Trojaner-Board - BKA Virus deaktiviert alle Benutzerkonnten

Hallo noch,

hier nun noch der OTL Log
Das waren bei mir aber 2 FilesOTL Logfile:

Code:

OTL Extras logfile created on: 05.09.2011 17:19:57 - Run 1

OTL by OldTimer - Version 3.2.27.0     Folder = F:\

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,99 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 58,67% Memory free

3,33 Gb Paging File | 2,66 Gb Available in Paging File | 79,99% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 68,02 Gb Total Space | 7,80 Gb Free Space | 11,46% Space Free | Partition Type: NTFS

Drive D: | 81,02 Gb Total Space | 13,88 Gb Free Space | 17,14% Space Free | Partition Type: NTFS

Drive F: | 118,04 Mb Total Space | 105,77 Mb Free Space | 89,60% Space Free | Partition Type: FAT32

 

Computer Name: LENOVO-GEWI1 | User Name: ***** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\DATEV\PROGRAMM\DBMSTool\dvpcdbcockpit.exe" = C:\DATEV\PROGRAMM\DBMSTOOL\dvpcdbcockpit.exe:*:Enabled:dvpcdbcockpit.exe -- (DATEV eG)

"C:\DATEV\SYSTEM\DVBSPrintSrvDBRep.exe" = C:\DATEV\SYSTEM\DVBSPrintSrvDBRep.exe:*:Enabled:DVBSPrintSrvDBRep.exe

"C:\DATEV\SYSTEM\DVBSPrintSrvLog.exe" = C:\DATEV\SYSTEM\DVBSPrintSrvLog.exe:*:Enabled:DVBSPrintSrvLog.exe

"C:\DATEV\SYSTEM\PSNTServ.exe" = C:\DATEV\SYSTEM\PSNTServ.exe:*:Enabled:PSNTServ.exe

"C:\DATEV\PROGRAMM\DSERVICE\DVBSPrintSrvTDCTool.exe" = C:\DATEV\PROGRAMM\DSERVICE\DVBSPrintSrvTDCTool.exe:*:Enabled:DVBSPrintSrvTDCTool.exe

"C:\DATEV\PROGRAMM\DSERVICE\Psclean.exe" = C:\DATEV\PROGRAMM\DSERVICE\Psclean.exe:*:Enabled:Psclean.exe

"C:\DATEV\PROGRAMM\INSTALL\Execdll\ExecDllExe.exe" = C:\DATEV\PROGRAMM\INSTALL\Execdll\ExecDllExe.exe:*:Enabled:ExecDllExe.exe -- (DATEV eG)

"C:\DATEV\PROGRAMM\INSTALL\Uninstal.exe" = C:\DATEV\PROGRAMM\INSTALL\Uninstal.exe:*:Enabled:Uninstal.exe -- (DATEV eG)

"C:\DATEV\PROGRAMM\SRVTOOL\SrvTool.exe" = C:\DATEV\PROGRAMM\SRVTOOL\SrvTool.exe:*:Enabled:SrvTool.exe

"C:\DATEV\PROGRAMM\ASA\WIN32\CLIENT\dbeng6.exe" = C:\DATEV\PROGRAMM\ASA\WIN32\CLIENT\dbeng6.exe:*:Enabled:dbeng6.exe

"C:\DATEV\PROGRAMM\NESYMAND\NesyMand.exe" = C:\DATEV\PROGRAMM\NESYMAND\NesyMand.exe:*:Enabled:NesyMand.exe

"C:\DATEV\SYSTEM\DVNESYTrafo001.exe" = C:\DATEV\SYSTEM\DVNESYTrafo001.exe:*:Enabled:DVNESYTrafo001.exe

"C:\DATEV\PROGRAMM\NESYERF\NesyErf.exe" = C:\DATEV\PROGRAMM\NESYERF\NesyErf.exe:*:Enabled:NesyErf.exe

"C:\Programme\McAfee\Managed VirusScan\Agent\myAgtSvc.exe" = C:\Programme\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:Managed Services Agent -- (McAfee, Inc.)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Programme\McAfee\Managed VirusScan\Agent\myAgtSvc.exe" = C:\Programme\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:Managed Services Agent -- (McAfee, Inc.)

"C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Programme\HP\Digital Imaging\bin\hposfx08.exe" = C:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Programme\HP\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)

"C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)

"C:\Programme\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Programme\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )

"C:\Programme\HP\Digital Imaging\bin\hpoews01.exe" = C:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Programme\Retrospect\Retrospect 7.5\Retrospect.exe" = C:\Programme\Retrospect\Retrospect 7.5\Retrospect.exe:*:Enabled:Retrospect -- (EMC Corporation)

"C:\DATEV\PROGRAMM\DBMSTool\dvpcdbcockpit.exe" = C:\DATEV\PROGRAMM\DBMSTOOL\dvpcdbcockpit.exe:*:Enabled:dvpcdbcockpit.exe -- (DATEV eG)

"C:\DATEV\SYSTEM\DVBSPrintSrvDBRep.exe" = C:\DATEV\SYSTEM\DVBSPrintSrvDBRep.exe:*:Enabled:DVBSPrintSrvDBRep.exe

"C:\DATEV\SYSTEM\DVBSPrintSrvLog.exe" = C:\DATEV\SYSTEM\DVBSPrintSrvLog.exe:*:Enabled:DVBSPrintSrvLog.exe

"C:\DATEV\SYSTEM\PSNTServ.exe" = C:\DATEV\SYSTEM\PSNTServ.exe:*:Enabled:PSNTServ.exe

"C:\DATEV\PROGRAMM\DSERVICE\DVBSPrintSrvTDCTool.exe" = C:\DATEV\PROGRAMM\DSERVICE\DVBSPrintSrvTDCTool.exe:*:Enabled:DVBSPrintSrvTDCTool.exe

"C:\DATEV\PROGRAMM\DSERVICE\Psclean.exe" = C:\DATEV\PROGRAMM\DSERVICE\Psclean.exe:*:Enabled:Psclean.exe

