 000,000,000 | -H-D | M] -- C:\Users\InFo\AppData\Roaming\ICQ
[2009.04.10 14:04:52 | 000,000,000 | -H-D | M] -- C:\Users\InFo\AppData\Roaming\Leadertech
[2009.04.10 13:20:43 | 000,000,000 | -H-D | M] -- C:\Users\InFo\AppData\Roaming\Lenovo
[2009.06.28 14:35:58 | 000,000,000 | -H-D | M] -- C:\Users\InFo\AppData\Roaming\Lexmark Productivity Studio
[2009.04.15 14:43:53 | 000,000,000 | -H-D | M] -- C:\Users\InFo\AppData\Roaming\T-Online
[2011.03.21 19:48:28 | 000,000,000 | -H-D | M] -- C:\Users\InFo\AppData\Roaming\temp
[2010.03.26 21:29:38 | 000,000,000 | -H-D | M] -- C:\Users\InFo\AppData\Roaming\Thunderbird
[2010.06.19 08:01:34 | 000,000,000 | -H-D | M] -- C:\Users\InFo\AppData\Roaming\Vodafone
[2010.06.19 08:15:50 | 000,000,000 | -H-D | M] -- C:\Users\InFo\AppData\Roaming\Vodafone Mobile Connect
[2011.03.24 21:34:00 | 000,000,252 | ---- | M] () -- C:\Windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job
[2011.03.24 20:15:13 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.03.24 19:56:12 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{D93FDFF5-A721-4482-B7E8-ACA72C7C98A8}.job
 
========== Purity Check ==========
 
< End of report >
--- --- ---


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:23 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131