"C:\DATEV\PROGRAMM\INSTALL\Execdll\ExecDllExe.exe" = C:\DATEV\PROGRAMM\INSTALL\Execdll\ExecDllExe.exe:*:Enabled:ExecDllExe.exe -- (DATEV eG)

"C:\DATEV\PROGRAMM\INSTALL\Uninstal.exe" = C:\DATEV\PROGRAMM\INSTALL\Uninstal.exe:*:Enabled:Uninstal.exe -- (DATEV eG)

"C:\DATEV\PROGRAMM\SRVTOOL\SrvTool.exe" = C:\DATEV\PROGRAMM\SRVTOOL\SrvTool.exe:*:Enabled:SrvTool.exe

"C:\DATEV\PROGRAMM\ASA\WIN32\CLIENT\dbeng6.exe" = C:\DATEV\PROGRAMM\ASA\WIN32\CLIENT\dbeng6.exe:*:Enabled:dbeng6.exe

"C:\DATEV\PROGRAMM\NESYMAND\NesyMand.exe" = C:\DATEV\PROGRAMM\NESYMAND\NesyMand.exe:*:Enabled:NesyMand.exe

"C:\DATEV\SYSTEM\DVNESYTrafo001.exe" = C:\DATEV\SYSTEM\DVNESYTrafo001.exe:*:Enabled:DVNESYTrafo001.exe

"C:\DATEV\PROGRAMM\NESYERF\NesyErf.exe" = C:\DATEV\PROGRAMM\NESYERF\NesyErf.exe:*:Enabled:NesyErf.exe

"C:\Programme\Nokia\Nokia Home Media Server\Media Server\twonkymedia.exe" = C:\Programme\Nokia\Nokia Home Media Server\Media Server\twonkymedia.exe:*:Enabled:TwonkyMedia -- (PacketVideo)

"C:\Programme\Nokia\Nokia Home Media Server\Media Server\twonkymediaserver.exe" = C:\Programme\Nokia\Nokia Home Media Server\Media Server\twonkymediaserver.exe:*:Enabled:TwonkyMediaServer -- ()

"C:\Programme\Retrospect\Retrospect Express HD 2.5\Retrospect.exe" = C:\Programme\Retrospect\Retrospect Express HD 2.5\Retrospect.exe:*:Enabled:Retrospect Express HD -- (EMC Corporation)

"C:\Programme\Retrospect\Retrospect Express HD 2.5\retrorun.exe" = C:\Programme\Retrospect\Retrospect Express HD 2.5\retrorun.exe:*:Enabled:Retrospect Express HD Launcher service -- (EMC Corporation)

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium

"{00040407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2

"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)

"{03528A01-7E5E-4C5F-94DF-1D8012E969EF}" = Nokia Map Loader

"{075473F5-846A-448B-BCB3-104AA1760205}" = RecordNow Data

"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)

"{0BA6B649-579C-4C8B-8B2D-9DD0A75E6E40}" = Nokia Photos

"{0CFF0BFE-B750-4ECA-882D-03B8C6A9F26A}" = Nokia Ovi Content Copier

"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message

"{10DDCDDD-9A59-4496-9371-C17F1668D433}" = Windows Live Toolbar

"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA

"{127AB854-E30D-4E60-A1AB-28415B3E0E82}" = Top50 V5 Viewer

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{18533287-862B-40B4-86CD-4C5A299D902A}" = WISE-FTP

"{1933FE45-AF8D-482D-9BC7-5F651BBF0A4F}" = Nokia Ovi System Utilities

"{1D1D8ADC-BF08-4E61-9393-5FA305B16864}" = Microsoft SQL Server Native Client

"{1FFBEF6F-98F3-4EEA-8103-7A85C1017D20}" = Geogrid®-Viewer

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress

"{2BAB23B0-70CE-4E7C-85B4-36154482CD57}" = Nokia Ovi Suite

"{2CC982C0-7EAE-11D4-ACC3-0050568AD318}" = Avery Zweckform DesignPro

"{2FA28330-2028-4033-BD10-425C87EB4D54}" = Nokia Software Updater

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager

"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6

"{3248F0A8-6813-11D6-A77B-00B0D0150070}" = J2SE Runtime Environment 5.0 Update 7

"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone

"{389D45C9-AA08-4034-A256-2A38C311999D}" = Iomega Discovery Tool Pro

"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm

"{48227AEB-DC8E-4A90-A274-0B4A39D699B1}" = Client Security Solution

"{4850B023-A9C0-4D15-8DE6-326028CAB499}" = Visual C++ 8.0 x86 Runtime Setup Package

"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0

"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007

"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant

"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies

"{57573545-74EB-46D2-B362-AA05364E4ED8}" = LogMeIn

"{5C759B74-34F4-43C6-A5D9-039CB754C5E9}" = Microsoft SQL Server VSS Writer

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler

"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI

"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox

"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential

"{6CEC5DEA-44D1-4C56-978E-56BFD84AF10D}" = Nokia Ovi One Touch Access

"{6D3A2A6C-59CD-4A6D-9516-0A34C393ED95}" = Nokia MTP driver

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{735DEB9C-61BD-4D31-994B-92395BBB4E45}" = Microsoft XML Parser

"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme

"{7726CF62-7B45-4E6D-9266-615346816BCA}" = Rescue and Recovery

"{796E076A-82F7-4D49-98C8-DEC0C3BC733A}" = Diskeeper Lite

"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI

"{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}" = InterVideo WinDVD Creator 3

"{8215AC14-BFC2-4ECC-96D6-1030202F8BDF}" = Visual C++ 8.0 x86 Runtime Setup Package

"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status

"{83622A51-877C-4FB8-92BB-2572B3B4F4B8}" = OOBE06_Exp2

"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update

"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder

"{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}" = VR-NetWorld

"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU

"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc

"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload

"{8E9B3C8E-66BF-4345-97E5-FD16CD9A26AD}" = frankonia_international

"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components

"{90FF23FE-0E1B-40DF-A22E-B4C0372E5936}" = Iomega Product Registration

"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD

"{92596597-71B3-4608-8628-AD48F2664EB9}" = Retrospect 7.5

"{96963F83-7F17-4941-B16C-1E790455E93A}" = McAfee SiteAdvisor Enterprise Plus

"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center

"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy

"{9C7C8898-DC29-4E8B-9E77-55A77C3250F6}" = PC Connectivity Solution

"{9D22599D-E1F4-4934-8B4D-2BBA46662251}" = System Migration Assistant

"{9FC8D8F8-AF3A-4488-98AF-51C6DEC732F2}" = c3100_Help

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A4E0CA0F-1903-440A-9B98-FEA6CB049999}" = Nokia Flashing Cable Driver

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components

"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = RecordNow Audio

"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch

"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = RecordNow Copy

"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo

"{B55690B9-756E-41C6-8418-84AB04A5A605}" = Nokia Ovi Music Manager

"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update

"{BCC57687-98A2-4C4C-B0F8-BC6B6F52D4E3}" = Retrospect Express HD 2.5

"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}" = Nokia Connectivity Cable Driver

"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes

"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help

"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter

"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center

"{D353C323-5E95-4873-9825-9FEC1C8A3794}" = Nokia Download!

"{D728E945-256D-4477-B377-6BBA693714AC}" = Ergänzung zu Productivity Center für ThinkCentre

"{DAC63ECB-4571-435F-9B19-51F54BC88109}" = Nokia Home Media Server

"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp

"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch

"{E5343B27-55DF-40BD-9FCF-A643C1331E8A}" = Acronis True Image Home

"{E5BD02EF-36F1-478F-88B2-D3990C62C2CB}" = SQLXML4

"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0

"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack

"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center

"{E94603CA-2996-4154-8EE2-A5FCD4BFB500}" = Nokia Lifeblog 2.5

"{EB8C9964-09AC-48bf-8B98-027609C78251}" = C3100

"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX

"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC

"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan

"{F386C340-DF4B-4BBA-9503-420FB7EDB395}" = Wallpapers

"{F44F0A3A-2110-4705-B5EC-D5B6371F53C1}" = Visual C++ 8.0 x86 Runtime Setup Package

"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA

"{FA25FAF6-3097-43C9-BBB2-A77CE8AF1881}" = Nokia NSeries Multimedia Player

"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations

"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA

"{FC762E57-B09D-41AE-AA5F-3DAC3CBE453E}" = Nokia Ovi Application Installer

"{FD2DCBAA-63D7-4932-9C39-C261CF51D746}" = Microsoft SQL Server Desktop Engine (DATEV_CL_DE01)

"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"AFPL Ghostscript 8.51" = AFPL Ghostscript 8.51

"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts

"AwayTask" = ThinkVantage Away Manager

"Biet-O-Matic v2.8.2" = Biet-O-Matic v2.8.2

"Business Contact Manager für Outlook 2007" = Business Contact Manager für Outlook 2007

"CrossLoop_is1" = CrossLoop 2.10

"DasTelefonbuch GelbeSeiten Map & Route" = DasTelefonbuch GelbeSeiten Map & Route

"DATEVB00000482.0" = DATEV Installation V.2.6

"DVDFab Platinum 4_is1" = DVDFab Platinum 4.0.5.5 Ghosthunter release

"FreePDF_XP" = FreePDF XP (Remove only)

"Google Updater" = Google Updater

"HDMI" = Intel(R) Graphics Media Accelerator Driver

"HP Imaging Device Functions" = HP Imaging Device Functions 7.0

"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0

"HPExtendedCapabilities" = HP Customer Participation Program 7.0

"HPOCR" = OCR Software by I.R.I.S 7.0

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"Iomega StorCenter" = Iomega StorCenter

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800

"McAfee Managed Firewall" = McAfee Firewall Protection Service

"McAfee Security Scan" = McAfee Security Scan Plus

"McAfeeBrowserProtection" = McAfee Browser Protection Service

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft SQL Server 2005" = Microsoft SQL Server 2005

"MouseSuite98" = Mouse Suite

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"MVS" = McAfee Virus and Spyware Protection Service

"NeroMultiInstaller!UninstallKey" = Nero Suite

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"Nokia Ovi Application Installer" = Nokia Ovi Application Installer 6.85.3008

"Nokia Ovi Content Copier" = Nokia Ovi Content Copier 6.85.3008

"Nokia Ovi Music Manager" = Nokia Ovi Music Manager 6.85.3008

"Nokia Ovi One Touch Access" = Nokia Ovi One Touch Access 6.85.3008

"Nokia Ovi System Utilities" = Nokia Ovi System Utilities 6.85.3008

"Paint Shop Pro 5.03" = Paint Shop Pro 5.03 CD

"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows

"Picasa 3" = Picasa 3

"Redirection Port Monitor" = RedMon - Redirection Port Monitor

"Remove Multimedia Center" = Remove Multimedia Center

"ST5UNST #1" = QuickLOAD

"ST5UNST #2" = QuickDESIGN

"TwonkyvisionUPnPTwonkyMedia" = TwonkyMedia

"Ulead GIF Animator 4.0" = Ulead GIF Animator 4.0 Trial Version

"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

"WIC" = Windows Imaging Component

"Windows Live Toolbar" = Windows Live Toolbar

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"WinGimp-2.0_is1" = The GIMP 2.2.13

"WinGTK-2_is1" = GTK+ 2.10.6-1 runtime environment

"WMCSetup" = Windows Media Connect

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 03.09.2011 05:44:41 | Computer Name = LENOVO-GEWI1 | Source = crypt32 | ID = 131083

Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 

nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel

 in der signierten Datei.  .

 

Error - 03.09.2011 05:45:32 | Computer Name = LENOVO-GEWI1 | Source = simpleServer | ID = 3299

Description = simpleServer information:  Error: Ignoring unknown directive "StartThread"

At

 line 6 in C:\Dokumente und Einstellungen\GEWI\Lokale Einstellungen\Anwendungsdaten\sohoclient\cfg/sohoclient.conf
 

Make

 sure the required module is loaded and the relevant handlers have been added. Ensure

 the directive is after all LoadModule and AddHandler directives.        .

 

Error - 05.09.2011 08:38:34 | Computer Name = LENOVO-GEWI1 | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung explorer.exe, Version 6.0.2900.3156, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 05.09.2011 08:44:50 | Computer Name = LENOVO-GEWI1 | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung explorer.exe, Version 6.0.2900.3156, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 05.09.2011 08:48:09 | Computer Name = LENOVO-GEWI1 | Source = crypt32 | ID = 131080

Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer

 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

 ist fehlgeschlagen mit dem Fehler: The server name or address could not be resolved

.

 

Error - 05.09.2011 08:48:11 | Computer Name = LENOVO-GEWI1 | Source = crypt32 | ID = 131080

Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer

 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

 ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.

.

 

Error - 05.09.2011 08:48:21 | Computer Name = LENOVO-GEWI1 | Source = simpleServer | ID = 3299

Description = simpleServer information:  Error: Ignoring unknown directive "StartThread"

At

 line 6 in C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\sohoclient\cfg/sohoclient.conf
 

Make

 sure the required module is loaded and the relevant handlers have been added. Ensure

 the directive is after all LoadModule and AddHandler directives.        .

 

Error - 05.09.2011 08:50:51 | Computer Name = LENOVO-GEWI1 | Source = crypt32 | ID = 131080

Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer

 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

 ist fehlgeschlagen mit dem Fehler: The server name or address could not be resolved

.

 

Error - 05.09.2011 08:50:51 | Computer Name = LENOVO-GEWI1 | Source = crypt32 | ID = 131080

Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer

 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

 ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.

.

 

Error - 05.09.2011 11:17:59 | Computer Name = LENOVO-GEWI1 | Source = simpleServer | ID = 3299

Description = simpleServer information:  Error: Ignoring unknown directive "StartThread"

At

 line 6 in C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\sohoclient\cfg/sohoclient.conf
 

Make

 sure the required module is loaded and the relevant handlers have been added. Ensure

 the directive is after all LoadModule and AddHandler directives.        .

 

[ System Events ]

Error - 03.09.2011 04:36:33 | Computer Name = LENOVO-GEWI1 | Source = Service Control Manager | ID = 7001

Description = Der Dienst "DHCP-Client" ist vom Dienst "NetBios über TCP/IP" abhängig,

 der aufgrund folgenden Fehlers nicht gestartet wurde:   %%31

 

Error - 03.09.2011 04:36:33 | Computer Name = LENOVO-GEWI1 | Source = Service Control Manager | ID = 7001

Description = Der Dienst "DNS-Client" ist vom Dienst "TCP/IP-Protokolltreiber" abhängig,

 der aufgrund folgenden Fehlers nicht gestartet wurde:   %%31

 

Error - 03.09.2011 04:36:33 | Computer Name = LENOVO-GEWI1 | Source = Service Control Manager | ID = 7001

Description = Der Dienst "TCP/IP-NetBIOS-Hilfsprogramm" ist vom Dienst "AFD" abhängig,

 der aufgrund folgenden Fehlers nicht gestartet wurde:   %%31

 

Error - 03.09.2011 04:36:33 | Computer Name = LENOVO-GEWI1 | Source = Service Control Manager | ID = 7001

Description = Der Dienst "McAfee Validation Trust Protection Service" ist vom Dienst

 "McAfee Inc. mfehidk" abhängig, der aufgrund folgenden Fehlers nicht gestartet 

wurde:   %%31

 

Error - 03.09.2011 04:36:33 | Computer Name = LENOVO-GEWI1 | Source = Service Control Manager | ID = 7001

Description = Der Dienst "IPSEC-Dienste" ist vom Dienst "IPSEC-Treiber" abhängig,

 der aufgrund folgenden Fehlers nicht gestartet wurde:   %%31

 

Error - 03.09.2011 04:36:33 | Computer Name = LENOVO-GEWI1 | Source = Service Control Manager | ID = 7001

Description = Der Dienst "McAfee McShield" ist vom Dienst "McAfee Validation Trust

 Protection Service" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:

   %%1068

 

Error - 03.09.2011 04:36:33 | Computer Name = LENOVO-GEWI1 | Source = Service Control Manager | ID = 7001

Description = Der Dienst "McAfee Firewall Core Service" ist vom Dienst "McAfee Validation

 Trust Protection Service" abhängig, der aufgrund folgenden Fehlers nicht gestartet

 wurde:   %%1068

 

Error - 03.09.2011 04:36:33 | Computer Name = LENOVO-GEWI1 | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   AFD  Fips  intelppm  IPSec  mfehidk  mfetdi2k  mfetdik  MRxSmb  NetBIOS  NetBT  RasAcd  Rdbss  Tcpip

 

Error - 03.09.2011 04:41:02 | Computer Name = LENOVO-GEWI1 | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"

 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {1BE1F766-5536-11D1-B726-00C04FB926AF}

 

Error - 03.09.2011 04:42:24 | Computer Name = LENOVO-GEWI1 | Source = Service Control Manager | ID = 7000

Description = Der Dienst "Upload-Manager" wurde aufgrund folgenden Fehlers nicht

 gestartet:   %%1079

 

 

< End of report >

--- --- ---

File 2OTL Logfile:

Code:

OTL logfile created on: 05.09.2011 17:19:57 - Run 1

OTL by OldTimer - Version 3.2.27.0     Folder = F:\

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,99 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 58,67% Memory free

3,33 Gb Paging File | 2,66 Gb Available in Paging File | 79,99% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 68,02 Gb Total Space | 7,80 Gb Free Space | 11,46% Space Free | Partition Type: NTFS

Drive D: | 81,02 Gb Total Space | 13,88 Gb Free Space | 17,14% Space Free | Partition Type: NTFS

Drive F: | 118,04 Mb Total Space | 105,77 Mb Free Space | 89,60% Space Free | Partition Type: FAT32

 

Computer Name: LENOVO-GEWI1 | User Name: ****| Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011.09.05 05:20:24 | 000,581,120 | ---- | M] (OldTimer Tools) -- F:\OTL.exe

PRC - [2011.07.28 13:16:16 | 000,476,480 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Managed VirusScan\DesktopUI\XTray.exe

PRC - [2011.07.28 13:11:04 | 000,291,064 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Managed VirusScan\Agent\myAgtSvc.exe

PRC - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2011.07.06 16:32:20 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Programme\LogMeIn\x86\ramaint.exe

PRC - [2011.07.06 16:32:14 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Programme\LogMeIn\x86\LMIGuardianSvc.exe

PRC - [2011.05.12 11:48:20 | 000,324,928 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\SiteAdvisor Enterprise\McSACore.exe

PRC - [2011.01.19 11:18:20 | 000,145,936 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe

PRC - [2011.01.12 15:10:58 | 000,155,712 | ---- | M] (McAfee, Inc.) -- C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfefire.exe

PRC - [2011.01.12 15:10:08 | 000,033,648 | ---- | M] (McAfee, Inc.) -- C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfeann.exe

PRC - [2011.01.12 15:09:44 | 000,159,320 | ---- | M] (McAfee, Inc.) -- C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mcshield.exe

PRC - [2011.01.11 19:04:04 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Programme\LogMeIn\x86\LogMeIn.exe

PRC - [2011.01.11 19:04:04 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Programme\LogMeIn\x86\LogMeInSystray.exe

PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe

PRC - [2009.09.03 15:57:04 | 001,877,328 | ---- | M] (EMC) -- C:\Programme\Iomega StorCenter\sohoclient.exe

PRC - [2008.12.11 16:39:42 | 000,255,256 | ---- | M] (EMC Corporation) -- C:\Programme\Retrospect\Retrospect Express HD 2.5\Retrospect.exe

PRC - [2008.12.11 16:39:40 | 009,499,928 | ---- | M] (EMC Corporation) -- C:\Programme\Retrospect\Retrospect Express HD 2.5\RetroExpress.exe

PRC - [2008.12.11 16:39:40 | 000,120,088 | ---- | M] (EMC Corporation) -- C:\Programme\Retrospect\Retrospect Express HD 2.5\retrorun.exe

PRC - [2008.10.20 11:36:40 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Programme\Lenovo\System Update\SUService.exe

PRC - [2008.07.17 13:12:44 | 001,011,712 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer.exe

PRC - [2008.06.10 04:27:04 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Java\jre1.6.0_07\bin\jusched.exe

PRC - [2008.03.04 10:34:20 | 000,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe

PRC - [2008.03.04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe

PRC - [2007.09.26 18:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe

PRC - [2007.08.31 19:49:58 | 000,498,872 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Acronis\Fomatik\TrueImageTryStartService.exe

PRC - [2007.08.31 18:43:32 | 000,907,040 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe

PRC - [2007.08.31 18:38:08 | 000,140,568 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe

PRC - [2007.08.31 18:38:04 | 000,427,288 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe

PRC - [2007.08.31 18:35:54 | 002,622,232 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe

PRC - [2007.06.13 15:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2006.05.23 22:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe

PRC - [2006.05.18 17:24:06 | 000,196,696 | ---- | M] (Diskeeper Corporation) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe

PRC - [2006.05.12 20:41:56 | 000,022,016 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Lenovo\Logger\logmon.exe

PRC - [2006.05.12 19:08:34 | 000,045,056 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe

PRC - [2006.04.18 19:05:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE

PRC - [2006.04.18 19:05:00 | 000,069,632 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\AwayTask\AwaySch.EXE

PRC - [2006.03.13 17:38:56 | 000,041,472 | R--- | M] (Utimaco Safeware AG) -- C:\Programme\Lenovo\SafeGuard PrivateDisk\pdservice.exe

PRC - [2006.02.02 06:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE

PRC - [2005.06.23 20:33:00 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

PRC - [2005.05.27 11:24:52 | 000,146,944 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe

PRC - [2005.04.13 15:34:28 | 000,049,152 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\ico.exe

PRC - [2004.07.27 17:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe

PRC - [2003.11.06 16:51:32 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\FSRremoS.EXE

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2010.06.11 18:11:24 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\5adb0f89d469632511aed9d88cfe05c4\System.ServiceProcess.ni.dll

MOD - [2010.06.11 18:11:03 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\631b3eba1ba5bd3c3f027f34011cadeb\System.Configuration.ni.dll

MOD - [2010.06.10 20:49:00 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\563a54b98adb70fae862974042298348\System.Xml.ni.dll

MOD - [2010.06.10 20:48:53 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\2dfe045e4b1577fdea9a2f456db0afc2\System.Windows.Forms.ni.dll

MOD - [2010.06.10 20:48:36 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\f3440ea00eb3c40dc073b2fe03843638\System.Drawing.ni.dll

MOD - [2010.06.10 20:46:54 | 007,949,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\37217abe2c5164e59aba251860f4c79e\System.ni.dll

MOD - [2009.10.16 10:58:07 | 011,486,720 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll

MOD - [2009.09.03 15:57:05 | 006,463,488 | ---- | M] () -- C:\Programme\Iomega StorCenter\wxmsw28u_vc_custom.dll

MOD - [2009.07.09 12:10:00 | 004,988,928 | R--- | M] () -- C:\Programme\Retrospect\Retrospect Express HD 2.5\de\RetroExpress.resources.dll

MOD - [2008.07.17 13:12:44 | 001,900,544 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\MItemPlugins.dll

MOD - [2008.07.17 13:12:44 | 001,011,712 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer.exe

MOD - [2008.02.12 15:37:37 | 000,311,296 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll

MOD - [2008.02.12 15:37:37 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll

MOD - [2007.08.31 19:49:58 | 000,498,872 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Acronis\Fomatik\TrueImageTryStartService.exe

MOD - [2007.08.31 17:13:50 | 001,336,600 | ---- | M] () -- C:\Programme\Acronis\TrueImageHome\fox.dll

MOD - [2006.05.12 20:41:56 | 000,022,016 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Lenovo\Logger\logmon.exe

MOD - [2006.05.12 20:41:26 | 000,139,264 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\CDRecord.dll

MOD - [2006.05.12 19:08:34 | 000,045,056 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe

MOD - [2006.03.22 18:10:00 | 000,057,344 | ---- | M] () -- C:\Programme\ThinkVantage\PrdCtr\GR\LPRESMGR.DLL

MOD - [2005.10.20 11:36:08 | 000,077,824 | R--- | M] () -- C:\Programme\HP\Digital Imaging\bin\crm\xmltok.dll

MOD - [2005.10.20 11:36:08 | 000,065,536 | R--- | M] () -- C:\Programme\HP\Digital Imaging\bin\crm\xmlparse.dll

MOD - [2005.01.06 18:33:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\redmonnt.dll

MOD - [2003.11.06 16:51:32 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\FSRremoS.EXE

MOD - [2003.02.25 20:19:56 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - File not found [On_Demand | Stopped] --  -- (PsaSrv)

SRV - [2011.07.28 13:11:04 | 000,291,064 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\Managed VirusScan\Agent\myAgtSvc.exe -- (RumorServer)

SRV - [2011.07.28 13:11:04 | 000,291,064 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\Managed VirusScan\Agent\myAgtSvc.exe -- (myAgtSvc)

SRV - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011.07.06 16:32:20 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Programme\LogMeIn\x86\RaMaint.exe -- (LMIMaint)

SRV - [2011.07.06 16:32:14 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Programme\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)

SRV - [2011.05.12 11:48:20 | 000,324,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\SiteAdvisor Enterprise\McSACore.exe -- (McAfee SiteAdvisor Enterprise Service)

SRV - [2011.01.19 11:18:20 | 000,145,936 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)

SRV - [2011.01.12 15:10:58 | 000,155,712 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfefire.exe -- (mfefire)

SRV - [2011.01.12 15:09:44 | 000,159,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mcshield.exe -- (McShield)

SRV - [2011.01.11 19:04:04 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Programme\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)

SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)

SRV - [2008.12.11 16:39:40 | 000,120,088 | ---- | M] (EMC Corporation) [Auto | Running] -- C:\Programme\Retrospect\Retrospect Express HD 2.5\retrorun.exe -- (RetroExpLauncher)

SRV - [2008.10.20 11:36:40 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Programme\Lenovo\System Update\SUService.exe -- (SUService)

SRV - [2008.07.09 16:03:48 | 000,102,400 | ---- | M] (PacketVideo) [Auto | Stopped] -- C:\Programme\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -- (TwonkyMedia)

SRV - [2008.05.30 13:32:16 | 000,572,416 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programme\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2008.03.04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)

SRV - [2007.09.26 18:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)

SRV - [2007.08.31 19:49:58 | 000,498,872 | ---- | M] () [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)

SRV - [2007.08.31 18:38:04 | 000,427,288 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)

SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2006.05.23 22:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)

SRV - [2006.05.12 19:08:34 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)

SRV - [2006.04.18 19:05:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)

SRV - [2005.11.14 02:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - [2011.07.06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2011.07.06 16:32:50 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)

DRV - [2011.01.19 11:18:20 | 000,436,728 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)

DRV - [2011.01.19 11:18:20 | 000,331,016 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)

DRV - [2011.01.19 11:18:20 | 000,171,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (MfeAVFK)

DRV - [2011.01.19 11:18:20 | 000,116,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)

DRV - [2011.01.19 11:18:20 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)

DRV - [2011.01.19 11:18:20 | 000,085,152 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)

DRV - [2011.01.19 11:18:20 | 000,082,888 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)

DRV - [2011.01.19 11:18:20 | 000,082,888 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)

DRV - [2011.01.19 11:18:20 | 000,058,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (MfeBOPK)

DRV - [2011.01.11 19:04:04 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)

DRV - [2011.01.11 19:04:04 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Programme\LogMeIn\x86\rainfo.sys -- (LMIInfo)

DRV - [2009.12.15 15:29:52 | 000,055,304 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)

DRV - [2009.12.15 15:29:42 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (MfeRKDK)

DRV - [2008.06.06 10:24:44 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)

DRV - [2008.05.07 08:38:36 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)

DRV - [2008.05.07 08:38:20 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)

DRV - [2008.05.07 08:38:20 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)

DRV - [2008.04.13 14:32:56 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)

DRV - [2008.04.13 14:32:56 | 000,044,416 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)

DRV - [2008.04.13 14:32:54 | 000,129,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)

DRV - [2008.04.13 14:32:48 | 000,368,736 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)

DRV - [2007.09.17 16:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2007.02.19 07:56:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)

DRV - [2006.08.28 10:10:06 | 000,158,208 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)

DRV - [2006.04.18 19:05:00 | 000,005,120 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)

DRV - [2006.03.17 11:18:58 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)

DRV - [2006.03.13 17:05:54 | 000,058,368 | R--- | M] (Utimaco Safeware AG) [Kernel | Auto | Running] -- C:\Programme\Lenovo\SafeGuard PrivateDisk\privatediskm.sys -- (PrivateDisk)

DRV - [2006.02.02 06:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)

DRV - [2006.02.02 06:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)

DRV - [2006.02.02 06:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)

DRV - [2006.02.02 06:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)

DRV - [2006.02.02 06:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)

DRV - [2006.02.02 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)

DRV - [2006.02.02 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)

DRV - [2005.11.18 13:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)

DRV - [2005.11.18 13:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)

DRV - [2005.01.07 18:07:16 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)

DRV - [2003.02.11 14:25:14 | 000,009,216 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PELUSBLF.SYS -- (pelusblf)

DRV - [2003.01.10 14:55:32 | 000,016,384 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PELMOUSE.SYS -- (pelmouse)

DRV - [2001.08.18 05:33:12 | 000,322,432 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\G400m.sys -- (G400)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gewi-schiesssport.de/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Programme\Picasa2\npPicasa2.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Picasa2\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Programme\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Programme\McAfee\SiteAdvisor Enterprise\ [2011.08.24 09:19:35 | 000,000,000 | ---D | M]

 

 

O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\ScriptSn.20110216175659.dll (McAfee, Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Programme\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Programme\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis)

O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)

O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AUTOSTARTEXECUTE]  File not found

O4 - HKLM..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)

O4 - HKLM..\Run: [DiskeeperSystray] C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)

O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)

O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)

O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [LogMeIn GUI] C:\Programme\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [McAfee Managed Services Tray]  File not found

O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)

O4 - HKLM..\Run: [MVS Splash] C:\Programme\McAfee\Managed VirusScan\DesktopUI\XTray.exe (McAfee, Inc.)

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [NokiaMServer] C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer.exe ()

O4 - HKLM..\Run: [PDService.exe] C:\Programme\Lenovo\SafeGuard PrivateDisk\pdservice.exe (Utimaco Safeware AG)

O4 - HKLM..\Run: [RetroExpress] C:\Programme\Retrospect\Retrospect Express HD 2.5\RetroExpress.exe (EMC Corporation)

O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)

O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [UserFaultCheck]  File not found

O4 - HKLM..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Iomega StorCenter.lnk = C:\Programme\Iomega StorCenter\sohoclient.exe (EMC)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk = C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Nokia Ovi Suite.lnk = C:\Programme\Nokia\Ovi\Suite\RunLauncher.exe (Nokia)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VR-NetWorld Auftragsprüfung.lnk =  File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: &Windows Live Search - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Google Sidewiki... - C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)

O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)

O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)

O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //FWEvent.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)

O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)

O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)

O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)

O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)

O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)

O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)

O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)

O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab (Java Plug-in 1.5.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4B7129B-034A-4FE5-ACA9-630481015E7F}: NameServer = 192.168.0.254

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Programme\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\myrm {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Programme\McAfee\Managed VirusScan\Agent\MyRmProt5.0.0.811.dll (McAfee, Inc.)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Programme\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AwayNotify: DllName - C:\Programme\Lenovo\AwayTask\AwayNotify.dll - C:\Programme\Lenovo\AwayTask\AwayNotify.dll (Lenovo Group Limited)

O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found

O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)

O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.01.27 04:18:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{0ed1ff72-04ca-11dd-a28f-001a4ddf12ec}\Shell - "" = AutoRun

O33 - MountPoints2\{0ed1ff72-04ca-11dd-a28f-001a4ddf12ec}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{0ed1ff72-04ca-11dd-a28f-001a4ddf12ec}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.09.05 14:58:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\G. Winter\Anwendungsdaten\Malwarebytes

[2011.09.05 14:58:31 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011.09.05 14:58:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware

[2011.09.05 14:58:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2011.09.05 14:58:26 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011.09.05 14:58:25 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2011.09.03 11:55:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\G. Winter\Lokale Einstellungen\Anwendungsdaten\LogMeIn

[2011.09.03 11:54:51 | 000,083,360 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll

[2011.09.03 11:54:51 | 000,029,568 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll

[2011.09.03 11:54:50 | 000,087,424 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll

[2011.09.03 11:54:50 | 000,047,640 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\LMIRfsDriver.sys

[2011.09.03 11:54:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LogMeIn

[2011.09.03 11:54:27 | 000,000,000 | ---D | C] -- C:\Programme\LogMeIn

[2011.09.03 11:53:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\G. Winter\Lokale Einstellungen\Anwendungsdaten\Deployment

[2011.09.03 11:51:29 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\G. Winter\IECompatCache

[2011.09.03 11:49:07 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\G. Winter\PrivacIE

[2011.09.02 18:57:57 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\G. Winter\Eigene Dateien\Outlook

[2011.09.02 02:58:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2011.09.01 16:48:10 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys

[2011.09.01 16:47:54 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll

[2011.08.31 17:00:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC

[2011.08.31 15:31:53 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\G. Winter\IETldCache

[2008.07.08 15:30:34 | 000,047,360 | ---- | C] (VSO Software) -- C:\Dokumente und Einstellungen\G. Winter\Anwendungsdaten\pcouffin.sys

[2 C:\*.tmp files -> C:\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.09.05 17:16:48 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011.09.05 17:16:48 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011.09.05 17:13:28 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job

[2011.09.05 17:13:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011.09.05 16:40:00 | 000,000,254 | ---- | M] () -- C:\WINDOWS\tasks\Auf Updates für Windows Live Toolbar prüfen.job

[2011.09.05 16:32:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011.09.05 15:02:23 | 000,539,242 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2011.09.05 15:02:23 | 000,506,282 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011.09.05 15:02:23 | 000,118,810 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2011.09.05 15:02:23 | 000,096,886 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011.09.05 14:49:05 | 000,000,390 | ---- | M] () -- C:\Dokumente und Einstellungen\G. Winter\Desktop\Verknüpfung mit Desktop verknüpfungen.lnk

[2011.09.03 11:54:47 | 000,001,024 | ---- | M] () -- C:\.rnd

[2011.09.03 11:51:12 | 008,175,616 | ---- | M] () -- D:\Dokumente und Einstellungen\G. Winter\Eigene Dateien\outlook.pst

[2011.09.03 11:38:39 | 000,000,048 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI

[2 C:\*.tmp files -> C:\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011.09.05 14:49:05 | 000,000,390 | ---- | C] () -- C:\Dokumente und Einstellungen\G. Winter\Desktop\Verknüpfung mit Desktop verknüpfungen.lnk

[2011.09.03 11:54:46 | 000,001,024 | ---- | C] () -- C:\.rnd

[2011.09.03 11:49:41 | 008,175,616 | ---- | C] () -- D:\Dokumente und Einstellungen\G. Winter\Eigene Dateien\outlook.pst

[2011.03.28 00:58:27 | 000,178,088 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat

[2008.11.02 19:11:43 | 000,015,873 | ---- | C] () -- C:\WINDOWS\System32\Inetde.dll

[2008.09.10 21:21:37 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2008.08.28 09:14:48 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2008.07.22 19:56:17 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

[2008.07.11 09:09:52 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll

[2008.07.11 09:09:52 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe

[2008.07.08 15:30:34 | 000,087,608 | ---- | C] () -- C:\Dokumente und Einstellungen\G. Winter\Anwendungsdaten\inst.exe

[2008.07.08 15:30:34 | 000,007,887 | ---- | C] () -- C:\Dokumente und Einstellungen\G. Winter\Anwendungsdaten\pcouffin.cat

[2008.07.08 15:30:34 | 000,001,144 | ---- | C] () -- C:\Dokumente und Einstellungen\G. Winter\Anwendungsdaten\pcouffin.inf

[2008.05.29 10:19:13 | 000,000,769 | ---- | C] () -- C:\WINDOWS\I_VIEW32.INI

[2008.04.20 14:51:29 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\skypdfmonpro.dll

[2008.04.20 14:51:29 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\skypdfmonuipro.dll

[2008.04.13 16:01:35 | 000,000,021 | ---- | C] () -- C:\WINDOWS\KurusDeinstall.INI

[2008.04.13 15:24:02 | 000,000,021 | ---- | C] () -- C:\WINDOWS\DvInesKurusOleServer002.INI

[2008.04.13 15:16:43 | 000,000,102 | ---- | C] () -- C:\WINDOWS\dvinesinstalllocation001.INI

[2008.04.13 15:16:35 | 000,000,102 | ---- | C] () -- C:\WINDOWS\dvinesinstart001.INI

[2008.04.13 15:16:13 | 000,000,507 | ---- | C] () -- C:\WINDOWS\System32\LENOVO-GEWI1.jrf.init

[2008.04.13 15:11:49 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Startup.INI

[2008.03.09 23:50:46 | 000,000,097 | ---- | C] () -- C:\WINDOWS\MANUALS.INI

[2008.03.09 22:11:16 | 000,373,248 | ---- | C] () -- C:\WINDOWS\EyeCand3.INI

[2008.03.09 21:19:13 | 000,131,517 | ---- | C] () -- C:\WINDOWS\hpoins11.dat.temp

[2008.03.09 21:19:13 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat.temp

[2008.03.09 21:11:59 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll

[2008.03.09 21:05:58 | 000,130,939 | ---- | C] () -- C:\WINDOWS\hpoins11.dat

[2008.03.08 22:05:24 | 000,000,312 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini

[2008.03.08 22:05:23 | 000,001,037 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini

[2008.03.08 22:05:03 | 000,196,608 | R--- | C] () -- C:\WINDOWS\System32\hpbvnstp.dll

[2008.03.08 22:05:03 | 000,000,254 | R--- | C] () -- C:\WINDOWS\System32\hpbvnstp.dat

[2008.03.08 21:35:55 | 000,001,523 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2008.03.07 18:08:35 | 000,000,142 | ---- | C] () -- C:\Dokumente und Einstellungen\G. Winter\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat

[2008.02.12 23:32:19 | 000,447,120 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll

[2008.02.12 23:32:19 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4704.dll

[2008.02.12 16:10:58 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2008.02.12 15:55:30 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\psasrv.exe

[2008.02.12 15:51:09 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\profile.dat

[2008.02.12 15:48:58 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys

[2008.02.12 15:48:30 | 000,000,156 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2008.02.12 15:46:56 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll

[2008.02.12 15:46:56 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll

[2008.02.12 15:46:56 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll

[2008.02.12 15:46:56 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll

[2008.02.12 15:46:56 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll

[2008.02.12 15:46:56 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

[2008.02.12 15:42:01 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\FSRremoC.DLL

[2008.02.12 15:42:01 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\FSRremoS.EXE

[2008.02.12 15:42:01 | 000,005,528 | ---- | C] () -- C:\WINDOWS\System32\Setup2k.ini

[2008.02.12 15:42:01 | 000,000,296 | ---- | C] () -- C:\WINDOWS\System32\presetup.ini

[2008.02.12 15:37:40 | 000,000,138 | ---- | C] () -- C:\WINDOWS\System32\Softkbd.exe.config

[2006.06.14 18:26:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2006.05.23 14:37:23 | 000,000,048 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI

[2006.05.23 14:37:19 | 000,000,487 | ---- | C] () -- C:\WINDOWS\System32\IPSCtrl.INI

[2006.05.06 02:21:26 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat

[2006.03.31 11:36:50 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL

[2006.01.27 19:18:01 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2006.01.27 19:05:14 | 000,002,963 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2006.01.27 04:25:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2006.01.27 04:15:11 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2006.01.27 03:01:44 | 000,539,242 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat

[2006.01.27 03:01:44 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat

[2006.01.27 03:01:44 | 000,118,810 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat

[2006.01.27 03:01:44 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat

[2006.01.27 03:01:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2006.01.27 03:01:21 | 000,506,282 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2006.01.27 03:01:21 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2006.01.27 03:01:21 | 000,096,886 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2006.01.27 03:01:21 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2006.01.27 03:01:19 | 000,004,547 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2006.01.27 03:01:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2006.01.27 03:01:15 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2006.01.27 03:01:08 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2006.01.27 03:01:08 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2006.01.27 03:01:02 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2006.01.26 19:09:45 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2006.01.26 19:08:46 | 000,304,416 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2005.12.07 13:31:00 | 000,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll

[2005.07.08 02:06:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\desktopset.exe

[2003.02.25 20:19:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL

[2001.07.07 04:00:00 | 000,003,254 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI

[2000.03.30 07:55:36 | 000,115,712 | ---- | C] () -- C:\WINDOWS\System32\vboxp403.dll

[1999.01.22 20:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
 

< End of report >

--- --- ---